LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 02-22-2002, 03:12 PM   #1
magyartoth
Member
 
Registered: Feb 2002
Location: Pittsburgh, PA, USA
Posts: 73

Rep: Reputation: 15
Angry sendmail.log


I have a file called sendmail.log that logs EVERY part of every piece of email that comes through my Red Hat 6.2 system. This is really bad for disk space...problem is, I can't figure out how to stop it. I have checked my syslog.conf file and it's not listed in there.

Does anyone know where else I could look to turn it off?

Thanks
 
Old 02-22-2002, 08:50 PM   #2
notsoevil
Member
 
Registered: May 2001
Location: Louisville, Kentucky, USA
Distribution: RedHat ES
Posts: 120

Rep: Reputation: 15
If you don't want to log sendmail, then don't run sendmail at all -- why are you running sendmail if you don't know HOW to run sendmail?

Shut it down (find the pid file or use ps to get it), then disable it from starting up in your rc* scripts -- on RedHat you can use chkconfig like so:

#> chkconfig --levels 123456 sendmail off

From now on, use a remote SMTP server to send mail -- till you want to -use- sendmail appropriately.
 
Old 02-23-2002, 03:48 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Look in your /etc/(mail/)sendmail.cf for a line called "OL" or "O LogLevel" it usually says something like "OL9" or "O LogLevel=9".
If you've got a line in your /etc/syslog.conf looks like "mail.*<tab>/var/log/mail.log" it will log to that separate file. Also check your /etc/logrotate.d/(send)mail settings, you can specify logfile rotating settings there like when it's rotated (daily,weekly) sizes (1G,10Mb) and how much logfiles you want to keep, hell you can even add pre/post processing maillog files.

I somewhat agree with notsoevil you should know what you're running sendmail for, and how to configure and secure it. To *send* mail to another box you don't need to run sendmail as a daemon.
 
Old 02-23-2002, 01:31 PM   #4
magyartoth
Member
 
Registered: Feb 2002
Location: Pittsburgh, PA, USA
Posts: 73

Original Poster
Rep: Reputation: 15
LogLevel is 9, and the only log that syslog.conf is pointing to in relation to sendmail is mail.log. Other than this log problem, everything else works fine.

Everybody has trouble with one program or another at some point and to suggest that they just stop using it when they ask for help is kind of silly. Did I post in the wrong forum?
 
Old 02-23-2002, 06:10 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
About the stopping thing I agree it sounds rather harsh, but OTOH Linux is too powerfull to carry on w/o serious RTM'ing.

Maybe hop on over to cert.org and enter "sendmail" in the searchbox and see what vulnerabilities surface so you get a general idea. Search for the "Unix checklist". Now hop on over to linuxdoc.org and search for "Securing Optimizing Linux" or use Tricky's siglink.

Btw loglevel in sendmail is:
0 No logging.
1 Serious system failures and potential security problems.
2 Lost communications (network problems) and protocol failures.
3 Other serious failures.
4 Minor failures.
5 Message collection statistics.
6 Creation of error messages, VRFY and EXPN commands.
7 Delivery failures (host or user unknown, etc.).
8 Successful deliveries and alias database rebuilds.
9 Messages being deferred (due to a host being down, etc.).
10 Database expansion (alias, forward, and userdb lookups).
20 Logs attempts to run locked queue files. These are not errors, but can be useful to note if your queue appears to be clogged.
30 Lost locks (only if using lockf instead of flock).

Also have a look if you need to bump up the level in syslog.conf (man syslog.conf).

Btw, you say all is working fine, but *how* do you know/check that?.. :-]
 
Old 02-23-2002, 07:07 PM   #6
magyartoth
Member
 
Registered: Feb 2002
Location: Pittsburgh, PA, USA
Posts: 73

Original Poster
Rep: Reputation: 15
trust me...I read manuals as a part time job. I have the classic 'sendmail' book from O'Rielly, and one geared towards linux. Plus a printout of the sendmail faq...but sometimes it takes interacting with other humans to get things solved..


I use "ps -aux | grep sendmail | grep acc" to see if it is(acc)epting connections...I know, crude, but it works. Plus email is being sent and received and always has been. I just want to zap this log. I only have ~100 users to worry about, but this damn sendmail.log fills up quick.

All the other logs are working fine, it's just this one seemingly rogue sendmail log in /usr/spool that is bugging me. I can't find a reference to it anywhere...not syslog.conf or sendmail.cf.

 
Old 02-23-2002, 08:07 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Hmm. I think it's weird having any of this in /usr/spool. Try "fuser -uv /path/to/filename", it should show you what user/process the file is used by, then check if that still matches sendmails PID. For cleaning up I'd use logrotate, specify a maxsize for the file so when you run it hourly this file get's done, maybe add some preprocessing so you filter out the needed stuff before you rotate it. *You *may* have to use the "-f" flag on logrotate at "normal" logrotate time, cuz usually running from a cron.daily it won't process files that have no rule based on size twice a day.

HTH somehow.

Last edited by unSpawn; 02-23-2002 at 08:08 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail Log question JediKnight2 Linux - Security 2 09-27-2005 09:43 PM
sendmail log question gauge73 Linux - Networking 3 07-13-2005 05:06 PM
Sendmail: no log!!! J_Szucs Linux - Software 1 02-27-2004 04:27 AM
sendmail log level markus1982 Linux - Networking 0 12-09-2002 03:36 AM
HUGE sendmail log magyartoth Linux - General 2 02-19-2002 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 12:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration