On Fri, 2005-05-20 at 12:14 -0700, Mike Tremaine wrote:
On Fri, 2005-05-20 at 04:49, Balazs Scheidler wrote:
Luckly it is... Attached is a trimmed down trace file with a few examples of the problem [about 200lines let me know if more would be useful...]
To my [uneducated] eye it looks like sendmail is the problem but like I said sometimes it does it right sometime it doesn't.
Example:
read(16, "<20>May 20 07:48:02 sendmail[16668]: j4KEkWOv016668: collect: premature EOM: unexpected close", 2048) = 93
Notice no \0 or \n
Then the next read
read(16, "<21>May 20 07:48:02 sendmail[16668]: j4KEkWOv016668: collect: unexpected close on connection from [61.43.165.161], sender=<Hager@indiatimes.com>\0<22>May 20 07:48:02 sendmail[16668]: j4KEkWOv016668: from=<Hager@indiatimes.com>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=[61.43.165.161]\0", 1955) = 300
A null terminator That leads to the output
write(22, "2005-05-20 07:48:02 quasar mail.warning sendmail[16668]: j4KEkWOv016668: collect: premature EOM: unexpected close<21>May 20 07:48:02 sendmail[16668]: j4KEkWOv016668: collect: unexpected close on connection from [61.43.165.161], sender=<Hager@indiatimes.com>\n2005-05-20 07:48:02 quasar mail.info sendmail[16668]: j4KEkWOv016668: from=<Hager@indiatimes.com>, size=0, class=0, nrcpts=1, proto=SMTP, daemon=MTA, relay=[61.43.165.161]\n", 430) = 430 .
So the null was caught and turned into \n but the line before it runs together. With some weird <21> [and more often <22> see trace file].
Hm. Sendmail really seems to be the culprit, it is only hidden by sysklogd using unix-dgram() sockets in which case the syslog daemon does not care whether the message was NL or \0 terminated or not. The manpage for syslogd, mentions: ... "A trailing newline is added when needed." This does not seem to be true. After judging the source it seems to be adding the NL character only if LOG_PERROR is specified to openlog() which clearly isn't the case for sendmail. I'd say this is a libc bug which you can work around by avoiding using unix-stream and sticking to unix-dgram instead. (a solution which I myself do not like). -- Bazsi