msmtp cannot write to /var/log/msmtp/msmtp.log

In /etc/msmtprc I added credentials for a gmail account and also specified a log file to use in /var/log/msmtp/msmtp.log

I also created the folder and file in /var/log/msmtp/msmtp.log

When I test it using: echo "This is a test e-mail from my server using msmtp!" | msmtp ******@gmail.com

I receive an email but in the terminal I also see an error message like so: msmtp: cannot log to /var/log/msmtp/msmtp.log: cannot open: Permission denied

The current permissions for /var/log/msmtp are:

drwxr-xr-x 2 root root 4096 Jan 29 20:19 msmtp

What am I doing wrong? What do the permissions on the log file need to be for msmtp to be able to write to the file?

1

5 Answers

I had the same error message, and ultimately changing permissions, creating the log file, etc., didn't work. The problem in my case was caused by AppArmor: in my system, the file /etc/apparmor.d/usr.bin.msmtp only listed /var/log/msmtp as write permission in /var/log, so solution can be:

  • to use /var/log/msmtp as log in the configuration, instead of /var/log/msmtp.log
  • modify the rules in the msmtp apparmor profile to allow adding and locking the file we want.
2

After installing msmtp there is an msmtp user and group. If you change the ownership of the logfile to msmtp, and change rights to read/write for user and group, the logging works.

groups msmtp
sudo touch /var/log/msmtp
sudo chown msmtp:msmtp /var/log/msmtp
sudo chmod 660 /var/log/msmtp

I haven't tested it, but I suppose this works for /var/log/msmtp/msmtp.log as well, if you set the rights for the folder properly.

On a laptop running Debian stable, I also had the permission denied error. I set the log to be ~/var/msmtp.log. It was caused by apparmor as well. To correct it, I found the log lines in /etc/apparmor.d/usr.bin.msmtp:

 owner @{HOME}/.msmtp*.log wk, /var/log/msmtp wk,

I copied the first line above to the usr.bin.msmtp in /etc/apparmor.d/local and edited it to point to my log location:

 owner @{HOME}/var/msmtp*.log wk,

I rebooted because I didn't take the time to figure out how to get apparmor to read the updated files. Now it logs properly.

I tried with 0640 but it did not work, it workd only with 0770 (I chowned with user msmtp + 0640, but it did not work either)

# mkdir /var/log/msmtp
# chmod -R 0770 /var/log/msmtp
# [nano|vim] /etc/apparmor.d/usr.bin.msmtp owner /var/log/msmtp/msmtp.log wk,
# service apparmor restart
$ echo 'message test mail backup' | msmtp the.email

I prefer to have my email logs in /var/log/mail.log because that's the default in /etc/rsyslog.d/50-default.conf and I wanted to avoid modifying apparmor config if possible, so I removed logfile and added this to /etc/msmtprc:

# The logs will appear in /var/log/mail.log because of the rules in /etc/rsyslog.d/50-default.conf
syslog LOG_MAIL

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like