Sendmail and Splunk

Posted on 2008-11-03
Medium Priority
Last Modified: 2013-12-18
Hi, I'm a relatively fresh Linux admin and I'm trying to get Splunk to send alerts out through sendmail. When I check /var/log/mail.log, I can see
"Nov  3 14:00:01 roi-compliance-01 sm-mta[7448]: mA3J01kR007448: <julius@theroi.com>... User unknown
Nov  3 14:00:01 roi-compliance-01 sm-mta[7448]: mA3J01kR007448: from=<splunk@localhost>, size=1537, class=0, nrcpts=0, proto=ESMTP, daemon=MTA-v4, relay=localhost []"
I also get "User unknown" when I run "sendmail -bv julius@theroi.com."
How can I configure sendmail to simply forward email along to our Exchange server? I tried adding "define(`SMART_HOST',`mail.theroi.com')" to sendmail.mc, however "m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf" gives me "-bash: /etc/mail/sendmail.cf: Permission denied"
Any help would be greatly appreciated!

Question by:domgelato
  • 4
  • 2

Author Comment

ID: 22870238
Here are some of the config files.


Author Comment

ID: 22896677
Damn, 3 days and no comment... Does that mean my question is really stupid, or really hard? Maybe a better question would be: Does anyone know of a way to send alerts from Splunk using something other than Sendmail? Any help would really be very appreciated.
LVL 26

Expert Comment

ID: 22939786
"How can I configure sendmail to simply forward email along to our Exchange server? I tried adding "define(`SMART_HOST',`mail.theroi.com')" to sendmail.mc, however "m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf" gives me "-bash: /etc/mail/sendmail.cf: Permission denied""

The smart_host option is exactly how you get sendmail to foward all outgoing mail to a specific server. The permissions problem is most likely caused by the fact that you are not logged in as root when you're using the m4 command. The /etc/mail/sendmail.cf file is owned by root, and you can't replace it unless you're root.
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.


Author Comment

ID: 22940050
I should have noted that I was using sudo to run that:

sysadmin@xxxxxxxxxxxx:~$ sudo m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
-bash: /etc/mail/sendmail.cf: Permission denied

I tried chmodding sendmail.mc.. should I be chmodding sendmail.cf? and with what parameters? I have always been confused by chmod :(

Thanks for the reply!

LVL 26

Accepted Solution

jar3817 earned 2000 total points
ID: 22940104
I still this it's a root problem. Instead of using sudo, try either logging in as root or use "su" to change to the root user before issuing the command.

The permissions on both sendmail.mc and .cf should be 644 (-rw-r--r--). You can reset those permissions with:

chmod 644 /var/mail/sendmail.mc /var/mail/sendmail.cf

You'll also need to be root in order to change the permissions.

Author Comment

ID: 22940272
Root shell with sudo -s worked. I may open another question soon though if I can't get the smarthost to work, but thanks a lot for you help!

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month15 days, 20 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question