error writing to filter -- Who are you?
Been a while since I had to look at our mail system (a tribute to postfix/courier/spamassassin/sasl/related software), but when upgrading all our software recently, I ran into a couple issues, the 2nd one being particularly confounding (and not much turns up via a Google search, thus I thought I would post this in case someone else has the same problem(s)). I thought spamc might be the cause of the 2nd, more confusing one, but it turns out to have been innocent, but in case others come here looking for the error I had, I am posting for their sake.
We upgraded to Fedora Core 9. We have a virtual users setup with our users in MySQL and no local users.
First, I was unable to get any SMTP connections to work - (sasl) auth was failing. We use the pam-mysql package so that sasl can auth against our database. I eventually tracked this down to some odd symlinks -- I had edited /etd/pam.d/smtp as I always do without realizing that it was a symlink to /etc/alternatives/mta-pam, which itself is a symlink to /etc/alternatives/smtp.sendmail. First mistake. Second mistake was I was in too much of a hurry to stop and ask "what's this symlink 'alternatives' crap?" I just mucked with the symlinks until it worked.
Much later, I started to see that our autoresponder was not working. I was seeing some errors I'd never seen before:
Aug 3 10:02:19 mail postfix/pipe: 7BA7D38F21C: to=<email@example.com>, relay=maildrop, delay=0.92, delays=0.06/0.01/0/0.85, dsn=5.3.0, status=bounced (internal software error. Command output: sh: /usr/bin/spamc: No such file or directory maildrop: error writing to filter. Who are you? )
Huh? Well, after a while being stupid, I managed to realize I have to look above that for any other errors in the mail log. I found:
Aug 3 10:02:18 mail sendmail: m192B5Z9926297: SYSERR(UID5021): Who are you?
Aug 3 10:02:18 mail sendmail: m192B5Z9926297: Authentication-Warning: mail.example.com: Unknown UID 5021 set sender to <> using -f
OK, so the problem is that the MTA is not understanding who the message is from, when it gets reinjected from spam checks. The 5021 uid is a virtual uid, not a system one. Why is the MTA looking for a *system* uid? Hmm, looks like it's the real sendmail and not postfix masquerading as postfix. I don't know how to tell the difference, so I Googled around a lot, but didn't find much until I see once again that the sendmail binary is actually a symlink. Ah, here we go again with this alternatives crap:
/usr/sbin/sendmail --> /etc/alternatives/mta --> /usr/sbin/sendmail.sendmail
First I just changed that last symlink to point to /usr/sbin/sendmail.postfix, but when starting postfix I get:
postfix/postfix-script: warning: /usr/lib/sendmail and /usr/sbin/sendmail differ
postfix/postfix-script: warning: Replace one by a symbolic link to the other
postfix/postfix-script: starting the Postfix mail system
More Googling - not many results. OK, OK, I'll try to understand what this all means. Google still didn't give me much, but I see it's some dumb package switcher.
That's about all I found, but it's enough. Personally, this seems ridiculous to me, but oh well. I changed all the symlinks for both the mta stuff and the pam stuff back to what they were in the first place (and edited the correct pam.d/smtp.postfix file) and did it the "Right Way":
alternatives --set mta /usr/sbin/sendmail.postfix
alternatives --display mta
Yeesh. Now it works.