Logwatch is not respecting MailFrom

email email-server smtp ssmtp logwatch

I've gone through today to setup Logwatch on my server and have installed this all successfully.

I've followed this guide on Digital Ocean and set the MailFrom parameter to:

MailFrom = [email protected]

I'm using ssmtp to send emails using my Postmark App account and it is coming through on my Postmark activity feed but it is showing the From field being set as root.

SMTP API Error for [email protected]: Invalid 'From' address: 'root'.

Looking at the raw source of the email trying to be sent it shows this line:

From: root

This is the command I am using to generate the send:

sudo logwatch --detail Low --mailto [email protected] --service http --range today

Where am I going wrong or what can I do to get it sending as [email protected] as Postmark require the from address to be correctly sent otherwise it won't allow it through and returns an error

Further details

Logwatch version: Logwatch 7.4.0 (released 03/01/11)
System: Debian 8 (Jessie)
Using sSMTP on my server to send emails from Postmark Debug log:

Config After Command Line Parsing:
supress_ignores -> 0
pathtozcat -> zcat
html_header -> /usr/share/logwatch/default.conf/html/header.html
logdir -> /var/log
hostlimit ->
encode -> none
subject ->
mailfrom -> root
format -> html
numeric -> 0
tmpdir -> /tmp
html_wrap -> 80
pathtobzcat -> bzcat
detail -> 0
range -> yesterday
hostformat -> none
debug -> 10
output -> mail
mailer -> /usr/sbin/sendmail -t
hostname -> game
html_footer -> /usr/share/logwatch/default.conf/html/footer.html
archives -> 1
pathtocat -> cat
mailto -> [email protected]
filename ->

Solution 1:

After a tonne of investigation, I've tracked down the cause.

Logwatch processes /usr/share/logwatch/dist.conf/logwatch.conf after processing /usr/share/logwatch/default.conf/logwatch.conf.

Inside /usr/share/logwatch/dist.conf/logwatch.conf was three config lines:

  • mailer
  • TmpDir
  • MailFrom

It was here that MailFrom was set to root which was causing the issues. After updating it to [email protected] it all worked fine!

Solution 2:

Unfortunately the Digital Ocean article is misleading on an important point. The logwatch configuration file should be copied (see e.g. https://help.ubuntu.com/community/Logwatch) to become /etc/logwatch/conf/logwatch.conf before being edited. Provided there is a config file at the /etc location, logwatch will prioritise the /etc file over the defaults (or even ignore the defaults, I'm not sure which). This is mentioned in the comments below the article, but like you, I didn't read the comments before going ahead with implementation. That's how I finished up here!

Related

How can I enable Ping on an Azure Linux VM
Adding more mirrored vdevs to a ZFS pool on Ubuntu
Shrink partition to exactly fit the underlying filesystem size
Hosting DKIM records on a separate nameservers
Access Denied when syncing between s3 buckets on different AWS accounts
Clustering and/or Hyper-V replica?
Get Start Button Back in Win Server 2012
How to recreate a google compute engine vm from one project in another project?
nginx php-fpm child exited with code 0
How do I get yarn installed on elastic beanstalk?
When the Exchange Information Store Service stops, what's impacted?
EMC ScaleIO vs Starwind Virtual SAN