On 2015.01.15 22.21, Viktor Dukhovni wrote:
On Thu, Jan 15, 2015 at 09:57:53PM -0500, b...@bitrate.net wrote:
i happened to notice that on one of our two mxes, no postscreen activity was
logged between 06:25:09 and 11:54:42:
Jan 15 06:25:09 mta2 postfix/postscreen[22371]: DISCONNECT
[103.242.116.92]:37543
Jan 15 11:54:42 mta2 postfix/postscreen[25663]: CONNECT from
[209.85.213.183]:41380 to [10.3.70.6]:25
Note the change of pid! You probably ran "postfix reload" right
around then.
no postfix reload, there, no. those two log entries are 5+ hours apart.
it was just to illustrate the time period.
but other postfix activity was *logging* normally, and mail was flowing
normally:
all of this makes it seems like postscreen wasn't working during that period,
and i'm wondering why that might be.
Actually it was working, just wasn't logging!
i thought so too. it seemed the most obvious answer, but i began to
change my mind when i saw mail getting accepted which should have been
rejected by postscreen_access_list. it also doesn't explain why postfix
was logging other process activity successfully during that time.
I avoid sending SIGHUP to the log daemon, and use syslog-ng with
date based output files which are expired by scripts other than
logrotate, that way I don't lose any log messages.
thanks for this suggestion, we may do that.
postconf -Mf
smtp inet n - - - 1 postscreen
Yep, it's chrooted. You need to configure syslog to add a log
socket to the jail, or turn off chroot.
during this period, postfix activity from all other postfix processes is
getting logged successfully, most of which are chrooted, and postscreen
is logging fine outside of this one period. i think chroot is not the
culprit here.
-ben
