summaryrefslogtreecommitdiffstats
path: root/README_FILES/MAILLOG_README
blob: cc8b0974dfa6b8e1d2b7a412f3654a9427d5129e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
PPoossttffiixx llooggggiinngg ttoo ffiillee oorr ssttddoouutt

-------------------------------------------------------------------------------

OOvveerrvviieeww

Postfix supports it own logging system as an alternative to syslog (which
remains the default). This is available with Postfix version 3.4 or later.

Topics covered in this document:

  * Configuring logging to file
  * Configuring logging to stdout
  * Rotating logs
  * Limitations

CCoonnffiigguurriinngg llooggggiinngg ttoo ffiillee

Logging to file solves a usability problem for MacOS, and eliminates multiple
problems for systemd-based systems.

 1. Add the following line to master.cf if not already present (note: there
    must be no whitespace at the start of the line):

        postlog   unix-dgram n  -       n       -       1       postlogd

    Note: the service type "uunniixx--ddggrraamm" was introduced with Postfix 3.4. Remove
    the above line before backing out to an older Postfix version.

 2. Configure Postfix to write logging, to, for example, /var/log/postfix.log.
    See also the "Logfile rotation" section below for logfile management.

        # postfix stop
        # postconf maillog_file=/var/log/postfix.log
        # postfix start

    By default, the logfile name must start with "/var" or "/dev/stdout" (the
    list of allowed prefixes is configured with the maillog_file_prefixes
    parameter). This safety mechanism limits the damage from a single
    configuration mistake.

CCoonnffiigguurriinngg llooggggiinngg ttoo ssttddoouutt

Logging to stdout is useful when Postfix runs in a container, as it eliminates
a syslogd dependency.

 1. Add the following line to master.cf if not already present (note: there
    must be no whitespace at the start of the line):

        postlog   unix-dgram n  -       n       -       1       postlogd

    Note: the service type "uunniixx--ddggrraamm" was introduced with Postfix 3.4. Remove
    the above line before backing out to an older Postfix version.

 2. Configure main.cf with "maillog_file = /dev/stdout".

 3. Start Postfix with "ppoossttffiixx ssttaarrtt--ffgg".

RRoottaattiinngg llooggss

The command "ppoossttffiixx llooggrroottaattee" may be run by hand or by a cronjob. It logs all
errors, and reports errors to stderr if run from a terminal. This command
implements the following steps:

  * Rename the current logfile by appending a suffix that contains the date and
    time. This suffix is configured with the maillog_file_rotate_suffix
    parameter (default: %Y%m%d-%H%M%S).

  * Reload Postfix so that postlogd(8) immediately closes the old logfile.

  * After a brief pause, compress the old logfile. The compression program is
    configured with the maillog_file_compressor parameter (default: gzip).

Notes:

  * This command will not rotate a logfile with pathname under the /dev
    directory, such as /dev/stdout.

  * This command does not (yet) remove old logfiles.

LLiimmiittaattiioonnss

Background:

  * Postfix consists of a number of daemon programs, and non-daemon programs
    some of which are used for local mail submission, and some for Postfix
    management.

  * Logging to Postfix logfile or stdout requires the Postfix postlogd(8)
    service. This ensures that simultaneous logging from different programs
    will not get mixed up.

  * All Postfix programs can log to syslog, but not all programs have
    sufficient privileges to use the Postfix logging service, and many non-
    daemon programs must not log to stdout as that would corrupt their output.

Limitations:

  * Non-daemon Postfix programs will log errors to syslogd(8) before they have
    processed command-line options and main.cf parameters.

  * If Postfix is down, the non-daemon programs postfix(1), postsuper(1),
    postmulti(1), and postlog(1), will log directly to $maillog_file. These
    programs expect to run with root privileges, for example during Postfix
    start-up, reload, or shutdown.

  * Other non-daemon Postfix programs will never write directly to
    $maillog_file (also, logging to stdout would interfere with the operation
    of some of these programs). These programs can log to postlogd(8) if they
    are run by the super-user, or if their executable file has set-gid
    permission. Do not set this permission on programs other than postdrop(1)
    and postqueue(1).