Re: [CentOS] Cron sending to root after changing MAILTO
Well, I feel silly. There are three places MAILTO can affect crond: /etc/crontab, /etc/crond.d/0hourly, and /etc/anacrontab. Once I set this in these 3 files, I started getting mail from crond. Thank you all for your help. --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. From: CentOS on behalf of Richard Reply-To: CentOS mailing list Date: Thursday, July 20, 2017 at 6:54 AM To: CentOS mailing list Subject: Re: [CentOS] Cron sending to root after changing MAILTO Date: Thursday, July 20, 2017 02:25:52 + From: Richard Date: Wednesday, July 19, 2017 23:31:10 + From: Chad Cordero It’s being rejected before it even reaches the mailbox, so forwarding won’t work. Crond should really be using the MAILTO variable and it’s not. In my testing, this worked as advertised. Changing the "MAILTO=" in /etc/crontab from the default "root" to either a local username or a remote address resulted in the crontab messages being delivered to the desired mailboxes. I think I'd put a test command into the crontab and watch the logs to see what might be going on -- including making certain that the crontab is reloading correctly after changing the "mailto" value. Separately, but related, did you run newaliases or postalias after you added the entry to "root:" in /etc/aliases? Re-reading earlier messages, are the commands in question being invoked out of /etc/crontab, /etc/cron.daily, etc. or user-level crontabs? The "mailto" value is crontab file specific, so setting it in /etc/crontab would only effect commands run from there (a file that isn't used much any longer). As the /etc/cron.daily, etc. jobs are now run from /etc/anacrontab you'd need to adjust the "mailto" in that file for things run that way. If run from a user-level crontab the "mailto" needs to be in that user's crontab file. [cron.hourly is run out of /etc/cron.d/0hourly, not anacrontab, and has its own "mailto".] ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cron sending to root after changing MAILTO
It’s being rejected before it even reaches the mailbox, so forwarding won’t work. Crond should really be using the MAILTO variable and it’s not. --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. From: CentOS on behalf of "h...@iinet.net.au" Reply-To: CentOS mailing list Date: Wednesday, July 19, 2017 at 4:13 PM To: CentOS mailing list Subject: Re: [CentOS] Cron sending to root after changing MAILTO - Original Message - From: "CentOS mailing list" To:"CentOS mailing list" Cc: Sent:Wed, 19 Jul 2017 20:46:21 + Subject:[CentOS] Cron sending to root after changing MAILTO I am running CentOS 7 on an outbound gateway server running Postfix. I have a couple of cron jobs I was expecting to see in my email that never showed up. It turns out that they were delivered to root, which is restricted on our exchange server, instead of the address I defined. Please help. The quick fix for such issues is to put a .forward file in the /root folder containing your target e-mail address, ecssupp...@csusb.edu ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cron sending to root after changing MAILTO
Ah. Here you go. # grep A5077100E776C /var/log/maillog Jul 19 13:15:55 mailcampaign1 postfix/pickup[19675]: A5077100E776C: uid=0 from= Jul 19 13:15:55 mailcampaign1 postfix/cleanup[19797]: A5077100E776C: warning: header Subject: Cron run-parts /etc/cron.hourly from local; from= Jul 19 13:15:55 mailcampaign1 postfix/cleanup[19797]: A5077100E776C: message-id=<20170719201555.a5077100e7...@mailcampaign1.csusb.edu> Jul 19 13:15:55 mailcampaign1 opendkim[2298]: A5077100E776C: DKIM-Signature field added (s=mc2-2013, d=csusb.edu) Jul 19 13:15:55 mailcampaign1 postfix/qmgr[2388]: A5077100E776C: from=, size=813, nrcpt=1 (queue active) Jul 19 13:15:56 mailcampaign1 postfix/smtp[19802]: A5077100E776C: to=, orig_to=, relay=csusb-edu.mail.protection.outlook.com[207.46.163.106]:25, delay=896, delays=895/0.01/0.24/0.83, dsn=2.6.0, status=sent (250 2.6.0 <20170719201555.a5077100e7...@mailcampaign1.csusb.edu> [InternalId=67289252629319, Hostname=CY1PR08MB1829.namprd08.prod.outlook.com] 10710 bytes in 0.203, 51.463 KB/sec Queued mail for delivery) Jul 19 13:15:56 mailcampaign1 postfix/qmgr[2388]: A5077100E776C: removed # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases always_add_missing_headers = yes bounce_queue_lifetime = 8h bounce_template_file = /etc/postfix/bounce.cf broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 default_destination_concurrency_limit = 2 default_destination_rate_delay = 1s default_process_limit = 1000 delay_warning_time = 5m header_checks = regexp:/etc/postfix/header_checks home_mailbox = Maildir/ html_directory = no inet_interfaces = all inet_protocols = ipv4 internal_destination_concurrency_limit = 20 internal_destination_rate_delay = 0 internal_destination_recipient_limit = 50 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man maximal_backoff_time = 4h maximal_queue_lifetime = 2d message_size_limit = 2560 milter_default_action = accept milter_protocol = 2 mydestination = $myhostname, localhost.$mydomain, localhost mydomain = csusb.edu myhostname = mailcampaign1.csusb.edu mynetworks = 139.182.0.0/16, 198.188.128.0/22, 10.120.76.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix non_smtpd_milters = $smtpd_milters polite_destination_concurrency_limit = 10 polite_destination_rate_delay = 0 polite_destination_recipient_limit = 5 postscreen_upstream_proxy_protocol = haproxy queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES relay_domains = sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_connect_timeout = 10s smtp_helo_timeout = 50 smtp_mx_address_limit = 5 smtpd_client_connection_count_limit = 100 smtpd_milters = inet:127.0.0.1:8891 smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_sasl_type = cyrus smtpd_timeout = 10s smtpd_tls_CAfile = /etc/pki/tls/certs/mailcampaign_csusb_edu_interm.cer smtpd_tls_cert_file = /etc/pki/tls/certs/mailcampaign_csusb_edu_cert.cer smtpd_tls_key_file = /etc/pki/tls/private/mailcampaign_csusb_edu.key smtpd_tls_loglevel = 0 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache smtpd_tls_session_cache_timeout = 10800s smtpd_use_tls = yes transport_maps = hash:/etc/postfix/transport turtle_destination_concurrency_limit = 1 turtle_destination_rate_delay = 3s turtle_destination_recipient_limit = 2 unknown_local_recipient_reject_code = 550 --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and d
Re: [CentOS] Cron sending to root after changing MAILTO
Here is the last one I got. As you can see it was send to r...@csusb.edu, a restricted distribution group, not obeying /etc/aliases or MAILTO definition in crontab. Message Trace: -- Cron run-parts /etc/cron.hourly Sender:r...@csusb.edu Recipient:r...@csusb.edu ReceivedProcessedNot delivered StatusThe message was sent to the following group, which doesn't allow messages from external senders: Group: r...@csusb.edu How to fix itTo accept messages from external senders, you can change the delivery management setting for this group. Go to Groups. Double-click the group name. Click Delivery management, and choose Senders inside and outside my organization. Choose Save. Message Events DATE (UTC)EVENTDETAIL 7/19/2017 8:15:56 PMReceiveMessage received by: CY1PR08MB1829 7/19/2017 8:15:56 PMFailReason: [{LED=550 5.7.133 RESOLVER.RST.SenderNotAuthenticatedForGroup; authentication required; Delivery restriction check failed because the sender was not authenticated when sending to this group};{MSG=};{FQDN=};{IP=};{LRT=}] 7/19/2017 8:15:56 PMSpam Diagnostics Additional Properties Message ID:<20170719201555.a5077100e7...@mailcampaign1.csusb.edu> Message size:12 KB From IP:139.182.75.70 To IP: --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. From: CentOS on behalf of Alexander Dalloz Reply-To: CentOS mailing list Date: Wednesday, July 19, 2017 at 2:49 PM To: "centos@centos.org" Subject: Re: [CentOS] Cron sending to root after changing MAILTO Am 19.07.2017 um 23:42 schrieb Chad Cordero: I have “root:ecssupp...@csusb.edu” in my /etc/aliases file already. Chad Cordero Then please provide log information about the mails to root being relayed to your Exchange host. Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Cron sending to root after changing MAILTO
I have “root: ecssupp...@csusb.edu” in my /etc/aliases file already. --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. From: CentOS on behalf of Alexander Dalloz Reply-To: CentOS mailing list Date: Wednesday, July 19, 2017 at 2:25 PM To: "centos@centos.org" Subject: Re: [CentOS] Cron sending to root after changing MAILTO Am 19.07.2017 um 22:46 schrieb Chad Cordero: I am running CentOS 7 on an outbound gateway server running Postfix. I have a couple of cron jobs I was expecting to see in my email that never showed up. It turns out that they were delivered to root, which is restricted on our exchange server, instead of the address I defined. Please help. [ ... ] Best is to define a mail alias for the root user. That way you have it defined at a single place for all occurances of mail destined to root. To do so edit /etc/aliases at the very bottom where you find a pre-defined but commented setting: # Person who should get root's mail #root: marc Change it to root: ecssupp...@csusb.edu and run `newaliases' after that change. It is always a good idea to verify that the database file, which is the one really used, has been changed and carries a new time flag. Alexander Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Cron sending to root after changing MAILTO
I am running CentOS 7 on an outbound gateway server running Postfix. I have a couple of cron jobs I was expecting to see in my email that never showed up. It turns out that they were delivered to root, which is restricted on our exchange server, instead of the address I defined. Please help. # cat /etc/crontab SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=ecssupp...@csusb.edu # For details see man 4 crontabs # Example of job definition: # . minute (0 - 59) # | .- hour (0 - 23) # | | .-- day of month (1 - 31) # | | | .--- month (1 - 12) OR jan,feb,mar,apr ... # | | | | . day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed # cat /etc/sysconfig/crond # Settings for the CRON daemon. # CRONDARGS= : any extra command-line startup arguments for crond CRONDARGS= --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Postfix fails after reboot
I am running CentOS 7 as an outbound gateway using Postfix, OpenDKIM, and SASLAuthd. The trouble is Postfix fails if OpenDKIM and SASLAuthd aren’t already running and I have to manually restart these services in order. My question is, should I modify my After line in the “[Unit]” section of my postfix.service file to read “After=syslog.target network.target opendkim.service saslauthd.service” or is there a better way to accomplish this? --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] iptables
I have an old postfix server that was historically used by the campus as an outbound gateway. The campus is now supposed to use a different server running HAProxy with several backe-end postfix servers. I am using iptables on CentOS 7 to log and block smtp and submission traffic not coming from my front-end HAProxy server (with a few exceptions for testing and monitoring). What I would like to do is log and redirect the connection to the proxy server. How do I do this? # cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Wed May 24 12:22:03 2017 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [134:13069] :LOGGING - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT … -A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 587 -j ACCEPT -A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 587 -j ACCEPT -A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 587 -j ACCEPT -A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 587 -j ACCEPT … -A INPUT -j LOGGING -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " -A LOGGING -j DROP COMMIT # Completed on Wed May 24 12:22:03 2017 --- Chad Cordero Information Technology Consultant Enterprise & Cloud Services Information Technology Services California State University, San Bernardino 5500 University Pkwy San Bernardino, CA 92407-2393 Main Line: 909/537-7677 Direct Line: 909/537-7281 Fax: 909/537-7141 http://support.csusb.edu/ --- Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos