Postfix Spamming syslog.

Discussion in 'HOWTO-Related Questions' started by eldaria, Nov 19, 2006.

  1. eldaria

    eldaria New Member

    I followed the Perfect Edgy setp, and have a bit of a nucians with postfix.

    Is it possible to have postfix send all the smtp relqated reports to something else than /var/log/syslog?

    The thing is on a busy system , I get so much stuff in syslog from postifx that it is difficult to find other system events.
    It would be nicer if postfix would send it's information to something like /var/log/postifx and only log important info to syslog, such as startup and shutdown or errors.

    Just an example of how much crap it log to syslog.
    Code:
    Nov 19 12:48:28 lnx1 postfix/smtpd[18279]: BDCEE9003C: client=216-114-50.132110.adsl.tele2.no[193.216.114.50]
    Nov 19 12:48:29 lnx1 postfix/cleanup[18285]: BDCEE9003C: message-id=<[email protected]>
    Nov 19 12:48:30 lnx1 postfix/qmgr[6024]: BDCEE9003C: from=<[email protected]>, size=9946, nrcpt=1 (queue active)
    Nov 19 12:48:30 lnx1 postfix/pickup[17283]: 3413F90111: uid=10001 from=<web1_**removed*>
    Nov 19 12:48:30 lnx1 postfix/cleanup[18285]: 3413F90111: message-id=<[email protected]**removed*.net>
    Nov 19 12:48:30 lnx1 postfix/qmgr[6024]: 3413F90111: from=<[email protected]**removed*.net>, size=383, nrcpt=1 (queue active)
    Nov 19 12:48:30 lnx1 postfix/local[18303]: 3413F90111: to=<[email protected]>, relay=local, delay=0, status=sent (delivered to command: /usr/bin/procmail -f-)
    Nov 19 12:48:30 lnx1 postfix/qmgr[6024]: 3413F90111: removed
    Nov 19 12:48:30 lnx1 postfix/smtpd[18279]: NOQUEUE: reject: RCPT from 216-114-50.132110.adsl.tele2.no[193.216.114.50]: 550 <info@**removed*.net>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<info@**removed*.net> proto=SMTP helo=<143106416>
    Nov 19 12:48:31 lnx1 postfix/smtpd[18279]: A52E39010F: client=216-114-50.132110.adsl.tele2.no[193.216.114.50]
    Nov 19 12:48:32 lnx1 postfix/cleanup[18285]: A52E39010F: message-id=<[email protected]>
    Nov 19 12:48:33 lnx1 postfix/qmgr[6024]: A52E39010F: from=<[email protected]>, size=9566, nrcpt=1 (queue active)
    Nov 19 12:48:33 lnx1 postfix/pickup[17283]: B9F52901AD: uid=10001 from=<web1_**removed*>
    Nov 19 12:48:33 lnx1 postfix/cleanup[18285]: B9F52901AD: message-id=<[email protected]**removed*.net>
    Nov 19 12:48:33 lnx1 postfix/qmgr[6024]: B9F52901AD: from=<[email protected]**removed*.net>, size=383, nrcpt=1 (queue active)
    Nov 19 12:48:33 lnx1 postfix/local[18337]: B9F52901AD: to=<[email protected]>, relay=local, delay=0, status=sent (delivered to command: /usr/bin/procmail -f-)
    Nov 19 12:48:33 lnx1 postfix/qmgr[6024]: B9F52901AD: removed
    Nov 19 12:48:33 lnx1 postfix/smtpd[18279]: disconnect from 216-114-50.132110.adsl.tele2.no[193.216.114.50]
    Nov 19 12:48:34 lnx1 postfix/local[18286]: BDCEE9003C: to=<[email protected]**removed*.net>, orig_to=<webmaster@**removed*.net>, relay=local, delay=6, status=sent (delivered to command: /usr/bin/procmail -f-)
    Nov 19 12:48:34 lnx1 postfix/qmgr[6024]: BDCEE9003C: removed
    Nov 19 12:48:37 lnx1 postfix/local[18303]: A52E39010F: to=<[email protected]**removed*.net>, orig_to=<**removed*@**removed*.net>, relay=local, delay=6, status=sent (delivered to command: /usr/bin/procmail -f-)
    Nov 19 12:48:37 lnx1 postfix/qmgr[6024]: A52E39010F: removed
    Nov 19 12:51:53 lnx1 postfix/anvil[18281]: statistics: max connection rate 1/60s for (smtp:193.216.114.50) at Nov 19 12:48:26
    Nov 19 12:51:53 lnx1 postfix/anvil[18281]: statistics: max connection count 1 for (smtp:193.216.114.50) at Nov 19 12:48:26
    Nov 19 12:51:53 lnx1 postfix/anvil[18281]: statistics: max cache size 1 at Nov 19 12:48:26
    Nov 19 12:58:16 lnx1 postfix/smtpd[18485]: connect from unknown[192.168.1.3]
    Nov 19 12:58:16 lnx1 postfix/smtpd[18485]: setting up TLS connection from unknown[192.168.1.3]
    Nov 19 12:58:17 lnx1 postfix/smtpd[18485]: TLS connection established from unknown[192.168.1.3]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Nov 19 12:58:17 lnx1 postfix/smtpd[18485]: 2DEFA90117: client=unknown[192.168.1.3], sasl_method=PLAIN, sasl_username=web1_**removed*
    Nov 19 12:58:17 lnx1 postfix/cleanup[18489]: 2DEFA90117: message-id=<200611191257.41403.**removed*@**removed*.net>
    Nov 19 12:58:17 lnx1 postfix/qmgr[6024]: 2DEFA90117: from=<**removed*@**removed*.net>, size=5531, nrcpt=1 (queue active)
    Nov 19 12:58:17 lnx1 postfix/smtpd[18485]: disconnect from unknown[192.168.1.3]
    Nov 19 12:58:18 lnx1 postfix/smtp[18492]: 2DEFA90117: to=<[email protected]>, relay=smtp.orange.nl[193.252.22.251], delay=1, status=sent (250 Ok: queued as 7EADD7000084)
    Nov 19 12:58:18 lnx1 postfix/qmgr[6024]: 2DEFA90117: removed
    Nov 19 13:00:01 lnx1 /USR/SBIN/CRON[18515]: (root) CMD (/root/ispconfig/php/php /root/ispconfig/scripts/shell/check_services.php &> /dev/null)
    Nov 19 13:00:01 lnx1 proftpd[18518]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session opened.
    Nov 19 13:00:01 lnx1 proftpd[18518]: localhost.localdomain (localhost.localdomain[127.0.0.1]) - FTP session closed.
    Nov 19 13:01:37 lnx1 postfix/anvil[18487]: statistics: max connection rate 1/60s for (smtp:192.168.1.3) at Nov 19 12:58:16
    Nov 19 13:01:37 lnx1 postfix/anvil[18487]: statistics: max connection count 1 for (smtp:192.168.1.3) at Nov 19 12:58:16
    Nov 19 13:01:37 lnx1 postfix/anvil[18487]: statistics: max cache size 1 at Nov 19 12:58:16
    Nov 19 13:02:46 lnx1 postfix/smtpd[18559]: connect from 50.185.101-84.rev.gaoland.net[84.101.185.50]
    Nov 19 13:02:47 lnx1 postfix/smtpd[18559]: NOQUEUE: reject: RCPT from 50.185.101-84.rev.gaoland.net[84.101.185.50]: 550 <jessica@**removed*.net>: Recipient address rejected: User unknown in local recipient table; from=<[email protected]> to=<jessica@**removed*.net> proto=SMTP helo=<cbinet.com>
    Nov 19 13:02:47 lnx1 postfix/smtpd[18559]: lost connection after RCPT from 50.185.101-84.rev.gaoland.net[84.101.185.50]
    Nov 19 13:02:47 lnx1 postfix/smtpd[18559]: disconnect from 50.185.101-84.rev.gaoland.net[84.101.185.50]
    Nov 19 13:04:58 lnx1 postfix/smtpd[18592]: connect from s87.loopia.se[194.9.94.113]
    Nov 19 13:04:59 lnx1 postfix/smtpd[18592]: setting up TLS connection from s87.loopia.se[194.9.94.113]
    Nov 19 13:04:59 lnx1 postfix/smtpd[18592]: TLS connection established from s87.loopia.se[194.9.94.113]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
    Nov 19 13:04:59 lnx1 postfix/smtpd[18592]: 928908C8E1: client=s87.loopia.se[194.9.94.113]
    Nov 19 13:04:59 lnx1 postfix/cleanup[18593]: 928908C8E1: message-id=<[email protected]**removed*.se>
    Nov 19 13:04:59 lnx1 postfix/qmgr[6024]: 928908C8E1: from=<[email protected]>, size=2278, nrcpt=1 (queue active)
    Nov 19 13:04:59 lnx1 postfix/smtpd[18592]: disconnect from s87.loopia.se[194.9.94.113]
    Nov 19 13:05:00 lnx1 postfix/pickup[17283]: 1955D90039: uid=10001 from=<web1_**removed*>
    Nov 19 13:05:00 lnx1 postfix/cleanup[18593]: 1955D90039: message-id=<[email protected]**removed*.net>
    Nov 19 13:05:00 lnx1 postfix/qmgr[6024]: 1955D90039: from=<[email protected]**removed*.net>, size=383, nrcpt=1 (queue active)
    Nov 19 13:05:00 lnx1 postfix/local[18611]: 1955D90039: to=<[email protected]>, relay=local, delay=0, status=sent (delivered to command: /usr/bin/procmail -f-)
    Nov 19 13:05:00 lnx1 postfix/qmgr[6024]: 1955D90039: removed
    Nov 19 13:05:07 lnx1 postfix/local[18594]: 928908C8E1: to=<[email protected]**removed*.net>, orig_to=<**removed*@**removed*.net>, relay=local, delay=8, status=sent (delivered to command: /usr/bin/procmail -f-)
    Nov 19 13:05:07 lnx1 postfix/qmgr[6024]: 928908C8E1: removed
    Nov 19 13:08:19 lnx1 postfix/anvil[18561]: statistics: max connection rate 1/60s for (smtp:84.101.185.50) at Nov 19 13:02:46
    Nov 19 13:08:19 lnx1 postfix/anvil[18561]: statistics: max connection count 1 for (smtp:84.101.185.50) at Nov 19 13:02:46
    Nov 19 13:08:19 lnx1 postfix/anvil[18561]: statistics: max cache size 1 at Nov 19 13:02:46
    Nov 19 13:09:01 lnx1 /USR/SBIN/CRON[18677]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
    Nov 19 13:14:45 lnx1 postfix/smtpd[18760]: connect from unknown[220.94.12.114]
    Nov 19 13:14:47 lnx1 postfix/smtpd[18760]: 15C708FEEC: client=unknown[220.94.12.114]
    Nov 19 13:14:47 lnx1 postfix/cleanup[18764]: 15C708FEEC: message-id=<[email protected]>
    Nov 19 13:14:48 lnx1 postfix/qmgr[6024]: 15C708FEEC: from=<[email protected]>, size=26383, nrcpt=1 (queue active)
    Nov 19 13:14:48 lnx1 postfix/cleanup[18764]: ACAAA90460: message-id=<[email protected]>
    Nov 19 13:14:48 lnx1 postfix/local[18767]: 15C708FEEC: to=<[email protected]**removed*.net>, orig_to=<**removed*@**removed*.net>, relay=local, delay=2, status=sent (forwarded as ACAAA90460)
    Nov 19 13:14:48 lnx1 postfix/qmgr[6024]: ACAAA90460: from=<[email protected]>, size=26520, nrcpt=1 (queue active)
    Nov 19 13:14:48 lnx1 postfix/qmgr[6024]: 15C708FEEC: removed
    Nov 19 13:14:49 lnx1 postfix/smtpd[18760]: disconnect from unknown[220.94.12.114]
    Nov 19 13:14:49 lnx1 postfix/smtp[18768]: ACAAA90460: to=<**removed*@**removed*.com>, orig_to=<**removed*@**removed*.net>, relay=smtp.orange.nl[193.252.22.251], delay=1, status=sent (250 Ok: queued as A60EE7000089)
    Nov 19 13:14:49 lnx1 postfix/qmgr[6024]: ACAAA90460: removed
    Nov 19 13:17:01 lnx1 /USR/SBIN/CRON[18798]: (root) CMD (   run-parts --report /etc/cron.hourly)
    Nov 19 13:17:03 lnx1 kernel: [46242.048591] EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
    Nov 19 13:18:09 lnx1 postfix/anvil[18762]: statistics: max connection rate 1/60s for (smtp:220.94.12.114) at Nov 19 13:14:45
    Nov 19 13:18:09 lnx1 postfix/anvil[18762]: statistics: max connection count 1 for (smtp:220.94.12.114) at Nov 19 13:14:45
    Nov 19 13:18:09 lnx1 postfix/anvil[18762]: statistics: max cache size 1 at Nov 19 13:14:45
    
    
     
  2. todgerme

    todgerme Member

    Take a look at /etc/syslog.conf, to remove the mail logging from syslog make sure you have a line similar to the one below:


    *.*;auth,authpriv.none;mail.none;mail.error -/var/log/syslog


    Reboot/restart syslog server and hopefully logging be gone!
     
    Last edited: Nov 20, 2006

Share This Page