On Thu, Jan 15, 2015 at 09:57:53PM -0500, b...@bitrate.net wrote:
> i happened to notice that on one of our two mxes, no postscreen activity was
> logged between 06:25:09 and 11:54:42:
>
> Jan 15 06:25:09 mta2 postfix/postscreen[22371]: DISCONNECT
> [103.242.116.92]:37543
> Jan 15 11:54:42 mta2 postfix/postscreen[25663]: CONNECT from
> [209.85.213.183]:41380 to [10.3.70.6]:25
Note the change of pid! You probably ran "postfix reload" right
around then.
> but other postfix activity was *logging* normally, and mail was flowing
> normally:
>
> all of this makes it seems like postscreen wasn't working during that period,
> and i'm wondering why that might be.
Actually it was working, just wasn't logging!
> daily cron started just before this, which seems suspect:
>
> Jan 15 06:25:01 mta2 CRON[22748]: (root) CMD (test -x /usr/sbin/anacron || (
> cd / && run-parts --report /etc/cron.daily ))
>
> >l /etc/cron.daily/
> total 52K
> -rwxr-xr-x 1 root root 372 Oct 2 2012 logrotate*
This often SIGHUPs the log daemon which deletes and recreates the
log socket. If postscreen is chrooted, and there is no log socket
in the jail, it ceases to be able to log.
I avoid sending SIGHUP to the log daemon, and use syslog-ng with
date based output files which are expired by scripts other than
logrotate, that way I don't lose any log messages.
> >postconf -Mf
> smtp inet n - - - 1 postscreen
Yep, it's chrooted. You need to configure syslog to add a log
socket to the jail, or turn off chroot.
--
Viktor.
