Re: Strange Mailman/Sendmail Audit messages in Fedora-10?

[Daniel J Walsh <dwalsh redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Derek Atkins wrote:
> Paul,
> 
> Quoting Paul Howarth <paul city-fan org>:
> 
>>> [snip]
>>> > Do your milters exec other programs? There are a couple of sockets
>>>
>>> I don't think so, but I don't know.  I'm using clamav-milter,
>>> spamass-milter, and milter-sender.  I'm pretty sure that the
>>> latter doesn't fork/exec.  I don't know about clamav or spamass.
>>
>> spamass-milter forks and execs sendmail to deliver spam if you use the
>> "-b" option - that's how I discovered the problem.
> 
> Thanks.  But I'm not using the -b option.  It's run with:
> 
>  -p /path/to/sock -P /path/to/pid -m -r 5 -i ...
> 
>> The audit log entries you posted suggest that mailman inherited a
>> socket descriptor from sendmail.
> 
> I believe that..  Yet it doesn't look like it actually stopped anything
> from happening..  The mail seemed to flow okay.  But it would be
> nice to fix this.   I don't like getting audit warnings.  Maybe sendmail
> is leaking fds as you suggest?   Should I file a bug with fedora
> about this?
> 
> [snip]
>>> Okay, how would I do that?
>>
>> You'll need to create a local policy module. I'd do it this way:
>>
> [instructions snipped]
> 
> Thanks, Paul.  I'll consider doing this.
> 
> Is there any easy way to figure out what's connected to the sockets
> that it's complaining about?   I certainly can't find anything via
> lsof or netstat -a.   Most likely because the sockets get closed
> before I see the audit message and try to track it down.
> 
>> Cheers, Paul.
> 
> And to you!  Thanks.
> 
> -derek
> 
Yes any leaked file descriptors should be reported.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmRjLMACgkQrlYvE4MpobNzTACfZEluAaWq3Z0KXxyqAVXfQImz
/ZsAoLoGlwB/Sh1iWq8J3tAg+ReW2YhR
=wuve
-----END PGP SIGNATURE-----