[CentOS] logwatch not mailing [Nearly SOLVED]

Ray Leventhal centos at swhi.net
Fri Aug 21 16:29:09 UTC 2009 

Ray Leventhal wrote:
> Hi,
>
> # uname -a Linux obfuscated.example.com 2.6.18-128.4.1.el5 #1 SMP Tue 
> Aug 4 20:23:34 EDT 2009 i686 i686 i386 GNU/Linux
>
> I noticed a few days ago that I'm not getting my logwatch emails to the 
> root account any longer, and while I've definitely been applying updates 
> from base, no other changes have happened on this box.
>
> I ran logwatch at the command line:
>
> logwatch --detail medium --mailto root at fqdn.example.com
>
> but still no email.
>
> As expected, /etc/cron.daily has the following entry:
> lrwxrwxrwx   1 root root   39 Jul 30  2008 0logwatch -> 
> /usr/share/logwatch/scripts/logwatch.pl
>
> Where should I start looking to figure out why logwatch seems not to be 
> doing its thing?
>
> Thanks in advance,
> -Ray
>
>   
Thanks to all who replied.  Mystery is nearly solved -

I took the suggestions posted here. 

> $ echo test | mail -s test root at fqdn.example.com
>   
sent email to root just fine.  I tried it with the FQDN, localhost and 
just root...all worked (I thought they would as this is a public facing 
mail server and works for hundreds of customers, but still...one tries 
to eliminate stuff :)


>>> >
>>> > I ran logwatch at the command line:
>>> >
>>> > logwatch --detail medium --mailto root at fqdn.example.com
>>>       
>>
>> Try that again, but tail -f /var/log/maillog in another window (if
>> there's not alot of mail traffic on that host) to see if it's
>> generating any mail logs
>>
>>     
Here's what told the tale.  Yes, I saw an entry while running

#tail -f /var/log/maillog|grep root

But what was seen was interesting:

Aug 21 12:16:25 <>  MailScanner[12390]: Message n7LGGNVM013365 from 
127.0.0.1 (root at fqdn.example.com) to fqdn.example.com is too big for 
spam checks (206288 > 150000 bytes)

Then, checking the root account in (al)pine, this:

> Date: Fri, 21 Aug 2009 12:16:26 -0400
> From: MailScanner <postmaster at fqdn.example.com>
> To: postmaster at fqdn.example.com
> Subject: Virus Detected
>
> The following e-mails were found to have: Virus Detected
>
>     Sender: root at fqdn.example.com
> IP Address: 127.0.0.1
>  Recipient: root at fqdn.example.com
>    Subject: Logwatch for fqdn.example.com (Linux)
>  MessageID: n7LGGNVM013365
> Quarantine:
>     Report: Clamd:  message was infected: Email.Phishing.DblDom-124 FOUND
>
> Full headers are:
>
>  X-ClientAddr: 127.0.0.1
>  Return-Path: <~Ag>
>  Received: from fqdn.example.com (localhost.localdomain [127.0.0.1])
>         by fqdn.example.com (8.13.8/8.13.8) with ESMTP id n7LGGNVM013365
>         for <root at fqdn.example.com>; Fri, 21 Aug 2009 12:16:25 -0400
>  Full-Name: root
>  Received: (from root at localhost)
>         by fqdn.example.com (8.13.8/8.13.8/Submit) id n7LGEbuj012759;
>         Fri, 21 Aug 2009 12:14:37 -0400
>  Date: Fri, 21 Aug 2009 12:14:37 -0400
>  Message-Id: <200908211614.n7LGEbuj012759 at fqdn.example.com>
>  To: root at fqdn.example.com
>  From: root at fqdn.example.com
>  Subject: Logwatch for fqdn.example.com (Linux)
>  MIME-Version: 1.0
>  Content-Transfer-Encoding: 7bit
>  Content-Type: text/plain; charset="iso-8859-1"
>
>
> --
> MailScanner
> Email Virus Scanner
> www.mailscanner.info
>
>
So while I now understand that they've been running on schedule and why 
I've not been seeing them...I still am in a bit of a quandry as I would 
*like* to receive them.

Should Mailscanner's threshold be addressed or is there something I'm 
missing here?

Thanks for the help so far and for any forthcoming.

-Ray

More information about the CentOS mailing list