On 2024-12-15 01:07, Wietse Venema via Postfix-users wrote: > > It also sucks raw eggs at doing this, to the point that I was > motivated to add a postlogd service to make Postfix logging reliable > again.
Would you mind elaborating this a bit? There are configurable rate-limiters I am aware of, but never noticed any logs lost from journal... Also, I didn't find any rationale/problem case in initial code: https://github.com/vdukhovni/postfix/commit/b8f485636ac7ecd8cc7bc7d403c227fba0bedca3 Speaking about logs (and systemd) - there's one thing I was always curious: is there any straightforward way to have logs greppable by "incoming mail"? I mean ALL the processing in ALL the daemons, transports, milters, whatever, or at least the ones that belong to postfix (if not handled/exposed by some 3rd party milter)? Such "incomingID" would have to be generated-if-not-existing in every entry point (including postscreen) and then passed down the road. This would allow to easy follow single "mail event", which is currently rather complicated: Dec 15 08:58:09 postfix/postscreen[32743]: PASS OLD [A.B.C.D]:47578 Dec 15 08:58:09 postfix/smtpd[32747]: connect from unknown[A.B.C.D] Dec 15 08:58:12 postfix/smtpd[32747]: NOQUEUE: reject: RCPT from unknown[A.B.C.D]: 521 5.7.25 [...] Dec 15 08:58:12 postfix/smtpd[32747]: disconnect from unknown[A.B.C.D] ehlo=1 mail=1 rcpt=0/1 commands=2/3 - how can I know this is a related to single connection? Lines 2-4 share PID, but PID-tracking must recognize disconnects (then another connection uses the same process). Connecting 1st line with 2-4 is virtually impossible when dealing with lots of mail with longer delays between phases. Connecting all the logs from accepted mail, with all the possible expansions, transformations, redirections etc. cannot be automated... This relates to systemd journal - it's not only "text" storage, it handles structures. All the atoms you log can sit in their bins and be browsable directly, not by regexp magic, so it's easy to "show all NOQUEUE events with 5.5.1 response" (grep "5.5.1" could match on IP address, so one needs to be aware of it and grep ": 550 5.5.1 "). Something like no-SQL or other schema-less. Several times I was trying to analyze NOQUEUE logs in my systems, to audit if I'm not throwing away something that should be accepted, and this was futile. I created dozens of greps and they frequently overlap. Eventually it turned out I did miss several entries of legitimate mail that required creating exceptions. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
