On 2015.01.16 09.43, wie...@porcupine.org (Wietse Venema) wrote:
btb:
postconf -Mf
smtp inet n - - - 1 postscreen
Yep, it's chrooted. You need to configure syslog to add a log
socket to the jail, or turn off chroot.
during this period, postfix activity from all other postfix processes is
getting logged successfully, most of which are chrooted, and postscreen
is logging fine outside of this one period. i think chroot is not the
You are missing an important detail.
On a busy server postscreen will run forever. It will never reconnect
to the new syslog server.
On a busy or idle server, smtpd runs only for a few minutes. The
next smtpd process will automatically to the new syslog server.
I am 99.99% certain that chroot is the problem here.
thanks, i'll concede this analysis. i don't have enough forensic
evidence to confirm but i now believe that the symptom of mail appearing
to get through which shouldn't have was the red herring [sorry viktor!]
- that the client in question was added to postscreen_access_list just
after this, and it was just a coincidence of timing.
i guess i consider lost logs to be a bug - i'll submit a bug report to
ubuntu for this. in your opinion, would this be something the postfix
package maintainer should address, or the syslog-ng packager maintainer
[or is it just the admin's fault]?
-ben
