3

When restarting my postfix with a slightly wrong config, a few mails that were waiting in the mail-queue were apparently delivered via procmail

mail.log.0:Dec 26 00:53:38 h2229778 postfix/local[27243]: DB45A3EF839B: to=<me@mydomain>, relay=local, delay=1.2, delays=0.17/0/0/1.1, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")

However, procmail was never configured. There is no /etc/procmailrc nor anything else. I can't find anything at the usual places (/var/mail, /var/spool/*). Where would procmail have put these mails?

I'm using procmail v3.22 under ubuntu 12.04LTS.

gmyny
  • 53
  • 3

1 Answers1

3

Procmail can be configured in a variety of ways, also depending on how it was invoked. By default, in the absence of any $HOME/.procmailrc, you would expect delivery in /var/mail/$USER on most platforms where you can install Procmail as a precompiled package. If you compiled it yourself, you configured the precise location and delivery mechanism yourself, though if you didn't touch anything, this is what you should have ended up with.

The output from procmail -v indicates the default delivery destination for the invoking account.

yosemite:~ tripleee$ procmail -v
procmail v3.22 2001/09/10
    Copyright (c) 1990-2001, Stephen R. van den Berg    <srb@cuci.nl>
    Copyright (c) 1997-2001, Philip A. Guenther     <guenther@sendmail.com>

Submit questions/answers to the procmail-related mailinglist by sending to:
    <procmail-users@procmail.org>

And of course, subscription and information requests for this list to:
    <procmail-users-request@procmail.org>

Locking strategies: dotlocking, fcntl(), lockf()
Default rcfile:     $HOME/.procmailrc
Your system mailbox:    /var/mail/tripleee

If there is a $HOME/.procmailrc with a rule which triggered on the incoming message, it could have been discarded, forwarded, piped to an external process, or delivered pretty much anywhere the account has write access. Most users with nontrivial .procmailrc files will define LOGFILE near the start of the .procmailrc; deliveries will then be logged there.

tripleee
  • 1,324
  • 3
  • 14
  • 24
  • Thanks for the answer. The mails that are missing belonged to a virtual user, not a local one (there were some mails for a user that also exists as a local user, which ended up in /var/mail). Hence there is no .procmailrc file and I can't invoke procmail -v as that user. What I need to know is probably what procmail is doing with mails that it doesn't know what to do with. – gmyny Jan 01 '16 at 18:38
  • There is no well-defined standard answer to this; it depends entirely on your virtual user architecture, and in particular, how Postfix invokes Procmail in this situation (if at all). We can speculate that it runs as user `postfix` (or `mail`, `sendmail`, what have you); does this user have a mailbox? – tripleee Jan 01 '16 at 20:54
  • I could not find any mailbox for one of the users procmail might have been invoked with. I also tried a brute-force approach (I saw those mails hanging in the mailq, so I know at least one sender address) and grep'ed through various folders without any result. Therefore I believe now that does mails are gone. I still accepted @triplee s answer since it gave me at least a very good starting point for understanding what might have happened. – gmyny Jan 28 '16 at 16:02
  • They probably went *somewhere* - Postfix would be configured to catch any error from Procmail, and Procmail should certainly raise one if it didn't know where to write a message. But I'm not able to guess where that might be. – tripleee Jan 28 '16 at 16:09