Re: logwatch?
On Sun, 2009-11-22 at 05:00 +, Andreas M. Kirchwitz wrote: It looks like a lot of people were complaining about such reports and asked to turn it off. I'd be surprised if those sort of people even read the root mail, so I wouldn't expect them to see, or even know about, a logwatch report. -- [...@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
logwatch?
I don't see logwatch installed by default in f12. Is there a preferred substitute these days, or should I just yum install logwatch to get it back? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: logwatch?
On Sat, 21 Nov 2009 16:55:15 + Tom Horsley wrote: I don't see logwatch installed by default in f12. Is there a preferred substitute these days, or should I just yum install logwatch to get it back? I poked around some and didn't find any info on some substitute, so yum install logwatch has been executed :-). -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: logwatch?
Tom Horsley wrote: I don't see logwatch installed by default in f12. Is there a preferred substitute these days, or should I just yum install logwatch to get it back? I poked around some and didn't find any info on some substitute, so yum install logwatch has been executed :-). I installed F-12 via a network install of the RC4 tree and I have logwatch installed. It appears to be an optional package in the base group. Did you install via a live image or something else? I'm wondering if that might be why you didn't get logwatch and I did. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ It takes 43 muscles to frown and 17 to smile, but it doesn't take any to just sit there with a dumb look on your face. -- Demotivators (www.despair.com) pgpds8CVJNRte.pgp Description: PGP signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: logwatch?
On Sat, 21 Nov 2009 20:53:08 -0500 Todd Zullinger wrote: Did you install via a live image or something else? I installed from the DVD iso image. I guess it isn't on that (I didn't add any network repos at install time either). -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: logwatch?
Tom Horsley wrote: I installed from the DVD iso image. I guess it isn't on that (I didn't add any network repos at install time either). Apparently it's not. Good call. I guess that settles that minor mystery. :) -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ You can make it illegal, but you can't make it unpopular. -- Anonymous pgpsXLmjZ0sAb.pgp Description: PGP signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: logwatch?
Tom Horsley tom.hors...@att.net wrote: I don't see logwatch installed by default in f12. Is there a preferred substitute these days, or should I just yum install logwatch to get it back? After installation from DVD, I also missed some kind of daily system report (be it generated by logwatch or anything else). But nothing came. It looks like a lot of people were complaining about such reports and asked to turn it off. Maybe that's the reason to remove the package entirely from the base distribution. I installed it manually with yum install logwatch, and today I got my first report. ;-) Now I'm happy ... Andreas -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Logwatch problem?
Greetings all; Fedora 10 install, pretty well upto date, quad core phenom 9550, 4GB ram, kernel 2.6.30-rc2. Uptime is about 6 days. I noticed my machine was lagging badly, so I took a look with htop, and /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyservice init is using 99% of a core (4 core machine) and /dev/sda3 is showing about a 15Meg/sec continuous read operation. This has been going on for at least an hour. What is it doing? And why? Thanks. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Manly's Maxim: Logic is a systematic method of coming to the wrong conclusion with confidence. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Logwatch problem?
On Tuesday 21 April 2009 09:28:54 Gene Heskett wrote: I noticed my machine was lagging badly, so I took a look with htop, and /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyservice init is using 99% of a core (4 core machine) and /dev/sda3 is showing about a 15Meg/sec continuous read operation. This has been going on for at least an hour. What is it doing? It's scanning a log file for messages from `init'. I guess you have a *very* large log file that it is reading. (Take a look at the Perl script /usr/share/logwatch/scripts/shared/onlyservice . It's just matching on one of several different Perl regular expressions that include the string `init'.) I see that the Perl regular expressions are suboptimal in that the quantifier `*' seems to be used in several places where it should be `+'. This consumes more CPU than necessary. And why? Because the logwatch program runs periodically to summarize interesting log messages. -- Garry T. Williams --- +1 678 656-4579 -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Logwatch problem?
On Tuesday 21 April 2009, Garry T. Williams wrote: On Tuesday 21 April 2009 09:28:54 Gene Heskett wrote: I noticed my machine was lagging badly, so I took a look with htop, and /usr/bin/perl /usr/share/logwatch/scripts/shared/onlyservice init is using 99% of a core (4 core machine) and /dev/sda3 is showing about a 15Meg/sec continuous read operation. This has been going on for at least an hour. What is it doing? It's scanning a log file for messages from `init'. I guess you have a *very* large log file that it is reading. (Take a look at the Perl script /usr/share/logwatch/scripts/shared/onlyservice . It's just matching on one of several different Perl regular expressions that include the string `init'.) I see that the Perl regular expressions are suboptimal in that the quantifier `*' seems to be used in several places where it should be `+'. This consumes more CPU than necessary. And why? Because the logwatch program runs periodically to summarize interesting log messages. And I lost a hard drive yesterday, but running e2fsck -c -c -y /dev/sdd1, starting about 9 am Sunday morning. The drive ran out of spare blocks, and is now invisible, no response. And it generated about a 1.7 gigabyte messages file with the errors as it was expiring. A 1 TG Maxtor drive of course. So that would explain that. Should that bit of perl be patched as you noted? -- Garry T. Williams --- +1 678 656-4579 -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) Where's the man could ease a heart Like a satin gown? -- Dorothy Parker, The Satin Dress -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Logwatch/Named ?
What does this mean? Obviously something happened once, good or bad, then what? - Named Begin Received control channel commands stop: 1 Time(s) **Unmatched Entries** max open files (1024) is smaller than max sockets (4096): 1 Time(s) the working directory is not writable: 1 Time(s) using default UDP/IPv4 port range: [1024, 65535]: 1 Time(s) using default UDP/IPv6 port range: [1024, 65535]: 1 Time(s) using up to 4096 sockets: 1 Time(s) -- Named End - Do I need to fix something? Bob . -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Logwatch/Named ?
Bob Goodwin wrote: What does this mean? Obviously something happened once, good or bad, then what? - Named Begin Received control channel commands stop: 1 Time(s) **Unmatched Entries** max open files (1024) is smaller than max sockets (4096): 1 Time(s) the working directory is not writable: 1 Time(s) using default UDP/IPv4 port range: [1024, 65535]: 1 Time(s) using default UDP/IPv6 port range: [1024, 65535]: 1 Time(s) using up to 4096 sockets: 1 Time(s) -- Named End - Do I need to fix something? Bob . I see the same thing each time named is restarted. I don't think it's anything to worry about. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Logwatch/Named ?
Steven Stern wrote: Bob Goodwin wrote: What does this mean? Obviously something happened once, good or bad, then what? - Named Begin Received control channel commands stop: 1 Time(s) **Unmatched Entries** max open files (1024) is smaller than max sockets (4096): 1 Time(s) the working directory is not writable: 1 Time(s) using default UDP/IPv4 port range: [1024, 65535]: 1 Time(s) using default UDP/IPv6 port range: [1024, 65535]: 1 Time(s) using up to 4096 sockets: 1 Time(s) -- Named End - Do I need to fix something? Bob . I see the same thing each time named is restarted. I don't think it's anything to worry about. Ok, thanks. There's some comfort in knowing I'm not alone ... Bob -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
something in my logwatch
Can anyone explain what this is about in my logwatch mail: --- Connections (secure-log) Begin **Unmatched Entries** gdm-session-worker: gkr-pam: no password is available for user: 1 Time(s) useradd: failed adding user `ntp', data deleted: 1 Time(s) useradd: failed adding user `rpcuser', data deleted: 1 Time(s) - Connections (secure-log) End - -- [...@localhost ~]$ uname -r 2.6.27.19-78.2.30.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: logwatch reports kernel errors present
I posted this message last week but didn'yt get any replies. Trying again... Steve zep...@cfl.rr.com wrote: Every time I boot my machine I get a message like this in logwatch WARNING: Kernel Errors Present ACPI Error (nseval-0159): I ...: 12 Time(s) $ uname -r 2.6.27.15-78.2.23.fc9.x86_64 I don't see anything in /var/log/messages and in /var/log/dmesg I see: ACPI Error (nseval-0159): Insufficient arguments - method [_OSC] needs 5, found 4 [20080609] ie, the same error. Google returned a few hits but nothing that explained what this meant. I didn't find anything in redhat bugzilla. So, what does it mean? Is it important? Thanks, Steve. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
logwatch reports kernel errors present
Every time I boot my machine I get a message like this in logwatch WARNING: Kernel Errors Present ACPI Error (nseval-0159): I ...: 12 Time(s) $ uname -r 2.6.27.15-78.2.23.fc9.x86_64 I don't see anything in /var/log/messages and in /var/log/dmesg I see: ACPI Error (nseval-0159): Insufficient arguments - method [_OSC] needs 5, found 4 [20080609] ie, the same error. Google returned a few hits but nothing that explained what this meant. I didn't find anything in redhat bugzilla. So, what does it mean? Is it important? Thanks, Steve. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Double logwatch reports?
On occasion I get two logwatch reports for the same day. Usually 4 hours and 2 minutes later. Any ideas where to look for the problem? Thanks, -- Knute Johnson [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Double logwatch reports?
On Sun, 30 Nov 2008 09:53:12 -0800 Knute Johnson [EMAIL PROTECTED] wrote: On occasion I get two logwatch reports for the same day. Usually 4 hours and 2 minutes later. Any ideas where to look for the problem? Had you rebooted your system around that time? For me it was the anacron service running missed cron jobs that hadn't actually been missed. I finally decided anacron wasn't doing anything useful for me and disabled the service. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Double logwatch reports?
Tom Horsley wrote: On Sun, 30 Nov 2008 09:53:12 -0800 Knute Johnson [EMAIL PROTECTED] wrote: On occasion I get two logwatch reports for the same day. Usually 4 hours and 2 minutes later. Any ideas where to look for the problem? Had you rebooted your system around that time? For me it was the anacron service running missed cron jobs that hadn't actually been missed. I finally decided anacron wasn't doing anything useful for me and disabled the service. It's my mail and http server machine. I never turn it off. It did report restarting rsyslogd just before it was to do the first log report. -- Knute Johnson [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Double logwatch reports?
Tom Horsley wrote: On Sun, 30 Nov 2008 09:53:12 -0800 Knute Johnson [EMAIL PROTECTED] wrote: On occasion I get two logwatch reports for the same day. Usually 4 hours and 2 minutes later. Any ideas where to look for the problem? Had you rebooted your system around that time? For me it was the anacron service running missed cron jobs that hadn't actually been missed. I finally decided anacron wasn't doing anything useful for me and disabled the service. The log is full of these messages too. I wonder if I have something messed up with my clock? Nov 27 05:22:43 www ntpd[1839]: kernel time sync status change 0001 Nov 27 05:56:53 www ntpd[1839]: kernel time sync status change 4001 Nov 27 06:13:56 www ntpd[1839]: kernel time sync status change 0001 Nov 27 06:48:05 www ntpd[1839]: kernel time sync status change 4001 Nov 27 07:56:22 www ntpd[1839]: kernel time sync status change 0001 Nov 27 09:38:48 www ntpd[1839]: kernel time sync status change 4001 Nov 27 10:12:56 www ntpd[1839]: kernel time sync status change 0001 Nov 27 10:47:05 www ntpd[1839]: kernel time sync status change 4001 Nov 27 11:04:10 www ntpd[1839]: kernel time sync status change 0001 Nov 27 11:38:22 www ntpd[1839]: kernel time sync status change 4001 Nov 27 11:55:25 www ntpd[1839]: kernel time sync status change 0001 Nov 27 12:46:40 www ntpd[1839]: kernel time sync status change 4001 Nov 27 13:20:47 www ntpd[1839]: kernel time sync status change 0001 Nov 27 13:54:57 www ntpd[1839]: kernel time sync status change 4001 Nov 27 14:12:00 www ntpd[1839]: kernel time sync status change 0001 Nov 27 16:28:31 www ntpd[1839]: kernel time sync status change 4001 Nov 27 16:45:36 www ntpd[1839]: kernel time sync status change 0001 Nov 27 17:19:45 www ntpd[1839]: kernel time sync status change 4001 Nov 27 17:53:52 www ntpd[1839]: kernel time sync status change 0001 Nov 27 18:28:01 www ntpd[1839]: kernel time sync status change 4001 -- Knute Johnson [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Björn Persson [EMAIL PROTECTED] writes: Marc Schwartz wrote: Perhaps the references to just localhost in the config files I posted in my prior reply need to be expanded/altered to be more explicit to localdomain? I think your configuration is OK but you can test it by sending mail to [EMAIL PROTECTED], for example with the command mail [EMAIL PROTECTED]. Look for the earliest occurrence of localhost.com in /var/log/maillog*. Other log messages around the same time should show where the message came from. You can also look in the subdirectories of /var/spool/postfix to see if there's a message with an address in localhost.com. Björn Persson Hi Bjorn and Mikkel, Thanks to both of you, I have tracked this down to a cron job, which was sending status e-mails to '[EMAIL PROTECTED]' rather than '[EMAIL PROTECTED]'. I am still trying to figure out how/when the behavior changed, but it may very well have been some oversight on my part. I don't recall this situation with Postfix before a few weeks ago, so something within that recent time frame changed and I will review offline rsnapshot backups of configuration files to see what I can see. This also helps to explain why there were SMTP related errors in the maillog, which was confusing me further, given that I was not expecting any mail to be sent outside of my local system. Thanks again to both of you for your assistance! Regards, Marc -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Björn Persson [EMAIL PROTECTED] writes: Marc Schwartz wrote: There is no reference to ghost.localhost.com or the IP address that was referenced in the error messages anywhere on my system (at least in the places that I have looked, which include the relevant config files.) Are there any references to localhost.com or just localhost? Björn Persson Hi Bjorn, There is nothing in dovecot.conf or master.cf, but in main.cf there is: myhostname = localhost.localdomain ... inet_interfaces = localhost ... mydestination = $myhostname, localhost.$mydomain, localhost I should note that the above config files were created back in May and have not changed since then, though the error messages are recent. Perhaps there was a relevant bug fix or some other change in dovecot/postfix recently. /etc/hosts does contain both localhost.localdomain and localhost for 127.0.0.1. Thanks, Marc -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Björn Persson [EMAIL PROTECTED] writes: Marc Schwartz wrote: Over the past couple of weeks or so, I have noted new error messages in Logwatch pertaining to Postfix. [...] 1 Oct 5 21:38:28 WALL-E postfix/smtp[7960]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 10.11.12.13 is in the private address space. The whole 10.x.x.x block is reserved for use on private networks and should not be routed on the public Internet. That's why Postfix can't connect to that address. It seems like your Postfix has a message that it's trying to deliver to an address in the domain localhost.com, or some other domain for which the mail server is specified as ghost.localhost.com. The command dig ghost.localhost.com SOA tells me that the authoritative name server for localhost.com is ghost.wraith.com. Its IP address is 209.169.17.198. These commands will tell you more: dig ghost.localhost.com ANY @ghost.wraith.com dig localhost.com ANY @ghost.wraith.com whois 209.169.17.198 whois localhost.com whois wraith.com Publishing domain names that resolve to private addresses does not in itself cause any harm, but if anyone is using such domains in URLs or sending out email with sender addresses in such domains, then that's not a nice thing to do. Björn Persson Hi Bjorn, I ran the above commands and it looks like the domain owner has indeed put forth localhost.com, ghost.localhost.com, ghast.localhost.com, wraith.com and others. Perhaps the references to just localhost in the config files I posted in my prior reply need to be expanded/altered to be more explicit to localdomain? Thanks, Marc -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Marc Schwartz wrote: Over the past couple of weeks or so, I have noted new error messages in Logwatch pertaining to Postfix. [...] 1 Oct 5 21:38:28 WALL-E postfix/smtp[7960]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 10.11.12.13 is in the private address space. The whole 10.x.x.x block is reserved for use on private networks and should not be routed on the public Internet. That's why Postfix can't connect to that address. It seems like your Postfix has a message that it's trying to deliver to an address in the domain localhost.com, or some other domain for which the mail server is specified as ghost.localhost.com. The command dig ghost.localhost.com SOA tells me that the authoritative name server for localhost.com is ghost.wraith.com. Its IP address is 209.169.17.198. These commands will tell you more: dig ghost.localhost.com ANY @ghost.wraith.com dig localhost.com ANY @ghost.wraith.com whois 209.169.17.198 whois localhost.com whois wraith.com Publishing domain names that resolve to private addresses does not in itself cause any harm, but if anyone is using such domains in URLs or sending out email with sender addresses in such domains, then that's not a nice thing to do. Björn Persson signature.asc Description: This is a digitally signed message part. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Marc Schwartz wrote: There is no reference to ghost.localhost.com or the IP address that was referenced in the error messages anywhere on my system (at least in the places that I have looked, which include the relevant config files.) Are there any references to localhost.com or just localhost? Björn Persson signature.asc Description: This is a digitally signed message part. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Marc Schwartz wrote: Mikkel L. Ellertson [EMAIL PROTECTED] writes: Did you change the firewall or mail configuration on ghost.localhost.com? If ghost.localhost.com is the local machine, then you should be using localhost (127.0.0.1) and not ghost.localhost.com to send mail to. Hi Mikkel, There is no reference to ghost.localhost.com or the IP address that was referenced in the error messages anywhere on my system (at least in the places that I have looked, which include the relevant config files.) That's why I cannot figure out where that hostname is coming from. I have made no changes in the firewall or SELinux settings for some time. I am kinda lost here and there is still no joy with a Google search, where now, several of the first hits are my own post above... :-) Regards, Marc Can you post the contents of /etc/hosts? Also /etc/postfix/main.cf. A couple of other questions - are you using transport maps, or do you have a relay host configured? Also, are you using a program such as dnsmasq that may be redirecting things strangely? Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! signature.asc Description: OpenPGP digital signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Postfix errors in Logwatch
Hi all, Over the past couple of weeks or so, I have noted new error messages in Logwatch pertaining to Postfix. I use Postfix and Dovecot to support an IMAP configuration for the local delivery of root's e-mail to my user account, with Thunderbird as the client. These messages had not appeared previously and I cannot at this point, recall any changes that I have made or recent RPM updates that may have triggered this. The e-mail delivery does work, so whatever is happening, it is not precluding basic functionality. The error messages (a subset) follows: **Unmatched Entries** 1 Oct 5 21:38:28 WALL-E postfix/smtp[7960]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 13:28:28 WALL-E postfix/smtp[19392]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 21:38:28 WALL-E postfix/smtp[7961]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 20:28:28 WALL-E postfix/smtp[5056]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 16:58:28 WALL-E postfix/smtp[28624]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 22:48:28 WALL-E postfix/smtp[10868]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 22:48:28 WALL-E postfix/smtp[10867]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 08:48:28 WALL-E postfix/smtp[6426]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out 1 Oct 5 16:58:28 WALL-E postfix/smtp[28626]: connect to ghost.localhost.com[10.11.12.13]:25: Connection timed out ... Note that the errors are not in chronological sequence and there are lots of them. Also, I can find no reference to ghost.localhost.com or the IP address in any of the Postfix or Dovecot config files. A Google search showed some references to ghost.localhost.com, but nothing appeared to be relevant to this particular situation relative to solutions. Any ideas? Anything jump out from the above? TIA, Marc Schwartz -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Marc Schwartz wrote: Hi all, Over the past couple of weeks or so, I have noted new error messages in Logwatch pertaining to Postfix. I use Postfix and Dovecot to support an IMAP configuration for the local delivery of root's e-mail to my user account, with Thunderbird as the client. These messages had not appeared previously and I cannot at this point, recall any changes that I have made or recent RPM updates that may have triggered this. The e-mail delivery does work, so whatever is happening, it is not precluding basic functionality. The error messages (a subset) follows: -[SNIP] Note that the errors are not in chronological sequence and there are lots of them. Also, I can find no reference to ghost.localhost.com or the IP address in any of the Postfix or Dovecot config files. A Google search showed some references to ghost.localhost.com, but nothing appeared to be relevant to this particular situation relative to solutions. Any ideas? Anything jump out from the above? TIA, Marc Schwartz Did you change the firewall or mail configuration on ghost.localhost.com? If ghost.localhost.com is the local machine, then you should be using localhost (127.0.0.1) and not ghost.localhost.com to send mail to. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! signature.asc Description: OpenPGP digital signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Postfix errors in Logwatch
Mikkel L. Ellertson [EMAIL PROTECTED] writes: Marc Schwartz wrote: Hi all, Over the past couple of weeks or so, I have noted new error messages in Logwatch pertaining to Postfix. I use Postfix and Dovecot to support an IMAP configuration for the local delivery of root's e-mail to my user account, with Thunderbird as the client. These messages had not appeared previously and I cannot at this point, recall any changes that I have made or recent RPM updates that may have triggered this. The e-mail delivery does work, so whatever is happening, it is not precluding basic functionality. The error messages (a subset) follows: -[SNIP] Note that the errors are not in chronological sequence and there are lots of them. Also, I can find no reference to ghost.localhost.com or the IP address in any of the Postfix or Dovecot config files. A Google search showed some references to ghost.localhost.com, but nothing appeared to be relevant to this particular situation relative to solutions. Any ideas? Anything jump out from the above? TIA, Marc Schwartz Did you change the firewall or mail configuration on ghost.localhost.com? If ghost.localhost.com is the local machine, then you should be using localhost (127.0.0.1) and not ghost.localhost.com to send mail to. Hi Mikkel, There is no reference to ghost.localhost.com or the IP address that was referenced in the error messages anywhere on my system (at least in the places that I have looked, which include the relevant config files.) That's why I cannot figure out where that hostname is coming from. I have made no changes in the firewall or SELinux settings for some time. I am kinda lost here and there is still no joy with a Google search, where now, several of the first hits are my own post above... :-) Regards, Marc -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ipop3d logwatch entry suspicious
I wrote: You need to plan around a security problem being found with your version of ipop3d. Either you need to follow the appropriate security lists, and be ready to patch your version of ipop3d quickly, or you need to use a supported operating system which will do this for you. Roberto Figueroa wrote: Thanks James for your advice. Another question: where can I find those security list...or more specific mailing list related to ipop3d? Actually, I was trying to hint that this is what you *don’t* want to do! I believe that ipop3d in FC5 comes from the University of Washington at http://www.washington.edu/imap/ : run something like rpm -qif /usr/sbin/ipop3d and check the URL line. You will find a link to http://www.washington.edu/imap/lists/imap-uw.html on that page, which seems to be the best list. But there’s a couple of other things you need to bear in mind. If you’re going to use otherwise-unsupported software, you need to do this with every service you expose to the Internet. You should be aware of every service you offer to the Internet, anyway. You may well need to be examining your MTA software (probably sendmail, postfix, exim, or qmail), OpenSSH, and maybe stuff like Samba, bind and Cups. The few Linux viruses to date have spread this way (Lion used bind and Ramen used lpd – both exploited vulnerabilities in Red Hat Linux for which Red Hat had issued patches). Part of what a distribution should be offering you is that it will monitor these lists for you. You just have one place to go to look for updates. They should also have someone monitoring mailing lists like Bugtraq, which contains reports of security problems found by third parties. They also have access to vendor-sec, a closed distributor-only list co-ordinating upcoming security patches. Were you actually intending to offer POP3 access across the Internet? You may well have intended this: it’s a reasonable thing to do IF you’re offering e-mail service to people outside your network. James. -- E-mail: james@ | WARNING: Pressing CTRL+ALT+DEL again will restart your aprilcottage.co.uk | computer. Then again, what won't? You will lose unsaved | information, and even supposedly saved information, in | any case. -- David P. Murphy -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
ipop3d logwatch entry suspicious
Hi, I'm getting a lot of this entries in the LogWatch mail under ipop3d section: Success, while reading line user=appowner host=customer123-149-157.iplannetworks.net [200.123.149.157]: 1 Time(s) Success, while reading line user=mysql host=customer123-149-157.iplannetworks.net [200.123.149.157]: 1 Time(s) Success, while reading line user=john host=customer123-149-157.iplannetworks.net [200.123.149.157]: 1 Time(s) I'm also getting entries like this which I suppose are normal: Update user=USERNAME host=[LOCAL_IP_ADDR] nmsgs=0 ndele=1: 1 Time(s) (text in caps refer to real existing users and ip) Obviously we don´t have any relationship with iplannetworks.net domain I'm running FC 5. Didn't find any info on google. ¿do I must be worried? thanks in advance. Robert. -- Saludos! Roberto -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ipop3d logwatch entry suspicious
Roberto Figueroa wrote: Hi, I'm getting a lot of this entries in the LogWatch mail under ipop3d section: Success, while reading line user=appowner host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) Success, while reading line user=mysql host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) Success, while reading line user=john host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) I'm also getting entries like this which I suppose are normal: Update user=USERNAME host=[LOCAL_IP_ADDR] nmsgs=0 ndele=1: 1 Time(s) (text in caps refer to real existing users and ip) Obviously we don´t have any relationship with iplannetworks.net http://iplannetworks.net domain I'm running FC 5. Didn't find any info on google. ¿do I must be worried? thanks in advance. Robert. It looks like john is checking his mail from home/work using iplannetworks.net as their ISP. If you are allowing users to check their mail over the Internet, then I would not worry too much. If your firewall is supposed to be blocking incomming connections from the Internet, then you have a problem. Mikkel -- Do not meddle in the affairs of dragons, for thou art crunchy and taste good with Ketchup! signature.asc Description: OpenPGP digital signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ipop3d logwatch entry suspicious
Mikkel L. Ellertson wrote: Roberto Figueroa wrote: Hi, I'm getting a lot of this entries in the LogWatch mail under ipop3d section: Success, while reading line user=appowner host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) Success, while reading line user=mysql host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) Success, while reading line user=john host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) I'm also getting entries like this which I suppose are normal: Update user=USERNAME host=[LOCAL_IP_ADDR] nmsgs=0 ndele=1: 1 Time(s) (text in caps refer to real existing users and ip) Obviously we don´t have any relationship with iplannetworks.net http://iplannetworks.net domain I'm running FC 5. Didn't find any info on google. ¿do I must be worried? thanks in advance. Robert. It looks like john is checking his mail from home/work using iplannetworks.net as their ISP. If you are allowing users to check their mail over the Internet, then I would not worry too much. If your firewall is supposed to be blocking incomming connections from the Internet, then you have a problem. Sounds right to me. But I would think about access to system mail from home, and if something like pop3sis what he should be using. Mikkel -- Bill Davidsen [EMAIL PROTECTED] We have more to fear from the bungling of the incompetent than from the machinations of the wicked. - from Slashdot -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ipop3d logwatch entry suspicious
Roberto Figueroa wrote: I'm getting a lot of this entries in the LogWatch mail under ipop3d section: Success, while reading line user=appowner host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) Success, while reading line user=mysql host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) Success, while reading line user=john host=customer123-149-157.iplannetworks.net http://customer123-149-157.iplannetworks.net [200.123.149.157 http://200.123.149.157]: 1 Time(s) snip Obviously we don´t have any relationship with iplannetworks.net domain I'm running FC 5. Mikkel L. Ellertson replied: It looks like john is checking his mail from home/work using iplannetworks.net as their ISP. “john” I might accept. “appowner” and “mysql” shouldn’t be doing so! This looks to me like someone unauthorized is trying to login to your server. My advice to Roberto is this: FC5 is no longer supported. You don’t seem to be ready to handle security single-handed (if you were, you wouldn’t be asking here). You’re evidently seeing random Internet users trying your security. You need to plan around a security problem being found with your version of ipop3d. Either you need to follow the appropriate security lists, and be ready to patch your version of ipop3d quickly, or you need to use a supported operating system which will do this for you. If you’re not prepared to update Fedora yearly to keep on supported versions, I recommend that you move to CentOS, which can provide updates for longer (thanks to Red Hat). Hope this helps, James. -- E-mail: james@ | In the Royal Air Force a landing’s OK, aprilcottage.co.uk | If the pilot gets out and can still walk away. | But in the Fleet Air Arm the outlook is grim, | If your landings are duff and you’ve not learnt to swim. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ipop3d logwatch entry suspicious
-- Forwarded message -- Mikkel L. Ellertson wrote: It looks like john is checking his mail from home/work using iplannetworks.net as their ISP. the problem is I don't have user john neither mysql, appowner :-/ so it appears to be a brute force attack ? how do I know the implementation of pop3 server that is running on my server? Sounds right to me. But I would think about access to system mail from home, and if something like pop3sis what he should be using. -- Saludos! Roberto -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: ipop3d logwatch entry suspicious
From: James Wilkinson [EMAIL PROTECTED] You need to plan around a security problem being found with your version of ipop3d. Either you need to follow the appropriate security lists, and be ready to patch your version of ipop3d quickly, or you need to use a supported operating system which will do this for you. Thanks James for your advice. Another question: where can I find those security list...or more specific mailing list related to ipop3d? -- Saludos! Roberto -- Saludos! Roberto -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
ipop3d logwatch entry suspicious
Hi, I'm getting a lot of this entries in the LogWatch mail under ipop3d section: Success, while reading line user=appowner host=customer123-149-157.iplannetworks.net [200.123.149.157]: 1 Time(s) Success, while reading line user=mysql host=customer123-149-157.iplannetworks.net [200.123.149.157]: 1 Time(s) Success, while reading line user=john host=customer123-149-157.iplannetworks.net [200.123.149.157]: 1 Time(s) I'm also getting entries like this which I suppose are normal: Update user=USERNAME host=[LOCAL_IP_ADDR] nmsgs=0 ndele=1: 1 Time(s) (text in caps refer to real existing users and ip) Obviously we don´t have any relationship with iplannetworks.net domain I'm running FC 5. Didn't find any info on google. ¿do I must be worried? thanks in advance. Robert. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Logwatch?
2008/7/21 Knute Johnson [EMAIL PROTECTED]: Thanks for the response. Some others have suggested that is where the problem lies as well. I'm not sure why denyhosts sometimes puts a name rather than an IP. I guess I'll have to see if there is a denyhosts list and ask there. There is a config option for denyhosts to have it look up IP addresses. Niels -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch?
Tom Horsley wrote: On Sun, 20 Jul 2008 15:38:58 -0700 Knute Johnson [EMAIL PROTECTED] wrote: I don't really know what the log message means. Why would it specify line 2305 but then show another address in the log message? Any enlightenment would be appreciated. I had a lot of trouble with the hosts.allow/deny stuff when there were multiple names for the same IP. It apparently picks one at random in a reverse lookup of the name, and if it doesn't match the name you gave in the file, it complains. I resorted to using IP addresses (which means I have to change when the IP changes - sort of a pain, but it reduces the log clutter :-). Thanks for the response. Some others have suggested that is where the problem lies as well. I'm not sure why denyhosts sometimes puts a name rather than an IP. I guess I'll have to see if there is a denyhosts list and ask there. -- Knute Johnson [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Logwatch?
I am running F9 with denyhosts and my deny.hosts file has a lot of entries. I'm getting the following log entries for sendmail: warning: /etc/hosts.deny, line 2305: can't verify hostname: getaddrinfo(121.246.40.136.dynamic-hyderabad.vsnl.net.in, AF_INET) failed: 1 Time(s) warning: /etc/hosts.deny, line 2305: can't verify hostname: getaddrinfo(Dynamic-IP-1901573270.cable.net.co, AF_INET) failed: 1 Time(s) This is line 2305 in deny.hosts: ALL: 83.72.199.48.ip.tele2adsl.dk I don't really know what the log message means. Why would it specify line 2305 but then show another address in the log message? Any enlightenment would be appreciated. Thanks, -- Knute Johnson [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
RE: Logwatch report on another machine?
On Thu, 2008-06-05 at 15:17 +0200, KAPTURKIEWICZ Patrick wrote: The Dept of Agriculture in Texas used it to monitor hundreds of machines on their intranet. It was free, very basic, and it worked like a charm. For the life of me, I cannot remember the name of it, for the life of me. But, it basically did what I think you are trying to do. Ergo, what I think you want to do, is doable! I had sendmail up and running but I don't think it relied on DNS as all of the addresses were static. Ric Hi, Do you want to mean Nagios or Cacti ? Maybe NetSaint in the previous century with OpenLinux Server ;-) Patrick Those don't ring a bell. The host machine had to be running apache, as that application would create a webpage that was updated as often as you wished. There were boxes with the hostname and IPaddress. If good, the box had a green background against text. If something was amiss, the background was red. You could click on the box to check the logs of that host. I used it for my localnet back in the BBS days. But you could have a thousand client machines as well, just a lot of webpages. Free application, too. I wish I could remember the name of it. Ric -- My father, Victor Moore (Vic) used to say: There are two Great Sins in the world... ..the Sin of Ignorance, and the Sin of Stupidity. Only the former may be overcome. R.I.P. Dad. Linux user# 44256 Sign up at: http://counter.li.org/ http://www.sourceforge.net/projects/oar https://oar.dev.java.net/ Verizon Cell # 336-254-1339 - -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wednesday 04 June 2008 23:20:39 Timothy Murphy wrote: I'm actually running a dovecot/IMAP server on the machine, alfred, that I want the email sent to. I read my email on my laptops from this server. This works beautifully. If you changed to postfix-sendmail I could tell you exactly how to do it. Anne signature.asc Description: This is a digitally signed message part. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Dave Burns wrote: OP seems to have two problems: 1) sendmail is not configured correctly, email sent by cron jobs is not delivered. 2) He would like to send mail to an address which is broken, either the domain doers not exist or DNS not working right? Could it be that his machine has the hostname set as 'alfred' and is on the gayleard.com network, so thinks of itself as alfred.gayleard.com, but his ISP (gayleard?) has not set things up so that DNS can resolve that name? Actually, I am not running a sendmail server in this sense on my system. Which one? You need something running on helen so that email can be sent, something else running on alfred so the email can be received. I don't think port 25 is open to incoming packets. Well, if that is the system where you want to receive email, that would explain why you don't receive any. If on the other system, irrelevant. I should have said, port 25 is not open to packets coming from the internet. (I have not opened the pinhole on my ADSL modem to port 25.) I allow all traffic on my internal LAN, and am running sendmail on all machines. But I think it must be possible to process and deliver it locally, and am trying to find out if this belief is justified. Hmm, if you're a fetchmail guru, why not use that? Send the logwatch reports to [EMAIL PROTECTED], then on Alfred use fetchmail every 5 minutes to fetch [EMAIL PROTECTED]'s mail. This would require me to run a POP3 or IMAP server on helen, I think, which I don't want to do. I just want to be able to send email from helen to alfred without it going outside my house. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Tim wrote: Maybe I shouldn't define(`SMART_HOST', `smtp.eircom.net')dnl If you have a properly set up local DNS and mail system, then your internal mail will be handled all internally, and mail that goes to outside addresses will be relayed from your SMTP server to the ISP's. That's the smart part about it - it working out what's internal or external, and routing things accordingly. I think that is exactly my problem - sendmail is not distinguishing properly between internal and external mail. I have been looking at various sendmail tutorials and howtos, but the problem with these is that they use the word local ambiguously, and it is not clear whether they mean other users on the same machine or other machines on the same LAN. Use a different sub-domain for local addresses than external ones, if each machine doesn't have real public addresses that are externally accessible. e.g. If you own example.com, and use it publicly, then use something like lan.example.com for your LAN addressing. Trying to use invented names and mixing them up with the real public internet is a recipe for disaster. Make sure internal names are not the same as ones used outside. Have a local DNS server that resolves all machine names in both directions. e.g. mail.lan.example.com resolves to 192.168.1.123 and 192.168.1.23 resolves to mail.lan.example.com Have a proper MX record in your local domain records. e.g. MX 1 mail.example.com Avoid playing silly games with putting machine hostnames into the localhost configuration lines in /etc/hosts. I read what you say, but I am not convinced that this is the cause of the problem. I cannot send email from helen to [EMAIL PROTECTED] , whether or not I have 192.168.2.2 alfred alfred.gayleard.com, etc, in /etc/hosts or just 192.168.2.2 alfred. I own the domain gayleard.com. I have found there are some advantages in calling my machines helen.gayleard.com, alfred.gayleard.com, etc, even though these are not accessible from the internet. (Actually, my shorewall setting only allow my main server, helen, to be accessed from the network. and only allows http access and a couple of other ports.) -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Tim: If you have a properly set up local DNS and mail system, then your internal mail will be handled all internally, and mail that goes to outside addresses will be relayed from your SMTP server to the ISP's. That's the smart part about it - it working out what's internal or external, and routing things accordingly. Timothy Murphy: I think that is exactly my problem - sendmail is not distinguishing properly between internal and external mail. It does it by comparing the recipient domain name against its list of what's considered local. If it's on the local list, it handles it internally. Or, instead of a list of specific addresses, a rule that can be applied to all of them. This is easy to do when the local domain name is different from other ones, but messier when you're using the same domain names publicly and internally. In my case, I've used a subdomain for the lan (e.g. lan.example.com), and all machines are further sub-domains (e.g. box1.lan.example.com, box2.lan.example.com, etc.). So all I've got to do it tell sendmail that anything inside lan.example.com is internal (one configuration option setting for all boxes on the LAN, rather than having to list each machine explicitly). Since you're using one domain, and making each machine a hostname on the same domain, you're probably going to have to list each local machine explicitly. I read what you say, but I am not convinced that this is the cause of the problem. I cannot send email from helen to [EMAIL PROTECTED] , whether or not I have 192.168.2.2 alfred alfred.gayleard.com, etc, in /etc/hosts or just 192.168.2.2 alfred. Make life easier for yourself, construct your hosts file as per the man file (ip, FQDN, aliases). Do everything according to the guides, you'll (generally) have less headaches, that way. Once you start trying to kludge things, you tend to have to kludge things differently for different things, some of which don't co-operate. e.g. 192.168.2.2 alfred.gayleard.com alfred However, I think you're going to fall afoul of DNS, and playing with the hosts file is going to be difficult. I find it easier not to use them, at all. If I look up the MX record for your domain, it's mail.gayleard.com, that means that any mail addressed to any user at gayleard.com, and probably to any subdomain, will use that SMTP server. The MX record for the domain will be looked up first, unless you configure sendmail to work differently (I can't advise on that, I've never condigured sendmail to work that way). Play with the dig command (from the bind-utils RPM). If you do dig gayleard.com you'll find the IP for that domain, likewise if you do a dig alfred.gayleard.com (you'll see the IP for that host). If you do a dig gayleard.com MX you'll get the address of the server handling mail for your domain (mail.gayleard.com). But if you try to dig alfred.gayleard.com MX, there isn't an answer for who'll handle mail for that particular host. I'm not quite sure what sendmail will do, but mail systems would typically not need MX records per subdomain, there'd be one record for the whole domain, and the mail system would just look up the MX record for the domain, perhaps not even trying sub-domains, and mail.gayleard.com would be expected to handle the lot, especially if sub-domains don't have their own MX records. e.g. Imagine this: 1. sending mail to [EMAIL PROTECTED] 2. look for a MX record for alfred.gayleard.com to deliver mail, but doesn't get an answer 3. now looks for a MX record for gayleard.com, and does get an answer to use mail.gayleard.com, tries sending mail to it 4. mail.gayleard.com may reject mail for not having a testuser user 5. mail.gayleard.com may reject mail because alfred.gayleard.com doesn't appear to exist I own the domain gayleard.com. I have found there are some advantages in calling my machines helen.gayleard.com, alfred.gayleard.com, etc, even though these are not accessible from the internet. That's probably fine for most things, but mail is going to be a curly problem. The simplest solution would probably be to abandon hosts file, and set up an internal DNS server. You'd serve records internally for all your hosts name, and importantly, an internal MX record. I thought of setting up my LAN as you've done, long ago, but decided that it was too painful to try an work out the wrinkles. Though I think you could run an internal DNS server, with all addresses being internal on the same domain, and either putting up with www.gayleard.com using an internal address (if you have a public webserver), or putting the external address in the records and putting up with not being able to browse to it internally. Perversely, if you'd used a completely bogus domain name, which usually isn't a good idea, MX lookups would completely fail, and you'd probably find the mail server would fall back to using A records (the IP for the host in question),
Re: Logwatch report on another machine?
Timothy Murphy wrote: Sendmail should fall back to A records if no MX exists, and it should accept any names you've added to /etc/mail/local-host-names (requires a sendmail restart) as local regardless of what DNS says. If you want network-local mail delivered to some other machine you can define MAIL_HUB in sendmail.mc with approximately the same syntax as SMART_HOST (i.e. use []'s around literal IPs or hostnames where you want to skip the MX lookup). Then mail determined to be local will go to the MAIL_HUB and you can still send outside mail to a different SMART_HOST. Thanks, I'll try that and tell you what happens. As I said, it used to be simple to forward logwatch to a local machine. (I'm thinking 2 or 3 years ago, possibly pre-Fedora, on Redhat systems.) I'm not sure what has changed. The one other thing you'll need to do if you haven't already, is configure the receiving machine so it will accept network mail. Fedora and current RH versions ship with sendmail configured to only listen on the localhost loopback which is pretty useless for a nework mailer. In sendmail.mc on alfred, remove the 127.0.0.1 from DAEMON_OPTIONS entry so it looks like: DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl and make sure port 25 isn't firewalled. Also make sure that alfred has all the host/domain names you might use as target addresses in its local-host-names file. There are other ways to explicitly force mail to go to a certain machine (local DNS with explicit addresses, forwarding files with explicit addresses, mailertable entries mapping to IP addresses, etc., but MAIL_HUB is intended for use where you have more than one internal machine and you want all local mail to go to one of them. If you also do internet mail you can configure this one to relay and be the SMART_HOST for the others, perhaps with address masquerading but they are separate concepts. -- Les Mikesell [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Thu, 2008-06-05 at 13:52 +0100, Timothy Murphy wrote: I think that is exactly my problem - sendmail is not distinguishing properly between internal and external mail. This is usual with MTAs. Their world view distinguishes pretty much between mail I am accepting for my input queue, to be stored or forwarded later and mail I am forwarding from my output queue. The fact that the other end of the conversation is inside or outside their local domain is secondary, so you have to be explicit about it. poc -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Steven Tardy wrote: It seems to be more difficult than I thought to send email from one machine on a LAN to another. echo alfred.gayleard.com esmtp:[192.168.2.1] /etc/mail/mailertable /etc/init.d/sendmail restart Thanks very much. That certainly changed things. According to /var/log/maillog on helen the email was sent without involving my ISP: Jun 5 15:14:22 helen sendmail[15635]: m55EEMoL015635: from=tim, size=72, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Jun 5 15:14:22 helen sendmail[15636]: m55EEMK0015636: from=[EMAIL PROTECTED], size=357, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=helen.gayleard.com [127.0.0.1] Jun 5 15:14:22 helen sendmail[15635]: m55EEMoL015635: [EMAIL PROTECTED], ctladdr=tim (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30072, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m55EEMK0015636 Message accepted for delivery) But it does not appear to have reached alfred. I'm not sure where it has disappeared to ... -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Timothy Murphy wrote: Steven Tardy wrote: It seems to be more difficult than I thought to send email from one machine on a LAN to another. echo alfred.gayleard.com esmtp:[192.168.2.1] /etc/mail/mailertable /etc/init.d/sendmail restart Thanks very much. That certainly changed things. According to /var/log/maillog on helen the email was sent without involving my ISP: Jun 5 15:14:22 helen sendmail[15635]: m55EEMoL015635: from=tim, size=72, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Jun 5 15:14:22 helen sendmail[15636]: m55EEMK0015636: from=[EMAIL PROTECTED], size=357, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=helen.gayleard.com [127.0.0.1] Jun 5 15:14:22 helen sendmail[15635]: m55EEMoL015635: [EMAIL PROTECTED], ctladdr=tim (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30072, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m55EEMK0015636 Message accepted for delivery) But it does not appear to have reached alfred. I'm not sure where it has disappeared to ... what is the ip address of alfred.gayleard.com? is it 192.168.2.2? or 192.168.2.1? if it's 192.168.2.2, change the mailertable ip address... that needs to be the destination ip address. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Steven Tardy wrote: echo alfred.gayleard.com esmtp:[192.168.2.1] /etc/mail/mailertable /etc/init.d/sendmail restart Thanks very much. That certainly changed things. According to /var/log/maillog on helen the email was sent without involving my ISP: Jun 5 15:14:22 helen sendmail[15635]: m55EEMoL015635: from=tim, size=72, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], [EMAIL PROTECTED] Jun 5 15:14:22 helen sendmail[15636]: m55EEMK0015636: from=[EMAIL PROTECTED], size=357, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=helen.gayleard.com [127.0.0.1] Jun 5 15:14:22 helen sendmail[15635]: m55EEMoL015635: [EMAIL PROTECTED], ctladdr=tim (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30072, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m55EEMK0015636 Message accepted for delivery) But it does not appear to have reached alfred. I'm not sure where it has disappeared to ... what is the ip address of alfred.gayleard.com? is it 192.168.2.2? or 192.168.2.1? if it's 192.168.2.2, change the mailertable ip address... that needs to be the destination ip address. No, the IP address of alfred is 192.168.2.1 , as it says in /etc/mail/mailertable on helen: alfred.gayleard.com esmtp:[192.168.2.1] Thanks for your help. I'll pursue the missing message - I should be able to work out where it has gone. Maybe sendmail is modelled on the Irish postal service ... -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Thu, Jun 05, 2008 at 07:29:20PM +0100, Timothy Murphy wrote: No, the IP address of alfred is 192.168.2.1 , as it says in /etc/mail/mailertable on helen: alfred.gayleard.com esmtp:[192.168.2.1] Thanks for your help. I'll pursue the missing message - I should be able to work out where it has gone. Maybe sendmail is modelled on the Irish postal service ... Probably the receiving sendmail needs to be configured to allow relaying from your source host. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
RE: Logwatch report on another machine?
On 4. juuni 2008. a. 2:56, Timothy Murphy wrote How can I get the logwatch report on one machine (helen.gayleard.com) sent to another machine (alfred.gayleard.com) on the same LAN? I tried editing /etc/aliases on the first machine, changing the last line to root: [EMAIL PROTECTED] (and running newaliases) but this did not do the trick. I also tried adding MAILER(local) in sendmail.mc on helen (and restarting sendmail), but this appeared to have no effect. I'm not sure what MAILER(local) means? It seems to be more difficult than I thought to send email from one machine on a LAN to another. Is there some line I could add to sendmail.mc which would enable this? On my network, I also need to set SMART_HOST in sendmail.mc to the mail relay host provided by my ISP. Fred New Systems Administrator AS MicroLink Eesti Tallinn, Estonia -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wednesday 04 June 2008 19:35:31 Dave Burns wrote: OP seems to have two problems: 1) sendmail is not configured correctly, email sent by cron jobs is not delivered. 2) He would like to send mail to an address which is broken, either the domain doers not exist or DNS not working right? Could it be that his machine has the hostname set as 'alfred' and is on the gayleard.com network, so thinks of itself as alfred.gayleard.com, but his ISP (gayleard?) has not set things up so that DNS can resolve that name? Anyhow, logwatch may or may not be configured correctly, but the reports will never show up until sendmail gets configured properly. His ISP should be able to help? Mine would probably tell me to go buy a windoze PC. It might be simpler to have logwatch send the reports to an external account, like gmail or yahoo, but that still requires sendmail to work for sending email. I've seen threads like this before, and it always amazes me how hard it is to do under sendmail, when postfix handles it so easily. Anne signature.asc Description: This is a digitally signed message part. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Craig White wrote: Speaking of which, you could try changing the mailto field in /etc/logwatch/conf/logwatch.conf. This file was empty (except for a comment line) on my Fedora-9 system. But I've added --- MailTo = [EMAIL PROTECTED] MailFrom = Logwatch --- and will see if this does the trick. it won't # host alfred.gayleard.com Host alfred.gayleard.com not found: 3(NXDOMAIN) # host helen.gayleard.com Host helen.gayleard.com not found: 3(NXDOMAIN) # host gayleard.com gayleard.com has address 86.43.71.228 gayleard.com mail is handled by 10 mail.gayleard.com. no known host names for alfred.gayleard.com or helen.gayleard.com but there is a gayleard.com and a mail.gayleard.com - those are usable... I realize that these names are not known to the real world. But I imagine that there must be some way of sending email from one machine on a LAN to another without going outside the LAN. Or at least a way of sending the logwatch report along the LAN. In fact, I know I used to do this. IIRC this was effected simply by giving the name of the machine that I wanted the logwatch to be sent to, in /etc/aliases . But if that ever worked it does not appear to now. I suspect that there has been some change in sendmail, or at least in the default sendmail.mc . -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wed, 2008-06-04 at 19:52 +0100, Timothy Murphy wrote: Craig White wrote: Speaking of which, you could try changing the mailto field in /etc/logwatch/conf/logwatch.conf. This file was empty (except for a comment line) on my Fedora-9 system. But I've added --- MailTo = [EMAIL PROTECTED] MailFrom = Logwatch --- and will see if this does the trick. it won't # host alfred.gayleard.com Host alfred.gayleard.com not found: 3(NXDOMAIN) # host helen.gayleard.com Host helen.gayleard.com not found: 3(NXDOMAIN) # host gayleard.com gayleard.com has address 86.43.71.228 gayleard.com mail is handled by 10 mail.gayleard.com. no known host names for alfred.gayleard.com or helen.gayleard.com but there is a gayleard.com and a mail.gayleard.com - those are usable... I realize that these names are not known to the real world. But I imagine that there must be some way of sending email from one machine on a LAN to another without going outside the LAN. Or at least a way of sending the logwatch report along the LAN. In fact, I know I used to do this. IIRC this was effected simply by giving the name of the machine that I wanted the logwatch to be sent to, in /etc/aliases . But if that ever worked it does not appear to now. I suspect that there has been some change in sendmail, or at least in the default sendmail.mc . You would have to have dns set up locally (on your lan) and configure a particular server (or more than one) to accept mail for those domains...that's the way e-mail works. Craig -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wed, Jun 4, 2008 at 8:52 AM, Timothy Murphy [EMAIL PROTECTED] wrote: I realize that these names are not known to the real world. But I imagine that there must be some way of sending email from one machine on a LAN to another I can think of four ways, there could be more: * use 'real' DNS * make your own DNS server locally * put name in /etc/hosts * use raw IP number /etc/hosts is easy, but will break whenever the IP numbers change. Dave -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wed, 2008-06-04 at 09:05 -1000, Dave Burns wrote: On Wed, Jun 4, 2008 at 8:52 AM, Timothy Murphy [EMAIL PROTECTED] wrote: I realize that these names are not known to the real world. But I imagine that there must be some way of sending email from one machine on a LAN to another I can think of four ways, there could be more: * use 'real' DNS * make your own DNS server locally * put name in /etc/hosts * use raw IP number /etc/hosts is easy, but will break whenever the IP numbers change. unless I am missing something here, mail will still not work because it will still query for a MX record for the domain and thus /etc/hosts is not suitable for mail handling Craig -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
g wrote: also curious if you have considered either a cron to copy files over your own lan to like '/var/log/lan.new/*.timestamp'. another cron or what ever to kick them into logwatch. read about it in one of my networking books. said to be easier and better. have not had need to try. Not quite the same idea, but I know I can pretend send email from helen to alfred by something like echo message | ssh [EMAIL PROTECTED] mail -s 'subject' tim -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
RE: Logwatch report on another machine?
Frederick William New wrote: How can I get the logwatch report on one machine (helen.gayleard.com) sent to another machine (alfred.gayleard.com) on the same LAN? It seems to be more difficult than I thought to send email from one machine on a LAN to another. Is there some line I could add to sendmail.mc which would enable this? On my network, I also need to set SMART_HOST in sendmail.mc to the mail relay host provided by my ISP. Well, I do that anyway. But that means all my email is sent to my ISP to deliver. I want local email to be sent directly. I thought mailer(LOCAL) in sendmail.mc did this, but it doesn't appear to on my system. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
RE: Logwatch report on another machine?
On Wed, 2008-06-04 at 20:33 +0100, Timothy Murphy wrote: Frederick William New wrote: How can I get the logwatch report on one machine (helen.gayleard.com) sent to another machine (alfred.gayleard.com) on the same LAN? It seems to be more difficult than I thought to send email from one machine on a LAN to another. Is there some line I could add to sendmail.mc which would enable this? On my network, I also need to set SMART_HOST in sendmail.mc to the mail relay host provided by my ISP. Well, I do that anyway. But that means all my email is sent to my ISP to deliver. I want local email to be sent directly. I thought mailer(LOCAL) in sendmail.mc did this, but it doesn't appear to on my system. in this case, local means local (on the same computer) as I said, if you want to deliver mail on your local network...you're gonna have to set up DNS and a system to act as MX for your local network. Also on that system, you will need to make it a POP3/IMAP server so you can retrieve mail. Craig -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Craig White wrote: On Wed, 2008-06-04 at 20:33 +0100, Timothy Murphy wrote: Frederick William New wrote: How can I get the logwatch report on one machine (helen.gayleard.com) sent to another machine (alfred.gayleard.com) on the same LAN? It seems to be more difficult than I thought to send email from one machine on a LAN to another. Is there some line I could add to sendmail.mc which would enable this? On my network, I also need to set SMART_HOST in sendmail.mc to the mail relay host provided by my ISP. Well, I do that anyway. But that means all my email is sent to my ISP to deliver. I want local email to be sent directly. I thought mailer(LOCAL) in sendmail.mc did this, but it doesn't appear to on my system. in this case, local means local (on the same computer) as I said, if you want to deliver mail on your local network...you're gonna have to set up DNS and a system to act as MX for your local network. Sendmail should fall back to A records if no MX exists, and it should accept any names you've added to /etc/mail/local-host-names (requires a sendmail restart) as local regardless of what DNS says. If you want network-local mail delivered to some other machine you can define MAIL_HUB in sendmail.mc with approximately the same syntax as SMART_HOST (i.e. use []'s around literal IPs or hostnames where you want to skip the MX lookup). Then mail determined to be local will go to the MAIL_HUB and you can still send outside mail to a different SMART_HOST. Also on that system, you will need to make it a POP3/IMAP server so you can retrieve mail. Or run mail/mutt, or something that knows how to read the inbox directly. -- Les Mikesell [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Dave Burns wrote: OP seems to have two problems: 1) sendmail is not configured correctly, email sent by cron jobs is not delivered. 2) He would like to send mail to an address which is broken, either the domain doers not exist or DNS not working right? Could it be that his machine has the hostname set as 'alfred' and is on the gayleard.com network, so thinks of itself as alfred.gayleard.com, but his ISP (gayleard?) has not set things up so that DNS can resolve that name? Actually, I am not running a sendmail server in this sense on my system. I don't think port 25 is open to incoming packets. I don't really want my logwatch report to go to my ISP. If I did there would be no problem, I would send the email to [EMAIL PROTECTED] , which is my email address. My hope is that it is possible to send email locally without involving anything outside one's own system. I still believe there must be some simple change one can make to sendmail.mc which would allow this. Anyhow, logwatch may or may not be configured correctly, but the reports will never show up until sendmail gets configured properly. His ISP should be able to help? Mine would probably tell me to go buy a windoze PC. I think this is a misunderstanding of what I am trying to do. I could easily send my logwatch report to the machine I want (alfred) by posting it to [EMAIL PROTECTED] , my email address. I collect my mail by fetchmail from my ISP every 5 minutes. (I also collect it from 2 other servers, including gmail.com , as well as a UUCP feed.) But I think it must be possible to process and deliver it locally, and am trying to find out if this belief is justified. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Dave Burns wrote: I realize that these names are not known to the real world. But I imagine that there must be some way of sending email from one machine on a LAN to another I can think of four ways, there could be more: * use 'real' DNS * make your own DNS server locally * put name in /etc/hosts * use raw IP number /etc/hosts is easy, but will break whenever the IP numbers change. All the names of local machines appear in /etc/hosts in all machines with fully qualified names, and their (local) IP addresses never change: 192.168.2.1 alfred alfred.gayleard.com 192.168.2.2 helen helen.gayleard.com -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Craig White wrote: /etc/hosts is easy, but will break whenever the IP numbers change. unless I am missing something here, mail will still not work because it will still query for a MX record for the domain and thus /etc/hosts is not suitable for mail handling But does sendmail always query for an MX record? It seems to me from /var/log/maillog that sendmail (a) knows that it is running on helen.gayleard.com , and (b) recognizes that alfred.gayleard.com is on the same LAN. But it still sends the email to my ISP. Maybe I shouldn't define(`SMART_HOST', `smtp.eircom.net')dnl ? -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Les Mikesell wrote: Sendmail should fall back to A records if no MX exists, and it should accept any names you've added to /etc/mail/local-host-names (requires a sendmail restart) as local regardless of what DNS says. If you want network-local mail delivered to some other machine you can define MAIL_HUB in sendmail.mc with approximately the same syntax as SMART_HOST (i.e. use []'s around literal IPs or hostnames where you want to skip the MX lookup). Then mail determined to be local will go to the MAIL_HUB and you can still send outside mail to a different SMART_HOST. Thanks, I'll try that and tell you what happens. As I said, it used to be simple to forward logwatch to a local machine. (I'm thinking 2 or 3 years ago, possibly pre-Fedora, on Redhat systems.) I'm not sure what has changed. Also on that system, you will need to make it a POP3/IMAP server so you can retrieve mail. I'm actually running a dovecot/IMAP server on the machine, alfred, that I want the email sent to. I read my email on my laptops from this server. This works beautifully. -- Timothy Murphy e-mail: gayleard /at/ eircom.net tel: +353-86-2336090, +353-1-2842366 s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wed, Jun 4, 2008 at 11:40 AM, Timothy Murphy [EMAIL PROTECTED] wrote: Dave Burns wrote: OP seems to have two problems: 1) sendmail is not configured correctly, email sent by cron jobs is not delivered. 2) He would like to send mail to an address which is broken, either the domain doers not exist or DNS not working right? Could it be that his machine has the hostname set as 'alfred' and is on the gayleard.com network, so thinks of itself as alfred.gayleard.com, but his ISP (gayleard?) has not set things up so that DNS can resolve that name? Actually, I am not running a sendmail server in this sense on my system. Which one? You need something running on helen so that email can be sent, something else running on alfred so the email can be received. I don't think port 25 is open to incoming packets. Well, if that is the system where you want to receive email, that would explain why you don't receive any. If on the other system, irrelevant. I don't really want my logwatch report to go to my ISP. My hope is that it is possible to send email locally without involving anything outside one's own system. It is possible but not easy, at leatst for me. I still believe there must be some simple change one can make to sendmail.mc which would allow this. On helen, the change would be simple. But the other system would not be easy, at least for me, not a sendmail expert. Anyhow, logwatch may or may not be configured correctly, but the reports will never show up until sendmail gets configured properly. His ISP should be able to help? Mine would probably tell me to go buy a windoze PC. I think this is a misunderstanding of what I am trying to do. More of a why make this so hard? I could easily send my logwatch report to the machine I want (alfred) by posting it to [EMAIL PROTECTED] , my email address. I collect my mail by fetchmail from my ISP every 5 minutes. (I also collect it from 2 other servers, including gmail.com , as well as a UUCP feed.) But I think it must be possible to process and deliver it locally, and am trying to find out if this belief is justified. Hmm, if you're a fetchmail guru, why not use that? Send the logwatch reports to [EMAIL PROTECTED], then on Alfred use fetchmail every 5 minutes to fetch [EMAIL PROTECTED]'s mail. Dave -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Tue, Jun 3, 2008 at 4:56 PM, Timothy Murphy [EMAIL PROTECTED] wrote: How can I get the logwatch report on one machine (helen.gayleard.com) sent to another machine (alfred.gayleard.com) on the same LAN? I tried editing /etc/aliases on the first machine, changing the last line to root: [EMAIL PROTECTED] (and running newaliases) but this did not do the trick. I also tried adding MAILER(local) in sendmail.mc on helen (and restarting sendmail), but this appeared to have no effect. I'm not sure what MAILER(local) means? It seems to be more difficult than I thought to send email from one machine on a LAN to another. Is there some line I could add to sendmail.mc which would enable this? Any advice or suggestions gratefully received. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Timothy, It's been awhile since I last played with sendmail, but last I remember is that in a fresh Fedora install the problem had to do with properly setting MTAHost in /etc/mail/submit.cf. The setting may be different on other systems. # diff submit.cf_org submit.cf 112c112 D{MTAHost}[localhost] --- D{MTAHost}[smtp] I went trough the same drill as you, so maybe you just need that setting. ~af -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wed, 2008-06-04 at 23:07 +0100, Timothy Murphy wrote: Maybe I shouldn't define(`SMART_HOST', `smtp.eircom.net')dnl If you have a properly set up local DNS and mail system, then your internal mail will be handled all internally, and mail that goes to outside addresses will be relayed from your SMTP server to the ISP's. That's the smart part about it - it working out what's internal or external, and routing things accordingly. SMTP will do MX checks to send mail. If it gets an answer from a server, it'll use it. So having some answer from a DNS server will overrule having a different answer in your hosts file. Internal mail is much easier if you do everything properly, any half baked notions will come back to bite you. Have your SMTP server at a fixed address, likewise for POP or IMAP. If your system uses DHCP and dynamic addresses, then either use your DHCP server to always give it the same address, or configure that server without using DHCP. Use a different sub-domain for local addresses than external ones, if each machine doesn't have real public addresses that are externally accessible. e.g. If you own example.com, and use it publicly, then use something like lan.example.com for your LAN addressing. Trying to use invented names and mixing them up with the real public internet is a recipe for disaster. Make sure internal names are not the same as ones used outside. Have a local DNS server that resolves all machine names in both directions. e.g. mail.lan.example.com resolves to 192.168.1.123 and 192.168.1.23 resolves to mail.lan.example.com Have a proper MX record in your local domain records. e.g. MX 1 mail.example.com Avoid playing silly games with putting machine hostnames into the localhost configuration lines in /etc/hosts. -- [EMAIL PROTECTED] ~]$ uname -r 2.6.25.3-18.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
Fedora uses syslogd to provide a syslog service. The default configuration of syslogd rejects messages from remote systems. To configure a Fedora system to accept log messages from other systems on the network, edit the file /etc/sysconfig/syslog. You must use root privileges to edit the file /etc/sysconfig/syslog. Add the option -r to the SYSLOGD_OPTIONS: SYSLOGD_OPTIONS=-m 0 -r Restart the syslogd service to apply the change: su -c '/sbin/service syslog restart' By default, the syslog service listens on UDP port 514. On Wed, Jun 4, 2008 at 2:56 AM, Timothy Murphy [EMAIL PROTECTED] wrote: How can I get the logwatch report on one machine (helen.gayleard.com) sent to another machine (alfred.gayleard.com) on the same LAN? I tried editing /etc/aliases on the first machine, changing the last line to root: [EMAIL PROTECTED] (and running newaliases) but this did not do the trick. I also tried adding MAILER(local) in sendmail.mc on helen (and restarting sendmail), but this appeared to have no effect. I'm not sure what MAILER(local) means? It seems to be more difficult than I thought to send email from one machine on a LAN to another. Is there some line I could add to sendmail.mc which would enable this? Any advice or suggestions gratefully received. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list -- Be the change you want to see in the world ! Mahatma Gandhi -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: Logwatch report on another machine?
On Wed, 2008-06-04 at 02:54 +0100, Timothy Murphy wrote: Dave Burns wrote: How can I get the logwatch report on one machine (helen.gayleard.com) sent to another machine (alfred.gayleard.com) on the same LAN? I tried editing /etc/aliases on the first machine, changing the last line to root: [EMAIL PROTECTED] (and running newaliases) but this did not do the trick. That should be good enough, *if* sendmail is working on that machine and that address doesn't bounce. If you do echo 'testing the client'|mutt -s 'testing client' [EMAIL PROTECTED] do you ever get the email? First of all, thanks for your response. I tried the above command, but the mail did not get through. Looking at /var/log/maillog on helen I see the lines --- Jun 4 02:27:56 helen sendmail[10504]: m541RtCq010504: [EMAIL PROTECTED], ctladdr=tim (500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30326, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m541Rtds010505 Message accepted for delivery) Jun 4 02:27:56 helen sendmail[10507]: m541Rtds010505: to=[EMAIL PROTECTED], ctladdr=[EMAIL PROTECTED] (500/500), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120482, relay=smtp.eircom.net [159.134.198.135], dsn=5.6.0, stat=Dataformat error Jun 4 02:27:56 helen sendmail[10507]: m541Rtds010505: m541Ruds010507: DSN: Data format error --- I suspect this means the email was sent to my ISP, eircom.net , who rejected the email on the grounds the address was unknown or wrong. I am also assuming you haven't tweaked the default config of logwatch. Speaking of which, you could try changing the mailto field in /etc/logwatch/conf/logwatch.conf. This file was empty (except for a comment line) on my Fedora-9 system. But I've added --- MailTo = [EMAIL PROTECTED] MailFrom = Logwatch --- and will see if this does the trick. it won't # host alfred.gayleard.com Host alfred.gayleard.com not found: 3(NXDOMAIN) # host helen.gayleard.com Host helen.gayleard.com not found: 3(NXDOMAIN) # host gayleard.com gayleard.com has address 86.43.71.228 gayleard.com mail is handled by 10 mail.gayleard.com. no known host names for alfred.gayleard.com or helen.gayleard.com but there is a gayleard.com and a mail.gayleard.com - those are usable... Craig -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Re: yum.log and logwatch
On 2006-09-14 13:03:17 -0400, Matthew Miller wrote: On Tue, Sep 12, 2006 at 09:54:02AM +0200, Nils Breunese (Lemonbit Internet) wrote: at the bottom of the file. Apparently the entries in yum.log do not contain years in their dates, so logwatch doesn't know these updates were installed a year ago instead of now. It's definitely an annoying problem. Newer yum can log to syslog, which will solve this. Syslog doesn't contain a year either. But on most machines the syslog files are rotated more than once per year ;-) hp -- _ | Peter J. Holzer| If I wanted to be academically correct, |_|_) | Sysadmin WSR | I'd be programming in Java. | | | [EMAIL PROTECTED] | I don't, and I'm not. __/ | http://www.hjp.at/ | -- Jesse Erlbaum on dbi-users pgpAngiUV0mMz.pgp Description: PGP signature -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Re: yum.log and logwatch
On Tue, Sep 12, 2006 at 09:54:02AM +0200, Nils Breunese (Lemonbit Internet) wrote: at the bottom of the file. Apparently the entries in yum.log do not contain years in their dates, so logwatch doesn't know these updates were installed a year ago instead of now. Is this something I should report or has this been fixed in more recent yum versions? I realize FC3 is only getting security updates these days and I guess this is not really a security issue (although for a short moment I thought someone must have had unauthorized access to my box). It's definitely an annoying problem. Newer yum can log to syslog, which will solve this. -- Matthew Miller [EMAIL PROTECTED] http://mattdm.org/ Boston University Linux -- http://linux.bu.edu/ -- fedora-legacy-list mailing list fedora-legacy-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-list
Fedora Core 5 Update: logwatch-7.2.1-1.fc5
- Fedora Update Notification FEDORA-2006-270 2006-04-04 - Product : Fedora Core 5 Name: logwatch Version : 7.2.1 Release : 1.fc5 Summary : A log file analysis program. Description : Logwatch is a customizable, pluggable log-monitoring system. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Easy to use - works right out of the package on many systems. - * Tue Apr 4 2006 Ivana Varekova [EMAIL PROTECTED] 7.2.1-1.fc5 - update to 7.2.1 - add new service patches - This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ 6a9de79edb31b601d59ae445d0e56c95842ea604 SRPMS/logwatch-7.2.1-1.fc5.src.rpm d39158b33806d72c3bd2c9c5acc9ead15da3c38c ppc/logwatch-7.2.1-1.fc5.noarch.rpm d39158b33806d72c3bd2c9c5acc9ead15da3c38c x86_64/logwatch-7.2.1-1.fc5.noarch.rpm d39158b33806d72c3bd2c9c5acc9ead15da3c38c i386/logwatch-7.2.1-1.fc5.noarch.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. - -- fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list
Fedora Core 4 Update: logwatch-7.2.1-1.fc4
- Fedora Update Notification FEDORA-2006-202 2006-03-22 - Product : Fedora Core 4 Name: logwatch Version : 7.2.1 Release : 1.fc4 Summary : A log file analysis program. Description : LogWatch is a customizable log analysis system. LogWatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. LogWatch is easy to use and claims that it will work right out of the package on almost all systems. Note that LogWatch now analyzes Samba logs. - Update Information: This new version of logwatch package fixes problems with --splithosts option and contains a lot of services updates. - * Wed Mar 22 2006 Ivana Varekova [EMAIL PROTECTED] 7.2.1-1.fc4 - update to 7.2.1 (#185758) - add/update pam_unix, http, sshd, smart, named, audit, secure and mountd patches - This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 13087c5574a3aee59a0230f97d5de39439e86a46 SRPMS/logwatch-7.2.1-1.fc4.src.rpm dea558d2036118cd5c1bfbe6533170b855133997 ppc/logwatch-7.2.1-1.fc4.noarch.rpm dea558d2036118cd5c1bfbe6533170b855133997 x86_64/logwatch-7.2.1-1.fc4.noarch.rpm dea558d2036118cd5c1bfbe6533170b855133997 i386/logwatch-7.2.1-1.fc4.noarch.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. - -- fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list
Fedora Core 4 Update: logwatch-7.0-2.fc4
- Fedora Update Notification FEDORA-2006-048 2006-01-20 - Product : Fedora Core 4 Name: logwatch Version : 7.0 Release : 2.fc4 Summary : A log file analysis program. Description : LogWatch is a customizable log analysis system. LogWatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. LogWatch is easy to use and claims that it will work right out of the package on almost all systems. Note that LogWatch now analyzes Samba logs. - Update Information: Update logwatch services (named, smartd) and logwatch man page. - * Fri Jan 20 2006 Ivana Varekova [EMAIL PROTECTED] 7.0-2.fc4 - fix bug 172073 (man page problem) - fix bug 171631 (named service problem) - fix smartd service - This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 4d4a7811b915d2ed207223ebf72e7ffa9e9ebaa0 SRPMS/logwatch-7.0-2.fc4.src.rpm 2a1337c77b1e01264dbc30a0dc71f79d36c4f6fa ppc/logwatch-7.0-2.fc4.noarch.rpm 2a1337c77b1e01264dbc30a0dc71f79d36c4f6fa x86_64/logwatch-7.0-2.fc4.noarch.rpm 2a1337c77b1e01264dbc30a0dc71f79d36c4f6fa i386/logwatch-7.0-2.fc4.noarch.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. - -- fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list