[BlueOnyx:24052] Re: Logwatch 5210R

Michael Stauber mstauber at blueonyx.it
Tue Jun 30 14:36:55 -05 2020

Hi Richard,

> Getting these (seems like thousands of) errors in the logwatch report:
> Use of uninitialized value $QueueID in hash element at
>                /usr/share/logwatch/scripts/services/sendmail line 920,
> <STDIN> line 24100 (#1)

We're using the run-of-the-mill and umodified "logwatch" from the CentOS
repository. I just checked a few 5210R of mine and I don't see this
problem on any of these. So ... no idea.

I checked /usr/share/logwatch/scripts/services/sendmail at line 920 to
see what it's doing when the error happens and it's this section:

   } elsif ( ( $Host ) = ($ThisLine =~ /(.*) (\(may be forged\) )?did
not issue MAIL\/EXPN\/VRFY\/ETRN during connection to /) ) {
      # we test if they previously sent junk, because the connection is
expected to fail
      if (defined $CommandUnrecognized{$QueueID}) {
         $CommandUnrecognized{$QueueID} = $CommandUnrecognized{$QueueID}
. "    ... and then exited without communicating\n";
      } else {

So this triggers when the server is probed via "MAIL/EXPN/VRFY/ETRN"
*and* the email in question doesn't have a $QueueID.

The variable $QueueID is set in line 397 of this script. But if this is
a server probe via VRFY for example, then that script cannot possibly
have a $QueueID yet, because stuff hasn't progressed far enough to
generate a QueueID yet.

To me this looks like an oversight on behalf of the "logwatch" maintainers.

My suggestion: Comment out the lines 918-924 to disable this check.
That's exactly the block of code I quoted above.

Another alternative: Switch to Postfix. Logwatch will then no longer use
the Sendmail code snippets and will instead use the ones for Postfix.

With best regards

Michael Stauber

More information about the Blueonyx mailing list