I have worked with Sendmail since it was a thing on UNIX (since 1987).
I have a standard setup for e-mail servers that I have run since CentOS started and up until Rocky Linux 8 has worked perfectly. Now on Rocky Linux 9 if I run:
echo “A test message” | mail -s”Welcome to the system” local_user
(where “local_user” is a username in /etc/passwd)
E-mail is sent through Sendmail as per /var/log/maillog but he the e-mail is immediately returned to the root user mailbox with the only message body of:
E-mail rejected
and not placed in the user’s /var/spool/mail/local_user file.
All internal e-mail servers I have ever run do not have Selinux enabled and with Rocky Linux 9 I have even run:
update-crypto-policies --set LEGACY
to keep things all compatible with the other Linux servers in a network (ssh and the like).
The server itself sees itself with its domains as ‘mail2.domain.names’.
One key feature is recording e-mails with sm-archive to the local ‘keepmail’ user where I use .procmailrc to auto-file things for historical keeping.
What have they changed to prevent this localhost delivery that has worked for decades and more so, why?
What error message or status message shows up in /var/log/maillog when you send an email? Is ther anything in /var/log/message, both when you start/restart the sendmail process and when you try sending an email?
Have you tried using username@localhost as the destination address instead of just username?
Is localhost specified in your /etc/hosts file?
Are you sure you’re using sendmail? While sendmail is available for Rocky 9, the default installation installs postfix instead.
No errors in /var/log/messages at all - it shows it can write to the users mailbox but the next line shows it going back to /var/spool/mail/root for deliver with the “E-mail rejected” error.
No errors in /var/log/messages for anything - it just bounces any sending to local mailboxes.
Tried this now of 3 x Rocky Linux 9 servers. Used mail and mutt - deleted s-nail install mail from mailx - no difference.
It can send users via @doman.name via the default SMART_HOST. localhost is in /etc/hosts and /etc/mail/local-host-names.
I am using Sendmail which I have run for decades. I see people saying they have a similar error with postfix but that won’t help me, I need Sendmail (superior is so many ways to postfix).
This seems to be something they have built into Rocky Linux 9.
I will check the cert setup as it does talk about verify=FAIL for local relay, so could/must be something in this they have introduced. Annoying if it is.
Thanks for the reply and is much appreciated - I will tinker a bit longer and come back with what I find.
How did you disable selinux? It may not be the issue but to eliminate it from consideratioin you check its status with the command “sestatus”. If it is running you can disable enforcement with the command:
sudo setenforce 0
which puts it in permissive mode. Once that is set you can run your test to see if it is the issue or not.
I use postfix, so I don’t have any hands-on experience with this sendmail question, so I asked Google Gemini, and it gave me the long answer below, perhaps could be of some help?
Gemini said
It sounds like you’ve hit a specific shift in how Rocky Linux 9 (and by extension, RHEL 9) handles local delivery agents. Since you’ve already checked the usual suspects like SELinux and crypto-policies, the issue likely lies in the deprecation of Procmail and the default behavior of the local delivery agent (LDA).
Here are the most likely culprits and how to address them:
1. The Deprecation of Procmail
The biggest change in the RHEL 9 ecosystem is that procmail is no longer included in the base repositories and is considered deprecated.
The Problem: If your sendmail.mc is configured to use procmail as the local mailer (which was standard for decades), but the binary is missing or permissions have shifted, delivery will fail.
The Fix: Check if procmail is actually installed (which procmail). If it is missing, you may need to install it from EPEL or, preferably, switch the local mailer back to mail.local.
2. IPv6 Loopback Binding
Rocky 9 defaults to stricter IPv6 handling. Sometimes Sendmail sees localhost as ::1 but your access database or class definitions only account for 127.0.0.1.
The Fix: Check your /etc/mail/access file. Ensure you have:
Then rebuild the map: makemap hash /etc/mail/access < /etc/mail/access.
3. “Bare” User vs. FQDN (ThevirtusertableTrap)
If bare_user fails but user@domain.com works via SMART_HOST, Sendmail is likely failing to identify the system as the final destination for the short name.
The Fix: Ensure the short hostname and the FQDN are explicitly in /etc/mail/local-host-names.
Add mail2 and mail2.domain.names to that file.
Restart Sendmail: systemctl restart sendmail.
4. Ambiguous “Email Rejected” Error
The “Email Rejected” message is unusually terse for Sendmail. This often points to an external filter or a “milter” rather than the core engine.
Sm-archive/Milters: Since you mentioned using sm-archive, check if that milter is compatible with the version of Sendmail in Rocky 9.
Test: Temporarily comment out the INPUT_MAIL_FILTER lines in sendmail.mc, run make -C /etc/mail, restart, and try the pipe command again. If it works, the milter is the gatekeeper rejecting the local delivery.
5. Check the Mailer Definition
In Rocky 9, the mail command (from the mailx or s-nail package) might be behaving differently. Try bypassing the mail wrapper to see if Sendmail itself is the problem:
Bash
/usr/sbin/sendmail -bv local_user
This will “verify” the user. If it says deliverable: mailer local..., the logic is sound. If it says User unknown, Sendmail isn’t looking at /etc/passwd correctly, possibly due to nsswitch.conf changes in EL9.
Thanks everyone. I updated a new Rocky Linux 9 elsewhere to 9.7 expecting the same e-mail issues…. where this server was a 9.4 without the “E-mail rejected” to root happening, and post update to 9.7 still had no problem.
Today I am back on the 9.7 server that had this issue and the problem has gone away - I touched nothing - so I rebooted it today and still it works locally as expected??? Haunted maybe but now the ghost is gone?
Please mark this one as closed as it….. fixed itself - bizarre but ain’t complaining.