NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2006-10

Re: Postfix maillog output and Logwatch

From: Rob Myroon (rob.myroontartan.ca)
Date: Mon Oct 02 2006 - 14:23:50 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor Duchovni wrote:
> On Mon, Oct 02, 2006 at 12:08:23PM -0600, Rob Myroon wrote:
>
>> I believe that the line of output generated by Postfix when a local user
>> sends an e-mail is not quite right
>
> When in doubt ask a question rather than claim a bug.
>

I didn't mean to imply it was a bug. I thought that I had postfix
misconfigured.

>> A line of output from postfix when a local user sends an e-mail looks
>> like this:
>>
>> Oct 2 11:37:31 explorer2 postfix/qmgr[9096]: 045CF7BC21:
>> from=<local.usertartan.ca>, size=1317, nrcpt=1 (queue active)
>
> This is correct.
>
>> A line of output from postfix when an outside user sends us an e-mail
>> looks like this:
>>
>> Oct 2 11:35:59 explorer2 postfix/qmgr[9096]: 730637BC21:
>> from=<outside.usersomeplace.com>, size=19422, nrcpt=1 (queue active)
>
> This is also correct.
>
>> They are the same.
>
> This is to be expected.
>
>> According to the Logwatch perl script it is looking
>> for the text "uid=***" before the "from" text.
>
> The "logwatch" script is looking for the wrong thing. The "uid=" is
> logged by the pickup(8) daemon when cleanup(8) allocates a queue file
> for the new message. It is not logged by qmgr(8).
>

It looks like logwatch isn't able to report the number of e-mail sent by
each local user.

> 2006-10-02T14:22:44-0400 amnesiac postfix/pickup[26391]:
> 7549B69B38: uid=0 from=<root>
> 2006-10-02T14:22:44-0400 amnesiac postfix/cleanup[30836]:
> 7549B69B38: message-id=<20061002182244.7549B69B38amnesiac.example.com>
> 2006-10-02T14:22:44-0400 amnesiac postfix/qmgr[27072]:
> 7549B69B38: from=<rootexample.com>, size=274, nrcpt=1 (queue active)
> 2006-10-02T14:22:44-0400 amnesiac postfix/smtp[30838]:
> 7549B69B38: to=<luserexample.com>,
> relay=mailhub.example.com[192.0.2.25]:25,
> delay=0.26, delays=0.11/0.02/0.03/0.1, dsn=2.0.0, status=sent
> (250 2.0.0 k92IMiY08528 Message accepted for delivery)
> 2006-10-02T14:22:44-0400 amnesiac postfix/qmgr[27072]:
> 7549B69B38: removed
>
>> If the "uid" text was
>> present then logwatch would be able to pick out e-mails sent by local
>> users. Is the problem that postfix is looking for the uid number in
>> /etc/passwd but the uid numbers are in the ldap directory?
>>
>> (This isn't a serious problem but it has been bugging me for a long time.)
>>
>> redhat es4
>> postfix 2.2.10
>> logwatch 7.3.1
>
> File a bug report for logwatch if logwatch is expected to be able to handle
> Postfix logs.
>

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]