logwatch fails

[amarinderca]

1. logwatch fails to run as --mailfrom is not a valid flag for logwatch command on debian 9
2. logwatch fails to deliver mail due to message being too long, here is the fix:
   https://blog.dhampir.no/content/exim4-line-length-in-debian-stretch-mail-delivery-failed-returning-message-to-sender

[imthenachoman]

Thanks.

1. I removed --mailfrom since its not a valid command line option.
2. Wow. That is a strange thing to implement. Thanks!

[imthenachoman]

Out of curiosity, what version of logwatch do you have? Do you know what section had really long lines? I haven't had an issue so far...

[amarinderca]

Logwatch 7.4.3 (released 12/07/16)
The ufw/iptables logs produce really long lines.
Here is an example:
From 141.98.89.67 - 738 packets to tcp(1003,1024,1025,1030,1035,1047,1048,1065,1077,1079,1082,1083,1093,1094,1099,1 117,1124,1128,1140,1145,1169,1172,1175,1176,1180,1189,1191,1201,1217,1224,1232,1 243,1252,1269,1276,1279,1290,1293,1295,1305,1315,1316,1317,1321,1325,1331,1332,1 334,1336,1343,1373,1383,1394,1395,1397,1421,1424,1425,1431,1438,1442,1447,1449,1 465,1470,1473,1477,1481,1499,1501,1518,1522,1525,1528,1529,1540,1543,1565,1566,1 580,1581,1592,1594,1605,1623,1633,1644,1657,1658,1659,1670,1673,1674,1687,1696,1 698,1711,1726,1737,1748,1789,1829,1841,1870,1882,1918,1922,1923,1933,1963,1974,1 986,1988,1997,2015,2034,2038,2078,2130,2134,2145,2148,2171,2178,2179,2193,2223,2 230,2242,2264,2282,2283,2290,2323,2335,2339,2342,2345,2346,2374,2383,2387,2394,2 416,2420,2427,2435,2446,2457,2467,2468,2479,2487,2494,2502,2520,2531,2532,2534,2 539,2572,2583,2602,2624,2632,2638,2646,2654,2676,2684,2695,2717,2728,2765,2769,2 792,2794,2832,2847,2869,2873,2892,2899,2910,2925,3003,3093,3096,3148,3157,3159,3 208,3290,3296,3301,3307,3342,3345,3375,3384,3416,3424,3430,3441,3446,3452,3487,3 488,3495,3498,3499,3506,3528,3539,3550,3561,3569,3572,3581,3591,3592,3597,3600,3 611,3624,3651,3665,3685,3706,3707,3739,3744,3747,3755,3767,3775,3780,3789,3796,3 799,3800,3821,3829,3830,3841,3843,3848,3859,3865,3871,3882,3892,3898,3900,3901,3 912,3933,3945,3948,3952,3974,3985,4004,4013,4015,4016,4040,4043,4045,4046,4050,4 063,4078,4079,4083,4084,4090,4097,4098,4106,4109,4112,4120,4130,4149,4150,4161,4 172,4177,4183,4199,4202,4205,4213,4221,4224,4254,4257,4265,4276,4286,4294,4306,4 317,4322,4346,4347,4350,4352,4361,4369,4392,4399,4404,4407,4410,4414,4425,4427,4 442,4443,4444,4446,4450,4454,4457,4462,4468,4473,4506,4507,4509,4514,4519,4525,4 550,4555,4558,4561,4566,4572,4596,4600,4604,4610,4618,4630,4641,4654,4659,4670,4 692,4700,4717,4747,4751,4757,4774,4777,4799,4807,4809,4821,4834,4837,4851,4859,4 862,4867,4911,4924,4927,4941,4960,4966,4977,5007,5070,5121,5132,5152,5155,5173,5 174,5206,5207,5226,5247,5267,5271,5289,5297,5299,5300,5351,5363,5390,5393,5404,5 455,5456,5464,5486,5496,5507,5530,5538,5546,5568,5600,5601,5626,5630,5653,5665,5 673,5704,5708,5730,5743,5746,5756,5797,5829,5830,5854,5862,5864,5873,5875,5914,5 922,5927,5938,5966,5968,5998,6009,6015,6018,6027,6040,6061,6095,6098,6113,6124,6 130,6165,6196,6199,6204,6206,6212,6223,6264,6269,6275,6292,6310,6322,6328,6344,6 351,6358,6362,6393,6396,6403,6410,6414,6426,6432,6437,6473,6478,6497,6514,6519,6 529,6538,6548,6554,6570,6595,6601,6615,6619,6623,6628,6630,6638,6642,6645,6664,6 688,6690,6694,6705,6716,6735,6738,6768,6776,6779,6781,6792,6797,6831,6835,6850,6 872,6883,6891,6898,6931,6932,6935,6937,6943,6948,6954,6980,6984,6995,7028,7032,7 043,7080,7088,7099,7106,7108,7136,7147,7201,7203,7229,7233,7240,7247,7251,7255,7 264,7303,7333,7340,7344,7346,7351,7444,7504,7508,7549,7552,7556,7559,7569,7593,7 604,7606,7610,7611,7656,7660,7669,7692,7693,7738,7742,7744,7755,7774,7783,7794,7 816,7820,7831,7846,7849,7866,7868,7889,7898,7905,7918,7948,7950,7982,7987,7989,7 998,8000,8002,8023,8028,8063,8067,8069,8075,8095,8099,8108,8115,8132,8151,8162,8 167,8169,8180,8184,8199,8214,8229,8271,8277,8281,8301,8303,8307,8322,8333,8348,8 352,8353,8363,8370,8405,8411,8422,8437,8452,8456,8463,8489,8498,8508,8516,8571,8 602,8608,8612,8623,8634,8642,8655,8664,8666,8716,8729,8746,8753,8757,8759,8790,8 805,8861,8891,8893,8915,8920,8949,8954,8965,9006,9047,9049,9079,9120,9130,9131,9 140,9161,9182,9187,9203,9212,9223,9226,9233,9234,9239,9285,9306,9357,9358,9368,9 371,9378,9379,9380,9382,9410,9421,9431,9434,9469,9473,9475,9484,9514,9521,9523,9 524,9527,9534,9566,9576,9607,9659,9670,9680,9720,9724,9729,9731,9732,9733,9773,9 781,9783,9784,9813,9824,9825,9855,9877,9878,9882,9907,9918,9919,9926,9928,9959,9 964,9969,9981)

[imthenachoman]

wow. i have never seen anything like that. crazy. do you know what app/process would yield something like that?

[amarinderca]

It seems like someone is scanning my server's ports to see if they are open. It is a dedicated debian box I run out of a datacenter. The IP is known bad IP and is on many blocklists.

[imthenachoman]

Wow. That's nuts. I work in one leg of cybersecurity and folks always ask why security matters. They don't believe me when I tell them how many bad-actors there are out there trying to find cracks in the wall. I fixed the issue with the latest update so I'll close this. I also added the long line fix to the exim4 section cause I kinda figured it should be set regardless. Let me know if I missed anything.