8

I've gone through today to setup Logwatch on my server and have installed this all successfully.

I've followed this guide on Digital Ocean and set the MailFrom parameter to:

MailFrom = mailer@mydomain.com

I'm using ssmtp to send emails using my Postmark App account and it is coming through on my Postmark activity feed but it is showing the From field being set as root.

SMTP API Error for personaladdress@hotmail.com: Invalid 'From' address: 'root'.

Looking at the raw source of the email trying to be sent it shows this line:

From: root

This is the command I am using to generate the send:

sudo logwatch --detail Low --mailto personaladdress@hotmail.com --service http --range today

Where am I going wrong or what can I do to get it sending as mailer@mydomain.com as Postmark require the from address to be correctly sent otherwise it won't allow it through and returns an error

Further details

Logwatch version: Logwatch 7.4.0 (released 03/01/11)
System: Debian 8 (Jessie)
Using sSMTP on my server to send emails from Postmark Debug log:

Config After Command Line Parsing:
supress_ignores -> 0
pathtozcat -> zcat
html_header -> /usr/share/logwatch/default.conf/html/header.html
logdir -> /var/log
hostlimit ->
encode -> none
subject ->
mailfrom -> root
format -> html
numeric -> 0
tmpdir -> /tmp
html_wrap -> 80
pathtobzcat -> bzcat
detail -> 0
range -> yesterday
hostformat -> none
debug -> 10
output -> mail
mailer -> /usr/sbin/sendmail -t
hostname -> game
html_footer -> /usr/share/logwatch/default.conf/html/footer.html
archives -> 1
pathtocat -> cat
mailto -> personal@hotmail.com
filename ->
James
  • 345

3 Answers3

8

After a tonne of investigation, I've tracked down the cause.

Logwatch processes /usr/share/logwatch/dist.conf/logwatch.conf after processing /usr/share/logwatch/default.conf/logwatch.conf.

Inside /usr/share/logwatch/dist.conf/logwatch.conf was three config lines:

  • mailer
  • TmpDir
  • MailFrom

It was here that MailFrom was set to root which was causing the issues. After updating it to mailer@example.com it all worked fine!

James
  • 345
4

Unfortunately the Digital Ocean article is misleading on an important point. The logwatch configuration file should be copied (see e.g. https://help.ubuntu.com/community/Logwatch) to become /etc/logwatch/conf/logwatch.conf before being edited. Provided there is a config file at the /etc location, logwatch will prioritise the /etc file over the defaults (or even ignore the defaults, I'm not sure which). This is mentioned in the comments below the article, but like you, I didn't read the comments before going ahead with implementation. That's how I finished up here!

mbrampton
  • 371
3

You should set your configuration inside /etc/logwatch/conf/logwatch.conf.

This overrides both /usr/share/logwatch/dist.conf/logwatch.conf and /usr/share/logwatch/default.conf/logwatch.conf.

From http://ftp.logwatch.org/tabs/docs/HOWTO-Customize-LogWatch.html

However, Logwatch, starting with version 7.0, implements a mechanism to allow modifying the local system easier. These modifications may be needed either because the configuration of the service that writes to the system log has been altered from its default, or because the Logwatch user prefers what is reported or how it is reported by Logwatch to be different.

You can customize the output of logwatch by modifying variables in the /etc/logwatch/conf directory.

Default values are specified in the /usr/share/logwatch/default.conf directory. Your distribution may have set additional defaults in the /usr/share/logwatch/dist.conf directory. All the variables available are declared in the files under these directories. You can change the default values to modify how or what is displayed with logwatch.

frostymarvelous
  • 133