Herr Bischoff

Using Logwatch Alongside Kerio Connect on Linux

Another problem that was driving me nuts. On the one hand, Logwatch absolutely refuses to send from any other address than root. Yes: root. No matter which setting you change. It needs to run as root to get access to all log files. On the other hand, Kerio Connect quite eloquently denies this with 550 5.1.3 Bad address syntax.

What I did is change the way the report gets created and sent.

Open the Logwatch cronjob.

vi /etc/cron.daily/00logwatch

Change the default logwatch command to the commands below.

/usr/sbin/logwatch --output file --filename /tmp/logwatch --detail high
cat /etc/logwatch/header /tmp/logwatch | /opt/kerio/mailserver/sendmail -i -t
rm /tmp/logwatch

Writing to /tmp is insecure and only done here because the server is not accessible via SSH for anyone but me. You most certainly want to create a separate folder for the temp file and secure it properly.

Create the header file /etc/logwatch/header with a simple email header part.

From: user@example.com
To: user@example.com
Subject: Logwatch for host.example.com (Linux)

Make sure both email addresses are local and active in Kerio. An alias is sufficient for this. This is because unauthenticated clients are not allowed to relay mail, which is a good thing. Also, make sure to leave an empty line at the end.

Run /etc/cron/etc/cron.daily/00logwatch and check your email.