23.3.1 Badly Formed qf Filename

V8.6 sendmail always checks the form of the qf filename for correctness. V8.7 and above sendmail also check the qf filename but do so only if PICKY_QF_NAME_CHECK is defined when building (see Section 18.8.35, PICKY... ). If the qf file name is incorrectly formed (see Section 23.2.1, "The Queue Identifier" ), sendmail presumes that some other program placed the file in the queue and rejects it:

orderq: bogus qf name 
bogus name here

Beginning with V8.7, sendmail requires PICKY_QF_NAME_CHECK to be defined because some sites allow legitimate programs (other than sendmail ) to write into sendmail 's queue.

To fix this problem, either undefine PICKY_QF_NAME_CHECK when you build sendmail (if your site allows other programs to write into the queue directory) or trace down the process that is placing badly formed qf names in your queue and fix it.

23.3.2 Bad qf Owner or Permissions

Each qf file must be owned by the effective user ID under which sendmail runs (usually root ). A qf file must not be group or world writable. If a qf file fails either test, it is considered bogus and is renamed to a Qf file. Then sendmail logs these messages:

id

: bogus queue file, uid=

owner

, mode=

perms

 Losing 

qffile

: bogus file uid in mqueue

Here, id is the identifier portion of the qf file name, owner is the uid of the user that owns the qf file, and perms are the file permissions of the qf file, printed in octal.

This problem may point to bad queue directory permissions that allow anyone (or some group) to place files there. Or it may indicate that some processes other than sendmail is writing to your queue.

23.3.3 Extra Data at End of qf File

One form of attack against sendmail is to append additional control lines to the end of an existing qf file. V8.7 sendmail specifically checks for additional text and rejects the qf file if any is found:

SECURITY ALERT: extra data in qf: 
first bogus line printed here
 Losing 

qffile

: bogus queue line

V8.7 sendmail terminates its legitimate list of qf control lines by placing a dot on a line by itself. Any text following that line, including comments and blank lines, is considered an error. This may represent a serious attack against your machine or site. If you get this message, investigate at once.

23.3.4 Unknown Control Character in qf File

Each line in a qf file must begin with a known control letter or character (see Section 23.9 ). If a line begins with any other character, it is considered bad, and the whole file is rejected:

readqf: 

qffile

: line 

num

: bad line "
bogus line here
" Losing 

qffile

: unrecognized line

Note that this error is to be anticipated if you go backwards, from a later release to an earlier release of sendmail .

23.3.5 Funny Flag Bits in qf File

An F line in a qf file is used to save and restore envelope flag bits. Unfortunately, the first line of a UNIX style mailbox also begins with an F :

From someone@site

If a qf file's F line begins with the five characters " From ", V8.7 and above sendmail will reject the file and log a possible attack:

SECURITY ALERT: bogus qf line 
bogus line here
 Losing 

qffile

: bogus queue line

This represents a serious attack against your machine or site. If you get this message, investigate at once.

23.3.6 Savemail Panic

In the rare event that sendmail cannot dispose of a bounced message, it will preserve the qf file as a Qf file and log the message:

savemail: cannot save rejected e-mail anywhere Losing 

qffile

: savemail panic

The sendmail program tries everything possible to avoid this state (including bouncing the message, sending it to the postmaster , and saving it to a dead.letter file). Only if all else fails will it preserve the qf file as a Qf file.

In general this points to an alias problem with the user named postmaster or the owner of a mailing list. Such users are special. They must be able to receive email messages no matter what. They should be the names of real people, not the names of further mailing lists.