NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2006-10

Re: Postfix maillog output and Logwatch

From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Mon Oct 02 2006 - 13:26:26 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 02, 2006 at 12:08:23PM -0600, Rob Myroon wrote:

> I believe that the line of output generated by Postfix when a local user
> sends an e-mail is not quite right

When in doubt ask a question rather than claim a bug.

> A line of output from postfix when a local user sends an e-mail looks
> like this:
>
> Oct 2 11:37:31 explorer2 postfix/qmgr[9096]: 045CF7BC21:
> from=<local.usertartan.ca>, size=1317, nrcpt=1 (queue active)

This is correct.

> A line of output from postfix when an outside user sends us an e-mail
> looks like this:
>
> Oct 2 11:35:59 explorer2 postfix/qmgr[9096]: 730637BC21:
> from=<outside.usersomeplace.com>, size=19422, nrcpt=1 (queue active)

This is also correct.

> They are the same.

This is to be expected.

> According to the Logwatch perl script it is looking
> for the text "uid=***" before the "from" text.

The "logwatch" script is looking for the wrong thing. The "uid=" is
logged by the pickup(8) daemon when cleanup(8) allocates a queue file
for the new message. It is not logged by qmgr(8).

    2006-10-02T14:22:44-0400 amnesiac postfix/pickup[26391]:
            7549B69B38: uid=0 from=<root>
    2006-10-02T14:22:44-0400 amnesiac postfix/cleanup[30836]:
            7549B69B38: message-id=<20061002182244.7549B69B38amnesiac.example.com>
    2006-10-02T14:22:44-0400 amnesiac postfix/qmgr[27072]:
            7549B69B38: from=<rootexample.com>, size=274, nrcpt=1 (queue active)
    2006-10-02T14:22:44-0400 amnesiac postfix/smtp[30838]:
            7549B69B38: to=<luserexample.com>,
        relay=mailhub.example.com[192.0.2.25]:25,
        delay=0.26, delays=0.11/0.02/0.03/0.1, dsn=2.0.0, status=sent
        (250 2.0.0 k92IMiY08528 Message accepted for delivery)
    2006-10-02T14:22:44-0400 amnesiac postfix/qmgr[27072]:
            7549B69B38: removed

> If the "uid" text was
> present then logwatch would be able to pick out e-mails sent by local
> users. Is the problem that postfix is looking for the uid number in
> /etc/passwd but the uid numbers are in the ldap directory?
>
> (This isn't a serious problem but it has been bugging me for a long time.)
>
> redhat es4
> postfix 2.2.10
> logwatch 7.3.1

File a bug report for logwatch if logwatch is expected to be able to handle
Postfix logs.

--
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]