On 03/13/2015 02:29 PM, Jason Woods wrote:
On 13 Mar 2015, at 18:13, ken <gebser@xxxxxxxxxxxx> wrote:
On 03/13/2015 01:06 PM, Blake Hudson wrote: ken wrote on
3/13/2015 11:36 AM:
# rpm -q sendmail logwatch sendmail-8.13.8-8.1.el5_7
logwatch-7.3-10.el5
One host sends just one email per day, the daily logwatch
report. Here's /var/log/maillog entries from yesterday
(hostnames are changed to make designations in this
conversation more intuitive):
Mar 12 04:02:18 srchost sendmail[27151]: t2C82Bjr027151:
from=root, size=2485, class=0, nrcpts=1,
msgid=<201503120802.t2C82Bjr027151@localhost.localdomain>,
relay=root@localhost Mar 12 04:02:19 srchost sendmail[27383]:
t2C82IiB027383: from=<root@localhost.localdomain>, size=2756,
class=0, nrcpts=1,
msgid=<201503120802.t2C82Bjr027151@localhost.localdomain>,
proto=ESMTP, daemon=MTA, relay=srchost [127.0.0.1] Mar 12
04:02:19 srchost sendmail[27151]: t2C82Bjr027151:
to=recip@dest, ctladdr=root (0/0), delay=00:00:08,
xdelay=00:00:01, mailer=relay, pri=32485, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (t2C82IiB027383 Message
accepted for delivery)
First email is sent locally to root.
I see that it's sent *from* root. Where does it say it's sent *to* root?
Mar 12 04:02:20 srchost sendmail[27385]: t2C82IiB027383:
to=<recip@xxxxxxxx>, ctladdr=<root@localhost.localdomain>
(0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp,
pri=122756, relay=dellap.mousecar.net. [192.168.0.26],
dsn=2.0.0, stat=Sent (t2C82Jh3016227 Message accepted for
delivery)
Root I guess forwards through an alias so it resends to target.
/etc/logwatch.conf is configured to send to <recip@xxxxxxxx>, so no
aliasing and no resending.
My major concern is accuracy. I mean, there's not much sense in
using logwatch if what it's telling me is wrong.
I'm guessing it simply parses the message sent lines. Whether or not
treating locally delivered emails is correct or not - I'm inclined to
think it is. Either way it would probably be difficult to exclude it
- and then you would never be able to track locally sent emails.
Jason
Tracking where/how emails are sent would be done in maillog, not in
logwatch.
I'd disagree. If one email is sent, saying two are sent is not correct.
If one email is sent with one recipient, the total number of
recipients is one. If I hold up two fingers and ask someone how many
fingers I'm holding up and she says "four", that too is incorrect.
Yes, it might be difficult to machine-parse the maillog, but then the
software-- here logwatch-- should either be fixed or its data described
accurately (and hopefully too, meaningfully). It shouldn't post
erroneous data.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
