We have a perl script which tries to send an email notification when the system is about to shut down. To do this, we catch the SIGTERM and call Unix mail command to send email in the signal handler. SIGTERM is caught but the unix mail log shows that the FROM and TO address are changed from user#companyname.com to user#hostname during shutdown. Any idea why the system does this and how to prevent it? (Please note: The same email works fine when we run the script and kill the process from terminal)
Here is the perl code snippet:
$SIG{TERM} = \&signal_handler;
sleep(3600);
sub signal_handler {
my $email_address = 'user#companyname.com';
system("echo \"TestBody\" | mail -s \"TestEmailSubject\" -c \"$email_address\" -r \"$email_address\" \"$email_address\"");
}
Here is what is printed in /var/log/mail/mail during shutdown:
Sep 17 21:17:04 postfix/postfix-script[7009]: starting the Postfix mail system
Sep 17 21:17:10 postfix/master[7011]: daemon started -- version 2.10.1, configuration /etc/postfix
Sep 17 21:17:10 postfix/pickup[10349]: 35F801809C9: uid=0 from=root
Sep 17 21:17:10 postfix/cleanup[10356]: 35F801809C9: message-id=<20190917211710.35F801809C9#HOSTNAME.net>
Sep 17 21:17:10 postfix/qmgr[10350]: 35F801809C9: from=root#HOSTNAME.net, size=1618, nrcpt=1 (queue active)
Sep 17 21:17:10 postfix/local[10372]: 35F801809C9: to=root#HOSTNAME.net, orig_to=<root>, relay=local, delay=13, delays=13/0.01/0/0, dsn=2.0.0, status=sent (delivered to file: /dev/null)
Here is the working case when we kill the process from terminal:
Sep 17 21:20:41 postfix/pickup[10349]: E5328180968: uid=14936 from=user#COMPANYNAME.com
Sep 17 21:20:41 postfix/cleanup[22690]: E5328180968: message-id=<5d814e29.qZd+wgg47afpUdbd%user#COMPANYNAME.com>
Sep 17 21:20:41 postfix/qmgr[10350]: E5328180968: from=user#COMPANYNAME.com, size=544, nrcpt=1 (queue active)
Sep 17 21:20:41 postfix/smtp[22692]: E5328180968: to=user#COMPANYNAME.com, delay=0.06, delays=0.01/0/0/0.05, dsn=2.0.0, status=sent (250 2.0.0 OK 4E/77-59832-92E418D5)
the postfix system is probably being shut down earlier in the shutdown process than your script. Have you confirmed within your script that the mail system is still up after your script has tried to send an email?
Related
please assist me on parsing mail logs using Loki & Grafana :)
My logging server collects maillog files from Linux server, and I want to use Loki to check status (sent, deferred, etc) of messages from specific user.
The problem is that mail logs are divided into different log lines and I need to correlate different log lines using message id (40F36420E05 in text below):
Jun 9 22:38:36 mail postfix/smtp[376635]: 40F36420E05: to=<otheruser#domain2>, relay=domain3[11.11.11.11]:25, delay=13, delays=0.58/0/4.6/7.8, dsn=2.6.0, status=sent (250 2.6.0 <20220609193823.D980A420E06#mail> [InternalId=13731010457062, Hostname=XXX] 15472 bytes in 0.524, 28.786 KB/sec Queued mail for delivery)
Jun 9 22:37:35 mail postfix/qmgr[193514]: 40F36420E05: from=<user#domain>, size=4496, nrcpt=1 (queue active)
Jun 9 22:37:35 mail opendkim[251972]: 40F36420E05: DKIM-Signature field added (s=mail, d=domain)
Jun 9 22:37:35 mail postfix/cleanup[376634]: 40F36420E05: message-id=<20220609193735.40F36420E05#mail>
Jun 9 22:37:35 mail postfix/submission/smtpd[376557]: 40F36420E05: client=compute-1.amazonaws.com[44.11.11.11], sasl_method=PLAIN, sasl_username=user
I'm using this query to find required mail messages and regexp function to extract messageid label:
{host="mail.com"} |~"from=<user#domain>" | regexp "(?P<messageid>\\S+): from="
Jun 9 22:59:58 mail postfix/qmgr[377114]: 40F36420E05: from=<user#domain>, size=11916, nrcpt=1 (queue active)
Jun 9 22:59:58 mail postfix/qmgr[377114]: C3E5D420E05: from=<user#domain>, size=9622, nrcpt=1 (queue active)
Jun 9 22:59:57 mail postfix/qmgr[377114]: 27057420E07: from=<user#domain>, size=6695, nrcpt=1 (queue active)
Now I want to fetch all log lines containing with all messageid labels extracted from previous query. Like {host="mail.com"} |~"from=<user#domain>" | regexp "(?P<messageid>\\S+): from="} | messageid={list_of_parsed_messageids}
How can I achieve that? Thanks!
Background
Apache server running on a machine and producing logs into /var/log/httpd/error_log
Using syslog-ng to send log to a port 5140
Eventually it will be consumed by kafka producer to be send to a topic
Settings
options {
flush_lines (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (no);
};
source s_apache2 {
file("/var/log/httpd/error_log" flags(no-parse));
}
destination loghost {
tcp("*.*.*.*" port(5140));
}
Problem
syslog-ng prepends timestamp and hostname to the log data which is undesirable
<13>Jan 10 11:01:03 hostname [Tue Jan 10 11:01:02 2017] [notice] Digest: generating secret for digest authentication ...
<13>Jan 10 11:01:03 hostname [Tue Jan 10 11:01:02 2017] [notice] Digest: done
<13>Jan 10 11:01:03 hostname [Tue Jan 10 11:01:02 2017] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.4.30 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
Desired output (Each log line as is from error_log file)
[Tue Jan 10 11:01:02 2017] [notice] Digest: generating secret for digest authentication ...
[Tue Jan 10 11:01:02 2017] [notice] Digest: done
[Tue Jan 10 11:01:02 2017] [notice] Apache/2.2.15 (Unix) DAV/2 PHP/5.4.30 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
Platform
CentOS release 6.4 (Final)
syslog-ng #version:3.2
PS
Syslog-ng to Kafka Integration : Please let me know if anybody has tried this which will render my java Kafka producer redundant
when you use the flags(no-parse) option in syslog-ng, then syslog-ng does not try to parse the different fields of the message, but puts everything into the MESSAGE field of the incoming log message, and prepends a syslog header. To remove this header, use a template in your syslog-ng destination:
template t_msg_only { template("${MSG}\n"); };
destination loghost {
tcp("*.*.*.*" port(5140) template(t_msg_only) );
}
To use the Kafka destination of syslog-ng, you need a newer version of syslog-ng (I'd recommend 3.8 or 3.9). Peter Czanik has written a detailed post about installing new syslog-ng rpm for CentOS.
Simple usecase but doesn't work.
I have a web application and want to configure a SMTP server to send emails from application.
Installed mailx as per link - http://tecadmin.net/bash-mail-command-not-found/
All good.
Test Sending email as: echo "This is a test email body " | mail -s "This is a test email " dk#xxx.com
Now I get the following in logs :
root#/var/log $ tail -f /var/log/maillog
Jul 19 16:47:57 bridgeapps-dev01 postfix/postfix-script[23104]: stopping the Postfix mail system
Jul 19 16:47:57 bridgeapps-dev01 postfix/master[1466]: terminating on signal 15
Jul 19 16:47:57 bridgeapps-dev01 postfix/postfix-script[23184]: starting the Postfix mail system
Jul 19 16:47:57 bridgeapps-dev01 postfix/master[23186]: daemon started -- version 2.10.1, configuration /etc/postfix
Jul 19 16:48:12 bridgeapps-dev01 postfix/pickup[23187]: 4163841204: uid=0 from=<root>
Jul 19 16:48:12 bridgeapps-dev01 postfix/cleanup[23194]: 4163841204: message-id=<20160719154812.4163841204#bridgeapps-dev01.localdomain>
Jul 19 16:48:12 bridgeapps-dev01 postfix/qmgr[23188]: 4163841204: from=<root#bridgeapps-dev01.localdomain>, size=582, nrcpt=1 (queue active)
Jul 19 16:48:12 bridgeapps-dev01 postfix/smtp[23196]: connect to ASPMX.L.GOOGLE.com[2a00:1450:400c:c09::1b]:25: Network is unreachable
Jul 19 16:48:12 bridgeapps-dev01 postfix/smtp[23196]: 4163841204: to=<dk#xxx.com>, relay=ASPMX.L.GOOGLE.com[64.233.166.26]:25, delay=0.47, delays=0.02/0.01/0.24/0.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1468943292 l4si11397516wmf.56 - gsmtp)
Jul 19 16:48:12 bridgeapps-dev01 postfix/qmgr[23188]: 4163841204: removed
All green, no errors, just as things seem to be too good to be true, I never receive this email in gmail.
What am I missing ?
Thank you,
First off, you can't send an email from localhost. You need a mail relay. Since you're already using gmail I would recommend this:
https://www.howtoforge.com/tutorial/configure-postfix-to-use-gmail-as-a-mail-relay/
I am trying to send a mail with a non root user (also by tuleap application) but i have some trouble.
when we use a root user with command
echo “TR : This is a test of sending mail” | mail -s Test <mail>
it return this log and my email is sent
Mar 10 16:59:09 localhost sendmail[11969]: t2AGx9Up011969: from=root, size=258, class=0, nrcpts=1, msgid=<201503101659.t2AGx9Up011969#localhost.localdomain>, relay=root#localhost
Mar 10 16:59:09 localhost sendmail[11970]: t2AGx9Js011970: from=<root#localhost.localdomain>, size=521, class=0, nrcpts=1, msgid=<201503101659.t2AGx9Up011969#localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Mar 10 16:59:09 localhost sendmail[11969]: t2AGx9Up011969: to=<my mail>, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30258, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t2AGx9Js011970 Message accepted for delivery)
Mar 10 16:59:12 localhost sendmail[11972]: STARTTLS=client, relay=<my SMTP server>, version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 10 16:59:15 localhost sendmail[11972]: t2AGx9Js011970: to=<my mail>, ctladdr=<root#localhost.localdomain> (0/0), delay=00:00:06, xdelay=00:00:06, mailer=relay, pri=120521, relay=<my SMTP server> [IP], dsn=2.0.0, stat=Sent (OK id=1YVNUv-002ihW-JJ)
but when we use an other use (like codendiadm as used by tuleap) with the same command, it return this log without sending mail
Mar 10 16:59:53 localhost sendmail[12024]: t2AGxrhg012024: from=codendiadm, size=258, class=0, nrcpts=1, msgid=<201503101659.t2AGxrhg012024#localhost.localdomain>, relay=codendiadm#localhost
Mar 10 16:59:53 localhost sendmail[12025]: t2AGxr16012025: from=<codendiadm#localhost.localdomain>, size=556, class=0, nrcpts=1, msgid=<201503101659.t2AGxrhg012024#localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Mar 10 16:59:53 localhost sendmail[12024]: t2AGxrhg012024: to=<my mail>, ctladdr=codendiadm (495/492), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30258, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t2AGxr16012025 Message accepted for delivery)
Mar 10 16:59:57 localhost sendmail[12027]: STARTTLS=client, relay=<my SMTP server>, version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Mar 10 17:00:00 localhost sendmail[12027]: t2AGxr16012025: to=<my mail>, ctladdr=<codendiadm#localhost.localdomain> (495/492), delay=00:00:07, xdelay=00:00:07, mailer=relay, pri=120556, relay=<my SMTP server> [IP], dsn=5.1.1, stat=User unknown
Mar 10 17:00:00 localhost sendmail[12027]: t2AGxr16012025: t2AH0016012027: DSN: User unknown
Try to remove sendmail and install postfix instead. And tell me if it works better this way. You'll find how to do it here.
When I try to send an email as root using the following command, the email delivers successfully:
echo "Test" | sendmail -r user#mydomain.com myemail#gmail.com
But when I send an email, using the same command, as a different user, it does not deliver the email even though it's successful in the logs.
Log as root:
Jun 16 11:28:53 mydomain postfix/pickup[2163]: 34AF541D1C: uid=0 from=<user#mydomain.com>
Jun 16 11:28:53 mydomain postfix/cleanup[3168]: 34AF541D1C: message-id=<20140616112853.34AF541D1C#mydomain.com>
Jun 16 11:28:53 mydomain postfix/qmgr[2164]: 34AF541D1C: from=<user#mydomain.com>, size=247, nrcpt=1 (queue active)
Jun 16 11:29:06 mydomain postfix/smtp[3170]: 34AF541D1C: to=<myemail#gmail.com>, relay=spmail-sms-gw.cloudmark.com[66.151.128.162]:25, delay=13, delays=0.03/0.01/7.2/6.2, dsn=2.0.0, status=sent (250 2.0.0 EzUt1o001190bAS01zV09C mail accepted for delivery)
Jun 16 11:29:06 mydomain postfix/qmgr[2164]: 34AF541D1C: removed
Log as another user:
Jun 16 11:29:53 mydomain postfix/pickup[2163]: 34AF541D1C: uid=1000 from=<user#mydomain.com>
Jun 16 11:29:53 mydomain postfix/cleanup[3168]: 34AF541D1C: message-id=<20140616112953.34AF541D1C#mydomain.com>
Jun 16 11:29:53 mydomain postfix/qmgr[2164]: 34AF541D1C: from=<user#mydomain.com>, size=247, nrcpt=1 (queue active)
Jun 16 11:30:06 mydomain postfix/smtp[3170]: 34AF541D1C: to=<myemail#gmail.com>, relay=spmail-sms-gw.cloudmark.com[66.151.128.162]:25, delay=13, delays=0.03/0.01/7.2/6.2, dsn=2.0.0, status=sent (250 2.0.0 EzUt1o0014340bAS01zV09C mail accepted for delivery)
Jun 16 11:30:06 mydomain postfix/qmgr[2164]: 34AF541D1C: removed