7

I've gone through today to setup Logwatch on my server and have installed this all successfully.

I've followed this guide on Digital Ocean and set the MailFrom parameter to:

MailFrom = mailer@mydomain.com

I'm using ssmtp to send emails using my Postmark App account and it is coming through on my Postmark activity feed but it is showing the From field being set as root.

SMTP API Error for personaladdress@hotmail.com: Invalid 'From' address: 'root'.

Looking at the raw source of the email trying to be sent it shows this line:

From: root

This is the command I am using to generate the send:

sudo logwatch --detail Low --mailto personaladdress@hotmail.com --service http --range today

Where am I going wrong or what can I do to get it sending as mailer@mydomain.com as Postmark require the from address to be correctly sent otherwise it won't allow it through and returns an error

Further details

Logwatch version: Logwatch 7.4.0 (released 03/01/11)
System: Debian 8 (Jessie)
Using sSMTP on my server to send emails from Postmark Debug log:

Config After Command Line Parsing:
supress_ignores -> 0
pathtozcat -> zcat
html_header -> /usr/share/logwatch/default.conf/html/header.html
logdir -> /var/log
hostlimit ->
encode -> none
subject ->
mailfrom -> root
format -> html
numeric -> 0
tmpdir -> /tmp
html_wrap -> 80
pathtobzcat -> bzcat
detail -> 0
range -> yesterday
hostformat -> none
debug -> 10
output -> mail
mailer -> /usr/sbin/sendmail -t
hostname -> game
html_footer -> /usr/share/logwatch/default.conf/html/footer.html
archives -> 1
pathtocat -> cat
mailto -> personal@hotmail.com
filename ->
James
  • 325
  • 2
  • 11
  • Can you explain what version are you using, what distro and such details? What about debug log with `--debug=10`? – Jakuje May 04 '16 at 16:39
  • @Jakuje I have added some more details, however the debug log is too long for my putty client to be able to get the whole trace. Do I really need to run it at a debug level of 10? How can I get the whole output for you – James May 04 '16 at 22:31
  • The start about parsing configuration should be enough (you can redirect it into file and then copy/browse through it later). I was interested if the value is even correctly read from the configuration file. – Jakuje May 04 '16 at 22:47
  • @Jakuje how do i output it in to a file? – James May 04 '16 at 22:48
  • `logwatch --debug=10 > /tmp/log` and then `less /tmp/log` – Jakuje May 04 '16 at 22:57
  • @Jakuje have added these in now. It doesn't look like it is respecting the from field at all – James May 04 '16 at 23:12
  • @Jakuje interestingly, if I use `mailer@example.com` it will try to send with `root@example.com` set in the `From` field and if I change this to `Logwatch` it will try to send the with the `From` field set as `root`. So it seems that it is picking up that I have changed the values but isn't respecting it. I've changed our provider over from Postmark to Mailgun to trial if it works (Mailgun aren't strict on having the from field set exactly) and it is letting the emails through. The only issue is that Logwatch doesn't send `RFC 5322 compliant` emails. – James May 04 '16 at 23:25

3 Answers3

7

After a tonne of investigation, I've tracked down the cause.

Logwatch processes /usr/share/logwatch/dist.conf/logwatch.conf after processing /usr/share/logwatch/default.conf/logwatch.conf.

Inside /usr/share/logwatch/dist.conf/logwatch.conf was three config lines:

  • mailer
  • TmpDir
  • MailFrom

It was here that MailFrom was set to root which was causing the issues. After updating it to mailer@example.com it all worked fine!

James
  • 325
  • 2
  • 11
  • Great to hear it you sorted it out. I see also my logwatch is sent from different then I would like. Can you fill a bug report for Debian, so they can fix that? – Jakuje May 05 '16 at 07:13
  • @Jakuje The `dist.conf` directory is not a bug -- in fact, it's the supported way for distributions to push their own Logwatch settings (although this is poorly documented). The tutorial linked in the original question is incorrect, since the files in `/usr/share/logwatch/*` should not be edited by end-users. – Arnon Sep 25 '18 at 16:21
  • 1
    This answer is mostly correct, but it suggests editing `/usr/share/logwatch/dist.conf/logwatch.conf`, which is not a "safe" way to configure logwatch. Instead, use `/etc/logwatch/conf/logwatch.conf`. – Arnon Sep 25 '18 at 16:24
4

Unfortunately the Digital Ocean article is misleading on an important point. The logwatch configuration file should be copied (see e.g. https://help.ubuntu.com/community/Logwatch) to become /etc/logwatch/conf/logwatch.conf before being edited. Provided there is a config file at the /etc location, logwatch will prioritise the /etc file over the defaults (or even ignore the defaults, I'm not sure which). This is mentioned in the comments below the article, but like you, I didn't read the comments before going ahead with implementation. That's how I finished up here!

mbrampton
  • 301
  • 3
  • 12
3

You should set your configuration inside /etc/logwatch/conf/logwatch.conf.

This overrides both /usr/share/logwatch/dist.conf/logwatch.conf and /usr/share/logwatch/default.conf/logwatch.conf.

From http://ftp.logwatch.org/tabs/docs/HOWTO-Customize-LogWatch.html

However, Logwatch, starting with version 7.0, implements a mechanism to allow modifying the local system easier. These modifications may be needed either because the configuration of the service that writes to the system log has been altered from its default, or because the Logwatch user prefers what is reported or how it is reported by Logwatch to be different.

You can customize the output of logwatch by modifying variables in the /etc/logwatch/conf directory.

Default values are specified in the /usr/share/logwatch/default.conf directory. Your distribution may have set additional defaults in the /usr/share/logwatch/dist.conf directory. All the variables available are declared in the files under these directories. You can change the default values to modify how or what is displayed with logwatch.

frostymarvelous
  • 133
  • 5