Logwatch "unmatched" postfix messages

Post by warlord » 21 May 2019 12:51

Running 4.x on CentOS 7.6, and in my daily logwatch it's seeing a lot of "unmatched" postfix entries:

--------------------- Postfix Begin ------------------------

1 Miscellaneous warnings

4 Connections
2 Connections lost (inbound)
4 Disconnections

**Unmatched Entries**
1 May 19 03:11:45 efa postfix/cleanup[29299]: 456CrK5pZyz4DmV: message-id=<456CrK5pZyz4DmV@efa.DOM.AIN>
1 May 19 03:11:45 efa postfix/pickup[20748]: 456CrK5pZyz4DmV: uid=0 from=<root>
1 May 19 03:11:55 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: removed
1 May 19 03:11:45 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: from=<root@DOM.AIN>, size=5374, nrcpt=1 (queue active)
1 May 19 03:11:55 efa postfix/smtp[29313]: 456CrK5pZyz4DmV: to=<ME@DOM.AIN>, orig_to=<root>, relay=mail2.DOM.AIN[XXX.XXX.XXX.XXX]:25, delay=52, delays=43/0.02/0.13/9.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8FB04E2049)

---------------------- Postfix End -------------------------

This is on days when I literally have only one message coming through the system (it's not in production yet). I get 3x this when I have 3 messages through the system (e.g. a cron message too). I can't imagine what will happen once I get 500/day (or more). This seems like a postfix log format vs logwatch script expectation mismatch, possibly due to changes made by the EFA postfix package?

