Added logging of surgemail errors and activity to logwatch. The info@timberwoodcommons.com account had gotten compromised about a week earlier. There was massive amounts of spam being sent from servers in Australia and elsewhere. This got our server onto the spamcop blacklist. The following are the files that were modified/created:
vi /etc/logwatch/scripts/shared/applystddate vi /etc/logwatch/conf/logfiles/surgemail.conf vi /etc/logwatch/conf/services/surgemail.conf vi /etc/logwatch/scripts/services/surgemail logwatch --service surgemail --detail 0 --print --range today
I changed surgemail to log full dates and changed the argument for applystddate to be %F instead of %e:
/etc/logwatch/conf/logfiles/surgemail.conf:*ApplyStdDate = "%F"