Logwatch without an MTA like Postfix
Logwatch is a log analysis tool for Linux based servers with the general gist being you get emailed reports when suspicious activity occurs. It does this by parsing your log files and looking for patterns that you can configure.
By default Logwatch will install Postfix MTA which is a little more heavy duty than I want on a web server, I would rather use a service like Mailgun as a smarthost. This essentially means all outgoing email from your app will be routed through Mailgun, giving you the ability to easily view logs and data on opens, bounces etc. We will configure it in such a way that it will only send email for localhost, it will not deliver anything locally and certainly wont be able to be used as a relay from a third party. To do this we will install and configure Exim as a simple relay.
These steps have only been tested with Ubuntu 12.04.
Install Exim
aptitude install exim4-daemon-light mailutils
Configure Exim
dpkg-reconfigure exim4-config
You’ll be presented with a welcome screen, followed by a screen asking what type mail delivery you’d like to support. Choose the option for “mail sent by smarthost; no local mail” and select “Ok” to continue
Image may be NSFW.
Clik here to view.
Enter your system’s FQDN (fully qualified domain name) in the “mail name” configuration screen.
Image may be NSFW.
Clik here to view.
Enter “127.0.0.1″ when asked which IP address to listen on for SMTP connections. The ::1 is for ipv6 so you may not need it.
Image may be NSFW.
Clik here to view.
List your FQDN, hostname, and localhost entries when you’re asked which destinations mail should be accepted for.
Image may be NSFW.
Clik here to view.
Since we are hiding the local mail name we must specify the domain name for local users.
Image may be NSFW.
Clik here to view.
Specify the smart host we are sending through.
Image may be NSFW.
Clik here to view.
As the server is not on a dial-up account we select No to keeping DNS queries minimal.
Image may be NSFW.
Clik here to view.
Don’t split configuration files.
Image may be NSFW.
Clik here to view.
We will authenticate to Mailgun SMTP servers so we need to add those details to “passwd.client”. Instead of the asterisk we could add the hostname of the SMTP server.
sudo nano /etc/exim4/passwd.client
Add a line like this.
*:postmaster@mydomain.mailgun.org:password
Generate the certificate for Exim to use by running this and answering the prompts. This is so we can configure the server for TLS.
sudo /usr/share/doc/exim4-base/examples/exim-gencert
Add the following file so we can enable TLS.
sudo touch /etc/exim4/exim4.conf.localmacros sudo nano /etc/exim4/exim4.conf.localmacros
Add this line to the “localmacros” file. Restart Exim.
MAIN_TLS_ENABLE = 1 sudo /etc/init.d/exim4 restart
Test your configuration
echo "This is a test." | mail -s Testing someone@example.com sudo cat /var/log/exim4/mainlog
Install Logwatch
To see what packages Logwatch depends on we can run the following.
aptitude show logwatch
Notice how in the “Depends” line it says “Depends: perl, postfix | mail-transport-agent”.
Well because Exim ‘implements’ mail-transport-agent it wont install postfix as a dependency.
Install Logwatch and edit its config.
sudo aptitude install logwatch sudo nano /usr/share/logwatch/default.conf/logwatch.conf
Update the config with these values.
Output = mail Format = html Mailto = someone@example.com MailFrom = server@example.com Range = Yesterday Detail = 4 or Med (get long kernel messages)
By default the logwatch process will run as part of cron.daily which in Ubuntu 12.04 is 06:26AM.