Logwatch "unmatched" postfix messages

Bugs in eFa 4
Post Reply
warlord
Posts: 19
Joined: 16 May 2019 21:21

Logwatch "unmatched" postfix messages

Post by warlord » 21 May 2019 12:51

Hi,
Running 4.x on CentOS 7.6, and in my daily logwatch it's seeing a lot of "unmatched" postfix entries:

--------------------- Postfix Begin ------------------------

1 Miscellaneous warnings

4 Connections
2 Connections lost (inbound)
4 Disconnections



**Unmatched Entries**
1 May 19 03:11:45 efa postfix/cleanup[29299]: 456CrK5pZyz4DmV: message-id=<456CrK5pZyz4DmV@efa.DOM.AIN>
1 May 19 03:11:45 efa postfix/pickup[20748]: 456CrK5pZyz4DmV: uid=0 from=<root>
1 May 19 03:11:55 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: removed
1 May 19 03:11:45 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: from=<root@DOM.AIN>, size=5374, nrcpt=1 (queue active)
1 May 19 03:11:55 efa postfix/smtp[29313]: 456CrK5pZyz4DmV: to=<ME@DOM.AIN>, orig_to=<root>, relay=mail2.DOM.AIN[XXX.XXX.XXX.XXX]:25, delay=52, delays=43/0.02/0.13/9.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8FB04E2049)

---------------------- Postfix End -------------------------

This is on days when I literally have only one message coming through the system (it's not in production yet). I get 3x this when I have 3 messages through the system (e.g. a cron message too). I can't imagine what will happen once I get 500/day (or more). This seems like a postfix log format vs logwatch script expectation mismatch, possibly due to changes made by the EFA postfix package?

User avatar
shawniverson
Posts: 3087
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Logwatch "unmatched" postfix messages

Post by shawniverson » 08 Jul 2019 09:49

So I installed logwatch and am seeing the same behavior. I'll research this. It seems that logwatch is not aware of the way mail is flowing through postfix via mailscanner.
Version eFa 4.0.2 now available!

warlord
Posts: 19
Joined: 16 May 2019 21:21

Re: Logwatch "unmatched" postfix messages

Post by warlord » 02 Jan 2020 15:40

Hi.
FYI, this is still an issue in 4.0.1-8
(do I need to manually switch over from 4-testing to -stable?)

User avatar
shawniverson
Posts: 3087
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Logwatch "unmatched" postfix messages

Post by shawniverson » 03 Jan 2020 01:55

This is not an an eFa problem but rather a Logwatch problem.

Logwatch does not understand the requeueing pipeline of eFa that results from the use of a milter (the queue id changes as the result of two independent queues in use). Logwatch would have to somehow take this into account and have code specially crafted to match the entries.

See

http://logreporters.sourceforge.net/faq.html#unmatched
Version eFa 4.0.2 now available!

warlord
Posts: 19
Joined: 16 May 2019 21:21

Re: Logwatch "unmatched" postfix messages

Post by warlord » 20 Feb 2020 18:12

Thanks for the link (and sorry for the long delay in responding). I have emailed them a sample. Hopefully they will respond quickly.
Considering I expect to get hundreds of emails per day, thousands of unmatched entries in logwatch in untenable.
I will respond again if/when I hear anything.

warlord
Posts: 19
Joined: 16 May 2019 21:21

Re: Logwatch "unmatched" postfix messages

Post by warlord » 20 Feb 2020 23:51

Got a response. The fix is to add this configuration to turn on long-queue-id processing:

Code: Select all

cat > /etc/logwatch/conf/services/postfix.conf <<EOF
$postfix_Enable_Long_Queue_Ids = Yes
EOF

User avatar
shawniverson
Posts: 3087
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Logwatch "unmatched" postfix messages

Post by shawniverson » 24 Feb 2020 00:41

That was all? Cool :)
Version eFa 4.0.2 now available!

Post Reply