Logwatch is not respecting MailFrom
I've gone through today to setup Logwatch on my server and have installed this all successfully.
I've followed this guide on Digital Ocean and set the MailFrom
parameter to:
MailFrom = [email protected]
I'm using ssmtp to send emails using my Postmark App account and it is coming through on my Postmark activity feed but it is showing the From field being set as root.
SMTP API Error for [email protected]: Invalid 'From' address: 'root'.
Looking at the raw source of the email trying to be sent it shows this line:
From: root
This is the command I am using to generate the send:
sudo logwatch --detail Low --mailto [email protected] --service http --range today
Where am I going wrong or what can I do to get it sending as [email protected]
as Postmark require the from address to be correctly sent otherwise it won't allow it through and returns an error
Further details
Logwatch version: Logwatch 7.4.0 (released 03/01/11)
System: Debian 8 (Jessie)
Using sSMTP on my server to send emails from Postmark
Debug log:
Config After Command Line Parsing:
supress_ignores -> 0
pathtozcat -> zcat
html_header -> /usr/share/logwatch/default.conf/html/header.html
logdir -> /var/log
hostlimit ->
encode -> none
subject ->
mailfrom -> root
format -> html
numeric -> 0
tmpdir -> /tmp
html_wrap -> 80
pathtobzcat -> bzcat
detail -> 0
range -> yesterday
hostformat -> none
debug -> 10
output -> mail
mailer -> /usr/sbin/sendmail -t
hostname -> game
html_footer -> /usr/share/logwatch/default.conf/html/footer.html
archives -> 1
pathtocat -> cat
mailto -> [email protected]
filename ->
Solution 1:
After a tonne of investigation, I've tracked down the cause.
Logwatch processes /usr/share/logwatch/dist.conf/logwatch.conf
after processing /usr/share/logwatch/default.conf/logwatch.conf
.
Inside /usr/share/logwatch/dist.conf/logwatch.conf
was three config lines:
mailer
TmpDir
MailFrom
It was here that MailFrom
was set to root
which was causing the issues. After updating it to [email protected]
it all worked fine!
Solution 2:
Unfortunately the Digital Ocean article is misleading on an important point. The logwatch configuration file should be copied (see e.g. https://help.ubuntu.com/community/Logwatch) to become /etc/logwatch/conf/logwatch.conf before being edited. Provided there is a config file at the /etc location, logwatch will prioritise the /etc file over the defaults (or even ignore the defaults, I'm not sure which). This is mentioned in the comments below the article, but like you, I didn't read the comments before going ahead with implementation. That's how I finished up here!