Re: /var/mail BOGUS files

From: Joe Chung (nospam_at_nospam.invalid)
Date: 08/17/04 

Date: Mon, 16 Aug 2004 15:17:06 -0700

Administrateur de systemes <sysadmin@DMS.UMontreal.CA> writes:

> Hi all Linux gurus !
>
>
> I have on my email server a series of BOGUS files .
> It's a solaris 9 box with sendmail 8.10.12
> My mailboxes ( /var/mail ) is mounted on all clients redhat
> for beeing used for pine elm etc ...
> here are the kinda of Bogus files
>
> [1318][root@leonard:/]
> > cd /var/mail
>
> [1319][root@leonard:/var/mail]
> > ls -lrt
>
> .....
>
> -r-------- 1 nobody nobody 1 Aug 16 13:14 BOGUS.root.tC
> -r-------- 1 nobody nobody 1 Aug 16 13:14 BOGUS.root.E
> -r-------- 1 nobody nobody 1 Aug 16 13:14 BOGUS.root.D
> -r-------- 1 nobody nobody 1 Aug 16 13:14 BOGUS.root.qG
> -r-------- 1 nobody nobody 1 Aug 16 13:14 BOGUS.root.eG
> -r-------- 1 nobody nobody 1 Aug 16 13:14 BOGUS.root.ZG
> -r-------- 1 nobody nobody 1 Aug 16 13:14 BOGUS.root.8F
>
>
> Where those come from ??? Procmail ? nfs ? clients like pine or dtmail ?
> I don't know where to start looking from ...
>
> Thanks for your help .
> FG

Search for

/var/spool/mail bogus

on google.com and groups.google.com and you should get hits.

They seem related to procmail, the final delivery agent.
Essentially, procmail found that the owner of mail file was not
correct and renamed it as a precaution, i.e. it found that root
did not own the root mail spool, joe did not own the joe mail
spool, etc.

You're getting permission problems for your mail spool directory
probably due to NFS root squashing.

-jc 

-- 
(apply 'concat (reverse (list "com"
                              (char-to-string 46) "yahoo"
                              (char-to-string 64) "joechung")))