Just Ian
2014-06-07 18:55:49 UTC
I am much more familiar with Postfix, so please forgive me if I have
done something really silly.
I have a server with, amongst other things, exim4, logwatch and
fail2ban on it. The latter two are the only things that send mail and
nothing receives any. Because of this, I went for the simplest
'connected all the time' setup I could find in the documentation:
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='internet'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
Logwatch is sending mail fine:
/etc/logwatch/conf/override.conf
# Mail results to me, rather than sending to stdout
logwatch: Output = mail
logwatch: MailTo = ***@example.com
/var/log/exim4/mainlog
2014-06-07 07:24:51 Start queue run: pid=16329
2014-06-07 07:24:51 End queue run: pid=16329
2014-06-07 07:37:53 1WtB9c-0004If-My <= ***@example2.com U=root P=local S=39747
2014-06-07 07:37:53 1WtB9c-0004If-My => ***@example.com R=dnslookup
T=remote_smtp H=mail.example.com [12.34.56.78]
X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
DN="C=GB,ST=Nottinghamshire,L=Newark,O=example,CN=mail.example.com,EMAIL=***@example.com"
2014-06-07 07:37:53 1WtB9c-0004If-My Completed
etc
But Fail2Ban isn't. If I tell it to use the sendmail method, it
generates errors in the fail2ban log files and no mail is sent
/etc/fail2ban/jail.local
mta = sendmail
/var/log/fail2ban.log
2014-06-03 18:43:20,213 fail2ban.jail : INFO Jail 'ssh' started
2014-06-03 18:43:20,263 fail2ban.actions.action: ERROR printf %b
"Subject: [Fail2Ban] ssh: started
Date: `date -u +"%a, %d %h %Y %T +0000"`
From: Fail2Ban <fail2ban>
To: ***@example.com\n
Hi,\n
The jail ssh has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f fail2ban ***@example.com returned 8b00
But if I do..
echo "Hello me" | sendmail -f fail2ban ***@example.com
at the command line, which is basically what the Python script of
fail2ban does (and the Perl of logwatch) it works.
If I tell fail2ban to use the old mail protocol, it appears to work,
but nothing actually gets sent because the sendmail emulation
segfaults:
/etc/fail2ban/jail.local
mta = sendmail
/var/log/exim4/mainlog
(nothing)
/var/log/syslog
Jun 7 08:44:19 example2 kernel: [320629.730862] sendmail[17581]:
segfault at bf98a3f4 ip b767acad sp bf98a2c0 error 6 in
exim4[b7670000+df000]
Jun 7 08:46:12 example2 kernel: [320742.561156] sendmail[17629]:
segfault at bf972034 ip b763acad sp bf971f00 error 6 in
exim4[b7630000+df000]
etc (the address varies, I presume because it's loaded at different
places in memory)
What am I doing wrong?
Ian
done something really silly.
I have a server with, amongst other things, exim4, logwatch and
fail2ban on it. The latter two are the only things that send mail and
nothing receives any. Because of this, I went for the simplest
'connected all the time' setup I could find in the documentation:
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file
dc_eximconfig_configtype='internet'
dc_other_hostnames=''
dc_local_interfaces='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
Logwatch is sending mail fine:
/etc/logwatch/conf/override.conf
# Mail results to me, rather than sending to stdout
logwatch: Output = mail
logwatch: MailTo = ***@example.com
/var/log/exim4/mainlog
2014-06-07 07:24:51 Start queue run: pid=16329
2014-06-07 07:24:51 End queue run: pid=16329
2014-06-07 07:37:53 1WtB9c-0004If-My <= ***@example2.com U=root P=local S=39747
2014-06-07 07:37:53 1WtB9c-0004If-My => ***@example.com R=dnslookup
T=remote_smtp H=mail.example.com [12.34.56.78]
X=TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128
DN="C=GB,ST=Nottinghamshire,L=Newark,O=example,CN=mail.example.com,EMAIL=***@example.com"
2014-06-07 07:37:53 1WtB9c-0004If-My Completed
etc
But Fail2Ban isn't. If I tell it to use the sendmail method, it
generates errors in the fail2ban log files and no mail is sent
/etc/fail2ban/jail.local
mta = sendmail
/var/log/fail2ban.log
2014-06-03 18:43:20,213 fail2ban.jail : INFO Jail 'ssh' started
2014-06-03 18:43:20,263 fail2ban.actions.action: ERROR printf %b
"Subject: [Fail2Ban] ssh: started
Date: `date -u +"%a, %d %h %Y %T +0000"`
From: Fail2Ban <fail2ban>
To: ***@example.com\n
Hi,\n
The jail ssh has been started successfully.\n
Regards,\n
Fail2Ban" | /usr/sbin/sendmail -f fail2ban ***@example.com returned 8b00
But if I do..
echo "Hello me" | sendmail -f fail2ban ***@example.com
at the command line, which is basically what the Python script of
fail2ban does (and the Perl of logwatch) it works.
If I tell fail2ban to use the old mail protocol, it appears to work,
but nothing actually gets sent because the sendmail emulation
segfaults:
/etc/fail2ban/jail.local
mta = sendmail
/var/log/exim4/mainlog
(nothing)
/var/log/syslog
Jun 7 08:44:19 example2 kernel: [320629.730862] sendmail[17581]:
segfault at bf98a3f4 ip b767acad sp bf98a2c0 error 6 in
exim4[b7670000+df000]
Jun 7 08:46:12 example2 kernel: [320742.561156] sendmail[17629]:
segfault at bf972034 ip b763acad sp bf971f00 error 6 in
exim4[b7630000+df000]
etc (the address varies, I presume because it's loaded at different
places in memory)
What am I doing wrong?
Ian