[BlueOnyx:24052] Re: Logwatch 5210R

[Michael Stauber]

Hi Richard,

> Getting these (seems like thousands of) errors in the logwatch report:
> 
> Use of uninitialized value $QueueID in hash element at
> 
>                /usr/share/logwatch/scripts/services/sendmail line 920,
> <STDIN> line 24100 (#1)


We're using the run-of-the-mill and umodified "logwatch" from the CentOS
repository. I just checked a few 5210R of mine and I don't see this
problem on any of these. So ... no idea.

I checked /usr/share/logwatch/scripts/services/sendmail at line 920 to
see what it's doing when the error happens and it's this section:

-----------------------------------------------------------------
   } elsif ( ( $Host ) = ($ThisLine =~ /(.*) (\(may be forged\) )?did
not issue MAIL\/EXPN\/VRFY\/ETRN during connection to /) ) {
      # we test if they previously sent junk, because the connection is
expected to fail
      if (defined $CommandUnrecognized{$QueueID}) {
         $CommandUnrecognized{$QueueID} = $CommandUnrecognized{$QueueID}
. "    ... and then exited without communicating\n";
      } else {
      $DummyConnection{$Host}++;
      }
-----------------------------------------------------------------

So this triggers when the server is probed via "MAIL/EXPN/VRFY/ETRN"
*and* the email in question doesn't have a $QueueID.

The variable $QueueID is set in line 397 of this script. But if this is
a server probe via VRFY for example, then that script cannot possibly
have a $QueueID yet, because stuff hasn't progressed far enough to
generate a QueueID yet.

To me this looks like an oversight on behalf of the "logwatch" maintainers.

My suggestion: Comment out the lines 918-924 to disable this check.
That's exactly the block of code I quoted above.

Another alternative: Switch to Postfix. Logwatch will then no longer use
the Sendmail code snippets and will instead use the ones for Postfix.

-- 
With best regards

Michael Stauber