• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1716
  • Last Modified:

Sendmail and Splunk

Hi, I'm a relatively fresh Linux admin and I'm trying to get Splunk to send alerts out through sendmail. When I check /var/log/mail.log, I can see
"Nov  3 14:00:01 roi-compliance-01 sm-mta[7448]: mA3J01kR007448: <julius@theroi.com>... User unknown
Nov  3 14:00:01 roi-compliance-01 sm-mta[7448]: mA3J01kR007448: from=<splunk@localhost>, size=1537, class=0, nrcpts=0, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1]"
I also get "User unknown" when I run "sendmail -bv julius@theroi.com."
How can I configure sendmail to simply forward email along to our Exchange server? I tried adding "define(`SMART_HOST',`mail.theroi.com')" to sendmail.mc, however "m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf" gives me "-bash: /etc/mail/sendmail.cf: Permission denied"
Any help would be greatly appreciated!

0
domgelato
Asked:
domgelato
  • 4
  • 2
1 Solution
 
domgelatoAuthor Commented:
Here are some of the config files.

access
sendmailconf
sendmailmc
0
 
domgelatoAuthor Commented:
Damn, 3 days and no comment... Does that mean my question is really stupid, or really hard? Maybe a better question would be: Does anyone know of a way to send alerts from Splunk using something other than Sendmail? Any help would really be very appreciated.
0
 
jar3817Commented:
"How can I configure sendmail to simply forward email along to our Exchange server? I tried adding "define(`SMART_HOST',`mail.theroi.com')" to sendmail.mc, however "m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf" gives me "-bash: /etc/mail/sendmail.cf: Permission denied""

The smart_host option is exactly how you get sendmail to foward all outgoing mail to a specific server. The permissions problem is most likely caused by the fact that you are not logged in as root when you're using the m4 command. The /etc/mail/sendmail.cf file is owned by root, and you can't replace it unless you're root.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
domgelatoAuthor Commented:
I should have noted that I was using sudo to run that:

sysadmin@xxxxxxxxxxxx:~$ sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
-bash: /etc/mail/sendmail.cf: Permission denied

I tried chmodding sendmail.mc.. should I be chmodding sendmail.cf? and with what parameters? I have always been confused by chmod :(

Thanks for the reply!

0
 
jar3817Commented:
I still this it's a root problem. Instead of using sudo, try either logging in as root or use "su" to change to the root user before issuing the command.

The permissions on both sendmail.mc and .cf should be 644 (-rw-r--r--). You can reset those permissions with:

chmod 644 /var/mail/sendmail.mc /var/mail/sendmail.cf

You'll also need to be root in order to change the permissions.
0
 
domgelatoAuthor Commented:
Root shell with sudo -s worked. I may open another question soon though if I can't get the smarthost to work, but thanks a lot for you help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now