[CentOS] Apparent bug in logwatch's reporting of number of email by sendmail

Fri Mar 13 18:29:38 UTC 2015
Jason Woods <devel at jasonwoods.me.uk>

> On 13 Mar 2015, at 18:13, ken <gebser at mousecar.com> wrote:
> 
>> On 03/13/2015 01:06 PM, Blake Hudson wrote:
>> ken wrote on 3/13/2015 11:36 AM:
>>> # rpm -q sendmail logwatch
>>> sendmail-8.13.8-8.1.el5_7
>>> logwatch-7.3-10.el5
>>> 
>>> One host sends just one email per day, the daily logwatch report.
>>> Here's /var/log/maillog entries from yesterday (hostnames are changed
>>> to make designations in this conversation more intuitive):
>>> 
>>> Mar 12 04:02:18 srchost sendmail[27151]: t2C82Bjr027151: from=root,
>>> size=2485, class=0, nrcpts=1,
>>> msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>,
>>> relay=root at localhost
>>> Mar 12 04:02:19 srchost sendmail[27383]: t2C82IiB027383:
>>> from=<root at localhost.localdomain>, size=2756, class=0, nrcpts=1,
>>> msgid=<201503120802.t2C82Bjr027151 at localhost.localdomain>,
>>> proto=ESMTP, daemon=MTA, relay=srchost [127.0.0.1]
>>> Mar 12 04:02:19 srchost sendmail[27151]: t2C82Bjr027151:
>>> to=recip at dest, ctladdr=root (0/0), delay=00:00:08, xdelay=00:00:01,
>>> mailer=relay, pri=32485, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0,
>>> stat=Sent (t2C82IiB027383 Message accepted for delivery)

First email is sent locally to root.

>>> Mar 12 04:02:20 srchost sendmail[27385]: t2C82IiB027383:
>>> to=<recip at dest.com>, ctladdr=<root at localhost.localdomain> (0/0),
>>> delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=122756,
>>> relay=dellap.mousecar.net. [192.168.0.26], dsn=2.0.0, stat=Sent
>>> (t2C82Jh3016227 Message accepted for delivery)

Root I guess forwards through an alias so it resends to target.

>>> 
> 
> My major concern is accuracy.  I mean, there's not much sense in using logwatch if what it's telling me is wrong.

I'm guessing it simply parses the message sent lines. Whether or not treating locally delivered emails is correct or not - I'm inclined to think it is. Either way it would probably be difficult to exclude it - and then you would never be able to track locally sent emails.

Jason