Hi,
Running 4.x on CentOS 7.6, and in my daily logwatch it's seeing a lot of "unmatched" postfix entries:
--------------------- Postfix Begin ------------------------
1 Miscellaneous warnings
4 Connections
2 Connections lost (inbound)
4 Disconnections
**Unmatched Entries**
1 May 19 03:11:45 efa postfix/cleanup[29299]: 456CrK5pZyz4DmV: message-id=<456CrK5pZyz4DmV@efa.DOM.AIN>
1 May 19 03:11:45 efa postfix/pickup[20748]: 456CrK5pZyz4DmV: uid=0 from=<root>
1 May 19 03:11:55 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: removed
1 May 19 03:11:45 efa postfix/qmgr[4362]: 456CrK5pZyz4DmV: from=<root@DOM.AIN>, size=5374, nrcpt=1 (queue active)
1 May 19 03:11:55 efa postfix/smtp[29313]: 456CrK5pZyz4DmV: to=<ME@DOM.AIN>, orig_to=<root>, relay=mail2.DOM.AIN[XXX.XXX.XXX.XXX]:25, delay=52, delays=43/0.02/0.13/9.6, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 8FB04E2049)
---------------------- Postfix End -------------------------
This is on days when I literally have only one message coming through the system (it's not in production yet). I get 3x this when I have 3 messages through the system (e.g. a cron message too). I can't imagine what will happen once I get 500/day (or more). This seems like a postfix log format vs logwatch script expectation mismatch, possibly due to changes made by the EFA postfix package?
Logwatch "unmatched" postfix messages
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Logwatch "unmatched" postfix messages
So I installed logwatch and am seeing the same behavior. I'll research this. It seems that logwatch is not aware of the way mail is flowing through postfix via mailscanner.
Re: Logwatch "unmatched" postfix messages
Hi.
FYI, this is still an issue in 4.0.1-8
(do I need to manually switch over from 4-testing to -stable?)
FYI, this is still an issue in 4.0.1-8
(do I need to manually switch over from 4-testing to -stable?)
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Logwatch "unmatched" postfix messages
This is not an an eFa problem but rather a Logwatch problem.
Logwatch does not understand the requeueing pipeline of eFa that results from the use of a milter (the queue id changes as the result of two independent queues in use). Logwatch would have to somehow take this into account and have code specially crafted to match the entries.
See
http://logreporters.sourceforge.net/faq.html#unmatched
Logwatch does not understand the requeueing pipeline of eFa that results from the use of a milter (the queue id changes as the result of two independent queues in use). Logwatch would have to somehow take this into account and have code specially crafted to match the entries.
See
http://logreporters.sourceforge.net/faq.html#unmatched
Re: Logwatch "unmatched" postfix messages
Thanks for the link (and sorry for the long delay in responding). I have emailed them a sample. Hopefully they will respond quickly.
Considering I expect to get hundreds of emails per day, thousands of unmatched entries in logwatch in untenable.
I will respond again if/when I hear anything.
Considering I expect to get hundreds of emails per day, thousands of unmatched entries in logwatch in untenable.
I will respond again if/when I hear anything.
Re: Logwatch "unmatched" postfix messages
Got a response. The fix is to add this configuration to turn on long-queue-id processing:
Code: Select all
cat > /etc/logwatch/conf/services/postfix.conf <<EOF
$postfix_Enable_Long_Queue_Ids = Yes
EOF
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Logwatch "unmatched" postfix messages
That was all? Cool