1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
PPoossttffiixx llooggggiinngg ttoo ffiillee oorr ssttddoouutt
-------------------------------------------------------------------------------
OOvveerrvviieeww
Postfix supports it own logging system as an alternative to syslog (which
remains the default). This is available with Postfix version 3.4 or later.
Topics covered in this document:
* Configuring logging to file
* Configuring logging to stdout
* Rotating logs
* Limitations
CCoonnffiigguurriinngg llooggggiinngg ttoo ffiillee
Logging to file solves a usability problem for MacOS, and eliminates multiple
problems for systemd-based systems.
1. Add the following line to master.cf if not already present (note: there
must be no whitespace at the start of the line):
postlog unix-dgram n - n - 1 postlogd
Note: the service type "uunniixx--ddggrraamm" was introduced with Postfix 3.4. Remove
the above line before backing out to an older Postfix version.
2. Configure Postfix to write logging, to, for example, /var/log/postfix.log.
See also the "Logfile rotation" section below for logfile management.
# postfix stop
# postconf maillog_file=/var/log/postfix.log
# postfix start
By default, the logfile name must start with "/var" or "/dev/stdout" (the
list of allowed prefixes is configured with the maillog_file_prefixes
parameter). This safety mechanism limits the damage from a single
configuration mistake.
CCoonnffiigguurriinngg llooggggiinngg ttoo ssttddoouutt
Logging to stdout is useful when Postfix runs in a container, as it eliminates
a syslogd dependency.
1. Add the following line to master.cf if not already present (note: there
must be no whitespace at the start of the line):
postlog unix-dgram n - n - 1 postlogd
Note: the service type "uunniixx--ddggrraamm" was introduced with Postfix 3.4. Remove
the above line before backing out to an older Postfix version.
2. Configure main.cf with "maillog_file = /dev/stdout".
3. Start Postfix with "ppoossttffiixx ssttaarrtt--ffgg".
RRoottaattiinngg llooggss
The command "ppoossttffiixx llooggrroottaattee" may be run by hand or by a cronjob. It logs all
errors, and reports errors to stderr if run from a terminal. This command
implements the following steps:
* Rename the current logfile by appending a suffix that contains the date and
time. This suffix is configured with the maillog_file_rotate_suffix
parameter (default: %Y%m%d-%H%M%S).
* Reload Postfix so that postlogd(8) immediately closes the old logfile.
* After a brief pause, compress the old logfile. The compression program is
configured with the maillog_file_compressor parameter (default: gzip).
Notes:
* This command will not rotate a logfile with pathname under the /dev
directory, such as /dev/stdout.
* This command does not (yet) remove old logfiles.
LLiimmiittaattiioonnss
Background:
* Postfix consists of a number of daemon programs, and non-daemon programs
some of which are used for local mail submission, and some for Postfix
management.
* Logging to Postfix logfile or stdout requires the Postfix postlogd(8)
service. This ensures that simultaneous logging from different programs
will not get mixed up.
* All Postfix programs can log to syslog, but not all programs have
sufficient privileges to use the Postfix logging service, and many non-
daemon programs must not log to stdout as that would corrupt their output.
Limitations:
* Non-daemon Postfix programs will log errors to syslogd(8) before they have
processed command-line options and main.cf parameters.
* If Postfix is down, the non-daemon programs postfix(1), postsuper(1),
postmulti(1), and postlog(1), will log directly to $maillog_file. These
programs expect to run with root privileges, for example during Postfix
start-up, reload, or shutdown.
* Other non-daemon Postfix programs will never write directly to
$maillog_file (also, logging to stdout would interfere with the operation
of some of these programs). These programs can log to postlogd(8) if they
are run by the super-user, or if their executable file has set-gid
permission. Do not set this permission on programs other than postdrop(1)
and postqueue(1).
|