Ray Leventhal wrote:
> Hi,
>
> # uname -a Linux obfuscated.example.com 2.6.18-128.4.1.el5 #1 SMP Tue
> Aug 4 20:23:34 EDT 2009 i686 i686 i386 GNU/Linux
>
> I noticed a few days ago that I'm not getting my logwatch emails to the
> root account any longer, and while I've definitely been applying updates
> from base, no other changes have happened on this box.
>
> I ran logwatch at the command line:
>
> logwatch --detail medium --mailto root@xxxxxxxxxxxxxxxx
>
> but still no email.
>
> As expected, /etc/cron.daily has the following entry:
> lrwxrwxrwx 1 root root 39 Jul 30 2008 0logwatch ->
> /usr/share/logwatch/scripts/logwatch.pl
>
> Where should I start looking to figure out why logwatch seems not to be
> doing its thing?
>
> Thanks in advance,
> -Ray
>
>
Thanks to all who replied. Mystery is nearly solved -
I took the suggestions posted here.
> $ echo test | mail -s test root@xxxxxxxxxxxxxxxx
>
sent email to root just fine. I tried it with the FQDN, localhost and
just root...all worked (I thought they would as this is a public facing
mail server and works for hundreds of customers, but still...one tries
to eliminate stuff :)
>>> >
>>> > I ran logwatch at the command line:
>>> >
>>> > logwatch --detail medium --mailto root@xxxxxxxxxxxxxxxx
>>>
>>
>> Try that again, but tail -f /var/log/maillog in another window (if
>> there's not alot of mail traffic on that host) to see if it's
>> generating any mail logs
>>
>>
Here's what told the tale. Yes, I saw an entry while running
#tail -f /var/log/maillog|grep root
But what was seen was interesting:
Aug 21 12:16:25 <> MailScanner[12390]: Message n7LGGNVM013365 from
127.0.0.1 (root@xxxxxxxxxxxxxxxx) to fqdn.example.com is too big for
spam checks (206288 > 150000 bytes)
Then, checking the root account in (al)pine, this:
> Date: Fri, 21 Aug 2009 12:16:26 -0400
> From: MailScanner <postmaster@xxxxxxxxxxxxxxxx>
> To: postmaster@xxxxxxxxxxxxxxxx
> Subject: Virus Detected
>
> The following e-mails were found to have: Virus Detected
>
> Sender: root@xxxxxxxxxxxxxxxx
> IP Address: 127.0.0.1
> Recipient: root@xxxxxxxxxxxxxxxx
> Subject: Logwatch for fqdn.example.com (Linux)
> MessageID: n7LGGNVM013365
> Quarantine:
> Report: Clamd: message was infected: Email.Phishing.DblDom-124 FOUND
>
> Full headers are:
>
> X-ClientAddr: 127.0.0.1
> Return-Path: <~Ag>
> Received: from fqdn.example.com (localhost.localdomain [127.0.0.1])
> by fqdn.example.com (8.13.8/8.13.8) with ESMTP id n7LGGNVM013365
> for <root@xxxxxxxxxxxxxxxx>; Fri, 21 Aug 2009 12:16:25 -0400
> Full-Name: root
> Received: (from root@localhost)
> by fqdn.example.com (8.13.8/8.13.8/Submit) id n7LGEbuj012759;
> Fri, 21 Aug 2009 12:14:37 -0400
> Date: Fri, 21 Aug 2009 12:14:37 -0400
> Message-Id: <200908211614.n7LGEbuj012759@xxxxxxxxxxxxxxxx>
> To: root@xxxxxxxxxxxxxxxx
> From: root@xxxxxxxxxxxxxxxx
> Subject: Logwatch for fqdn.example.com (Linux)
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> --
> MailScanner
> Email Virus Scanner
> www.mailscanner.info
>
>
So while I now understand that they've been running on schedule and why
I've not been seeing them...I still am in a bit of a quandry as I would
*like* to receive them.
Should Mailscanner's threshold be addressed or is there something I'm
missing here?
Thanks for the help so far and for any forthcoming.
-Ray
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
