Logwatch "unmatched" postfix messages

Bugs in eFa 4
Post Reply
warlord
Posts: 19
Joined: 16 May 2019 21:21

Logwatch "unmatched" postfix messages

Post by warlord »

Hi,
Running 4.x on CentOS 7.6, and in my daily logwatch it's seeing a lot of "unmatched" postfix entries:

--------------------- Postfix Begin ------------------------

1 Miscellaneous warnings

4 Connections
2 Connections lost (inbound)
4 Disconnections



**Unmatched Entries**
1 May 19 03:11:45 efa postfix/cleanup[29299]: 456CrK5pZyz4DmV: message-id=<456CrK5pZyz4DmV@efa.DOM.AIN>
1 May 19 03:11:45 efa postfix/pickup[20748]: 456CrK5pZyz4DmV: uid=0 from=<root>
1 May 19 03:11:55 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: removed
1 May 19 03:11:45 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: from=<root@DOM.AIN>, size=5374, nrcpt=1 (queue active)
1 May 19 03:11:55 efa postfix/smtp[29313]: 456CrK5pZyz4DmV: to=<ME@DOM.AIN>, orig_to=<root>, relay=mail2.DOM.AIN[XXX.XXX.XXX.XXX]:25, delay=52, delays=43/0.02/0.13/9.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8FB04E2049)

---------------------- Postfix End -------------------------

This is on days when I literally have only one message coming through the system (it's not in production yet). I get 3x this when I have 3 messages through the system (e.g. a cron message too). I can't imagine what will happen once I get 500/day (or more). This seems like a postfix log format vs logwatch script expectation mismatch, possibly due to changes made by the EFA postfix package?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Logwatch "unmatched" postfix messages

Post by shawniverson »

So I installed logwatch and am seeing the same behavior. I'll research this. It seems that logwatch is not aware of the way mail is flowing through postfix via mailscanner.
warlord
Posts: 19
Joined: 16 May 2019 21:21

Re: Logwatch "unmatched" postfix messages

Post by warlord »

Hi.
FYI, this is still an issue in 4.0.1-8
(do I need to manually switch over from 4-testing to -stable?)
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Logwatch "unmatched" postfix messages

Post by shawniverson »

This is not an an eFa problem but rather a Logwatch problem.

Logwatch does not understand the requeueing pipeline of eFa that results from the use of a milter (the queue id changes as the result of two independent queues in use). Logwatch would have to somehow take this into account and have code specially crafted to match the entries.

See

http://logreporters.sourceforge.net/faq.html#unmatched
warlord
Posts: 19
Joined: 16 May 2019 21:21

Re: Logwatch "unmatched" postfix messages

Post by warlord »

Thanks for the link (and sorry for the long delay in responding). I have emailed them a sample. Hopefully they will respond quickly.
Considering I expect to get hundreds of emails per day, thousands of unmatched entries in logwatch in untenable.
I will respond again if/when I hear anything.
warlord
Posts: 19
Joined: 16 May 2019 21:21

Re: Logwatch "unmatched" postfix messages

Post by warlord »

Got a response. The fix is to add this configuration to turn on long-queue-id processing:

Code: Select all

cat > /etc/logwatch/conf/services/postfix.conf <<EOF
$postfix_Enable_Long_Queue_Ids = Yes
EOF
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Logwatch "unmatched" postfix messages

Post by shawniverson »

That was all? Cool :)
Post Reply