|
Packit |
57988d |
.TH POSTFIX-LOGWATCH 1
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.SH NAME
|
|
Packit |
57988d |
postfix-logwatch
|
|
Packit |
57988d |
\-
|
|
Packit |
57988d |
A Postfix log parser and analysis utility
|
|
Packit |
57988d |
.SH "SYNOPSIS"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
\fBpostfix-logwatch\fR [\fIoptions\fR] [\fIlogfile ...\fR]
|
|
Packit |
57988d |
.SH DESCRIPTION
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
The \fBpostfix-logwatch\fR(1) utility is a Postfix MTA log parser
|
|
Packit |
57988d |
that produces summaries, details, and statistics regarding
|
|
Packit |
57988d |
the operation of Postfix.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
This utility can be used as a
|
|
Packit |
57988d |
standalone program, or as a Logwatch filter module to produce
|
|
Packit |
57988d |
Postfix summary and detailed reports from within Logwatch.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBPostfix-logwatch\fR is able to produce
|
|
Packit |
57988d |
a wide range of reports with data grouped and sorted as much as possible
|
|
Packit |
57988d |
to reduce noise and highlight patterns.
|
|
Packit |
57988d |
Brief summary reports provide a
|
|
Packit |
57988d |
quick overview of general Postfix operations and message
|
|
Packit |
57988d |
delivery, calling out warnings that may require attention.
|
|
Packit |
57988d |
Detailed reports provide easy to scan, hierarchically-arranged
|
|
Packit |
57988d |
and organized information, with as much or little detail as
|
|
Packit |
57988d |
desired.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBPostfix-logwatch\fR outputs two principal sections: a \fBSummary\fR section
|
|
Packit |
57988d |
and a \fBDetailed\fR section.
|
|
Packit |
57988d |
For readability and quick scanning, all event or hit counts appear in the left column,
|
|
Packit |
57988d |
followed by brief description of the event type, and finally additional
|
|
Packit |
57988d |
statistics or count representations may appear in the rightmost column.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
The following segment from a sample Summary report illustrates:
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
****** Summary ********************************************
|
|
Packit |
57988d |
|
|
Packit |
57988d |
81 *Warning: Connection rate limit reached (anvil)
|
|
Packit |
57988d |
146 Warned
|
|
Packit |
57988d |
|
|
Packit |
57988d |
68.310M Bytes accepted 71,628,177
|
|
Packit |
57988d |
97.645M Bytes delivered 102,388,245
|
|
Packit |
57988d |
======== ================================================
|
|
Packit |
57988d |
|
|
Packit |
57988d |
3464 Accepted 41.44%
|
|
Packit |
57988d |
4895 Rejected 58.56%
|
|
Packit |
57988d |
-------- ------------------------------------------------
|
|
Packit |
57988d |
8359 Total 100.00%
|
|
Packit |
57988d |
======== ================================================
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
The report warns that anvil's connection rate was hit 81 times,
|
|
Packit |
57988d |
a Postfix access check WARN action was logged 146 times, and
|
|
Packit |
57988d |
a total of 68.310 megabytes (71,628,177 bytes) were accepted
|
|
Packit |
57988d |
into the Postfix system, delivering 97.645 megabytes of
|
|
Packit |
57988d |
data (due to multiple recipients).
|
|
Packit |
57988d |
The Accepted and Rejected lines show that Postfix accepted 3464 (41.44% of the total
|
|
Packit |
57988d |
messages) and rejected 4895 (the remaining 58.56%) of the 8359
|
|
Packit |
57988d |
total messages (temporary rejects show up elsewhere).
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
There are dozens of sub-sections available in the \fBDetailed\fR report, each of
|
|
Packit |
57988d |
whose output can be controlled in various ways.
|
|
Packit |
57988d |
Each sub-section attempts to group and present the most meaningful data at superior levels,
|
|
Packit |
57988d |
while pushing less useful or \fInoisy\fR data towards inferior levels.
|
|
Packit |
57988d |
The goal is to provide as much benefit as possible from smart grouping of
|
|
Packit |
57988d |
data, to allow faster report scanning, pattern identification, and problem solving.
|
|
Packit |
57988d |
Data is always sorted in descending order by count, and then numerically by IP address
|
|
Packit |
57988d |
or alphabetically as appropriate.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
The following MX errors segment from a sample \fBDetailed\fR report
|
|
Packit |
57988d |
illustrates the basic hierarchical level structure of \fBpostfix-logwatch\fR:
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
****** Detailed *******************************************
|
|
Packit |
57988d |
|
|
Packit |
57988d |
261 MX errors --------------------------------------
|
|
Packit |
57988d |
261 Unable to look up MX host
|
|
Packit |
57988d |
222 Host not found
|
|
Packit |
57988d |
73 foolishspammer.local
|
|
Packit |
57988d |
60 completely.bogus.domain.example
|
|
Packit |
57988d |
11 friend.example.com
|
|
Packit |
57988d |
39 No address associated with hostname
|
|
Packit |
57988d |
23 dummymx.sample.net
|
|
Packit |
57988d |
16 pushn.spam.sample.com
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
The \fBpostfix-logwatch\fR utility reads from STDIN or from the named Postfix
|
|
Packit |
57988d |
\fIlogfile\fR.
|
|
Packit |
57988d |
Multiple \fIlogfile\fR arguments may be specified, each processed
|
|
Packit |
57988d |
in order.
|
|
Packit |
57988d |
The user running \fBpostfix-logwatch\fR must have read permission on
|
|
Packit |
57988d |
each named log file.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
.SS Options
|
|
Packit |
57988d |
The options listed below affect the operation of \fBpostfix-logwatch\fR.
|
|
Packit |
57988d |
Options specified later on the command line override earlier ones.
|
|
Packit |
57988d |
Any option may be abbreviated to an unambiguous length.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.IP "\fB-f \fIconfig_file\fR"
|
|
Packit |
57988d |
.PD 0
|
|
Packit |
57988d |
.IP "\fB--config_file \fIconfig_file\fR"
|
|
Packit |
57988d |
.PD
|
|
Packit |
57988d |
Use an alternate configuration file \fIconfig_file\fR instead of
|
|
Packit |
57988d |
the default.
|
|
Packit |
57988d |
This option may be used more than once.
|
|
Packit |
57988d |
Multiple configuration files will be processed in the order presented on the command line.
|
|
Packit |
57988d |
See \fBCONFIGURATION FILE\fR below.
|
|
Packit |
57988d |
.IP "\fB--debug \fIkeywords\fR"
|
|
Packit |
57988d |
Output debug information during the operation of \fBpostfix-logwatch\fR.
|
|
Packit |
57988d |
The parameter \fIkeywords\fR is one or more comma or space separated keywords.
|
|
Packit |
57988d |
To obtain the list of valid keywords, use --debug xxx where xxx is any invalid keyword.
|
|
Packit |
57988d |
.IP "\fB--[no]delays\fR"
|
|
Packit |
57988d |
Enables (disables) output of the message delays percentiles report.
|
|
Packit |
57988d |
The delays percentiles report shows percentiles for each of the 4 delivery latency times reported
|
|
Packit |
57988d |
by Postfix (available in version 2.3 and later) in the form \fBdelays=\fIa\fR/\fIb\fR/\fIc\fR/\fId\fR, where
|
|
Packit |
57988d |
\fIa\fR is the amount of time before the active queue (includes time for previous delivery attempts and time in the deferred queue),
|
|
Packit |
57988d |
\fIb\fR is the amount of time in the active queue up to delivery agent handoff,
|
|
Packit |
57988d |
\fIc\fR is the amount of time spent making connections (including DNS, HELO and TLS) and
|
|
Packit |
57988d |
\fId\fR is the amount of time spent delivering the message.
|
|
Packit |
57988d |
The total delay shown comes from the \fBdelay=\fR field in a message delivery log line.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fBNote:\fR This report may consume a large amount of memory; if you have no use for it, disable the delays report.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.IP "\fB--delays_percentiles \fIp1 [p2 ...]\fR"
|
|
Packit |
57988d |
Specifies the percentiles to be used in the message delays percentiles report.
|
|
Packit |
57988d |
The percentiles \fIp1\fR, \fIp2\fR, \fI...\fR range from 0 to 100, inclusively.
|
|
Packit |
57988d |
The order of the list is not sorted - the report will output the percentiles
|
|
Packit |
57988d |
columns in the order you specify.
|
|
Packit |
57988d |
.IP "\fB--detail \fIlevel\fR"
|
|
Packit |
57988d |
Sets the maximum detail level for \fBpostfix-logwatch\fR to \fIlevel\fR.
|
|
Packit |
57988d |
This option is global, overriding any other output limiters described below.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
The \fBpostfix-logwatch\fR utility
|
|
Packit |
57988d |
produces a \fBSummary\fR section, a \fBDetailed\fR section, and
|
|
Packit |
57988d |
additional report sections.
|
|
Packit |
57988d |
With \fIlevel\fR less than 5, \fBpostfix-logwatch\fR will produce
|
|
Packit |
57988d |
only the \fBSummary\fR section.
|
|
Packit |
57988d |
At \fIlevel\fR 5 and above, the \fBDetailed\fR section, and any
|
|
Packit |
57988d |
additional report sections are candidates for output.
|
|
Packit |
57988d |
Each incremental increase in \fIlevel\fR generates one additional
|
|
Packit |
57988d |
hierarchical sub-level of output in the \fBDetailed\fR section of the report.
|
|
Packit |
57988d |
At \fIlevel\fR 10, all levels are output.
|
|
Packit |
57988d |
Lines that exceed the maximum report width (specified with
|
|
Packit |
57988d |
\fBmax_report_width\fR) will be cut.
|
|
Packit |
57988d |
Setting \fIlevel\fR to 11 will prevent lines in the report from being cut (see also \fB--line_style\fR).
|
|
Packit |
57988d |
.IP "\fB--help\fR"
|
|
Packit |
57988d |
Print usage information and a brief description about command line options.
|
|
Packit |
57988d |
.IP "\fB--ignore_service \fIpattern\fR"
|
|
Packit |
57988d |
Ignore log lines that contain the postfix service name \fBpostfix/\fIservice\fR.
|
|
Packit |
57988d |
The parameter \fIservice\fR is a regular expression.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fBNote:\fR if you use parenthesis in your regular expression, be sure they are cloistering
|
|
Packit |
57988d |
and not capturing: use \fB(?:\fIpattern\fB)\fR instead of \fB(\fIpattern\fB)\fR.
|
|
Packit |
57988d |
.IP "\fB--ipaddr_width \fIwidth\fR"
|
|
Packit |
57988d |
Specifies that IP addresses in address/hostname pairs should be printed
|
|
Packit |
57988d |
with a field width of \fIwidth\fR characters.
|
|
Packit |
57988d |
Increasing the default may be useful for systems using long IPv6 addresses.
|
|
Packit |
57988d |
.IP "\fB-l limiter=levelspec\fR"
|
|
Packit |
57988d |
.PD 0
|
|
Packit |
57988d |
.IP "\fB--limit limiter=levelspec\fR"
|
|
Packit |
57988d |
.PD
|
|
Packit |
57988d |
Sets the level limiter \fIlimiter\fR with the specification \fIlevelspec\fR.
|
|
Packit |
57988d |
.IP "\fB--line_style \fIstyle\fR"
|
|
Packit |
57988d |
Specifies how to handle long report lines.
|
|
Packit |
57988d |
Three styles are available: \fBfull\fR, \fBtruncate\fR, and \fBwrap\fR.
|
|
Packit |
57988d |
Setting \fIstyle\fR to \fBfull\fR will prevent cutting lines to \fBmax_report_width\fR;
|
|
Packit |
57988d |
this is what occurs when \fBdetail\fR is 11 or higher.
|
|
Packit |
57988d |
When \fIstyle\fR is \fBtruncate\fR (the default),
|
|
Packit |
57988d |
long lines will be truncated according to \fBmax_report_width\fR.
|
|
Packit |
57988d |
Setting \fIstyle\fR to \fBwrap\fR will wrap lines longer than \fBmax_report_width\fR such that
|
|
Packit |
57988d |
left column hit counts are not obscured.
|
|
Packit |
57988d |
This option takes precedence over the line style implied by the \fBdetail\fR level.
|
|
Packit |
57988d |
The options \fB--full\fR, \fB--truncate\fR, and \fB--wrap\fR are synonyms.
|
|
Packit |
57988d |
.IP "\fB--[no]long_queue_ids\fR"
|
|
Packit |
57988d |
Enables (disables) interpretation of long queue IDs in Postfix (>= 2.9) logs.
|
|
Packit |
57988d |
.IP "\fB--nodetail\fR"
|
|
Packit |
57988d |
Disables the \fBDetailed\fR section of the report, and all supplemental reports.
|
|
Packit |
57988d |
This option provides a convenient mechanism to quickly disable all sections
|
|
Packit |
57988d |
under the \fBDetailed\fR report, where subsequent command line
|
|
Packit |
57988d |
options may re-enable one or more sections to create specific reports.
|
|
Packit |
57988d |
.IP "\fB--[no]summary\fR"
|
|
Packit |
57988d |
.IP "\fB--show_summary\fR"
|
|
Packit |
57988d |
Enables (disables) displaying of the the \fBSummary\fR section of the report.
|
|
Packit |
57988d |
The variable Posfix_Show_Summary in used in a configuration file.
|
|
Packit |
57988d |
.IP "\fB--recipient_delimiter \fIdelimiter\fR"
|
|
Packit |
57988d |
Split email delivery addresses using the recipient delimiter character \fIdelimiter\fR.
|
|
Packit |
57988d |
This should generally match
|
|
Packit |
57988d |
the \fBrecipient_delimiter\fR specified in the Postfix parameter
|
|
Packit |
57988d |
file \fBmain.cf\fR, or the default value indicated in
|
|
Packit |
57988d |
\fBpostconf -d recipient_delimiter\fR.
|
|
Packit |
57988d |
This is very useful for obtaining per-alias statistics
|
|
Packit |
57988d |
when a recipient delimeter is used for mail delivery.
|
|
Packit |
57988d |
.IP "\fB--reject_reply_patterns \fIr1 [r2 ...]\fR"
|
|
Packit |
57988d |
Specifies the list of reject reply patterns used to create reject groups.
|
|
Packit |
57988d |
Each entry in the list \fIr1 [r2 ...]\fR must be either a three character
|
|
Packit |
57988d |
regular expression reply code of the form [45][0-9.][0-9.], or the word "Warn".
|
|
Packit |
57988d |
The "." in the regular expression is a literal dot which matches any reject reply subcode;
|
|
Packit |
57988d |
this wildcarding allows creation of broad rejects groups.
|
|
Packit |
57988d |
List order is preserved, in that reject reports will be output in the same order as
|
|
Packit |
57988d |
the entries in the list.
|
|
Packit |
57988d |
Specific reject reply codes will take priority over wildcard patterns, regardless of
|
|
Packit |
57988d |
the list order.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
The default list is "5.. 4.. Warn", which creates three groups of rejects:
|
|
Packit |
57988d |
permanent rejects, temporary reject failures, and reject warnings (as in warn_if_reject).
|
|
Packit |
57988d |
|
|
Packit |
57988d |
This feature allows, for example, distinguishing 421 transmission
|
|
Packit |
57988d |
channel closures from 45x errors (eg. 450 mailbox unavailable, 451
|
|
Packit |
57988d |
local processing errors, 452 insufficient storage).
|
|
Packit |
57988d |
Such a grouping would be configured with the list: "421 4.. 5.. Warn".
|
|
Packit |
57988d |
See RFC 2821 for more information about reply codes.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
See also \fBCONFIGURATION FILE\fR regarding using \fBreject_reply_patterns\fR within a configuration file.
|
|
Packit |
57988d |
.IP "\fB--[no]sect_vars\fR"
|
|
Packit |
57988d |
.PD 0
|
|
Packit |
57988d |
.IP "\fB--show_sect_vars \fIboolean\fR"
|
|
Packit |
57988d |
.PD
|
|
Packit |
57988d |
Enables (disables) supplementing each \fBDetailed\fR section title
|
|
Packit |
57988d |
with the name of that section's level limiter.
|
|
Packit |
57988d |
The name displayed is the command line option (or configuration
|
|
Packit |
57988d |
file variable) used to limit that section's output.
|
|
Packit |
57988d |
.
|
|
Packit |
57988d |
With the large number of level limiters available in \fBpostfix-logwatch\fR,
|
|
Packit |
57988d |
this a convenient mechanism for determining exactly which level limiter
|
|
Packit |
57988d |
affects a section.
|
|
Packit |
57988d |
.IP "\fB--syslog_name \fInamepat\fR"
|
|
Packit |
57988d |
Specifies the syslog service name that \fBpostfix-logwatch\fR uses
|
|
Packit |
57988d |
to match syslog lines.
|
|
Packit |
57988d |
Only log lines whose service name matches
|
|
Packit |
57988d |
the perl regular expression \fInamepat\fR will be used by
|
|
Packit |
57988d |
\fBpostfix-logwatch\fR; all non-matching lines are silently ignored.
|
|
Packit |
57988d |
This is useful when a pre-installed Postfix package uses a name
|
|
Packit |
57988d |
other than the default (\fBpostfix\fR), or when multiple Postfix
|
|
Packit |
57988d |
instances are in use and per-instance reporting is desired.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
The pattern \fInamepat\fR should match the \fBsyslog_name\fR configuration
|
|
Packit |
57988d |
parameter specified in the Postfix parameter file \fBmain.cf\fR, the
|
|
Packit |
57988d |
master control file \fBmaster.cf\fR, or the default value as indicated
|
|
Packit |
57988d |
by the output of \fBpostconf -d syslog_name\fR.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fBNote:\fR if you use parenthesis in your regular expression, be sure they are cloistering
|
|
Packit |
57988d |
and not capturing: use \fB(?:\fIpattern\fB)\fR instead of \fB(\fIpattern\fB)\fR.
|
|
Packit |
57988d |
.IP "\fB--[no]unknown\fR"
|
|
Packit |
57988d |
.PD 0
|
|
Packit |
57988d |
.IP "\fB--show_unknown \fIboolean\fR"
|
|
Packit |
57988d |
.PD
|
|
Packit |
57988d |
Enables (disables) display of the postfix-generated name of 'unknown' in formated IP/hostname pairs in \fBDetailed\fR reports.
|
|
Packit |
57988d |
Default: enabled.
|
|
Packit |
57988d |
.IP "\fB--version\fR"
|
|
Packit |
57988d |
Print \fBpostfix-logwatch\fR version information.
|
|
Packit |
57988d |
.SS Level Limiters
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
The output of every section in the \fBDetailed\fR report is controlled by a level limiter.
|
|
Packit |
57988d |
The name of the level limiter variable will be output when the \fBsect_vars\fR option is set.
|
|
Packit |
57988d |
Level limiters are set either via command line in standalone mode with \fB--limit \fIlimiter\fB=\fIlevelspec\fR option,
|
|
Packit |
57988d |
or via configuration file variable \fB$postfix_\fIlimiter\fB=\fIlevelspec\fR.
|
|
Packit |
57988d |
Each limiter requires a \fIlevelspec\fR argument, which is described below in \fBLEVEL CONTROL\fR.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
The list of level limiters is shown below.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
There are several level limiters that control reject sub-sections (eg. \fBrejectbody\fR, \fBrejectsender\fR, etc.).
|
|
Packit |
57988d |
Because the list of reject variants is not known until runtime after \fBreject_reply_patterns\fR is seen, these reject limiters are shown below generically,
|
|
Packit |
57988d |
with the prefix \fB###\fR.
|
|
Packit |
57988d |
To use one of these reject limiters, substitute \fB###\fR with one of the reject reply codes in effect,
|
|
Packit |
57988d |
replacing each dot with an \fBx\fR character.
|
|
Packit |
57988d |
For example, using the default \fBreject_reply_patterns\fR list of "5.. 4.. Warn", three \fBrejectbody\fR variants are valid:
|
|
Packit |
57988d |
\fB--limit 5xxrejectbody\fR, \fB--limit 4xxrejectbody\fR and \fB--limit warnrejectbody\fR.
|
|
Packit |
57988d |
As a convenience, you may entirely eliminate the \fB###\fR prefix, and instead use the bare \fBreject\fIXXX\fR option, and
|
|
Packit |
57988d |
all reject level limiter variations will be auto-generated based on the \fBreject_reply_patterns\fR list.
|
|
Packit |
57988d |
For example, the command line segment:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
... --reject_reply_patterns "421 5.." \\
|
|
Packit |
57988d |
--limit rejectrbl="1:10:"
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
would automatically become:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
... --reject_reply_patterns "421 5.." \\
|
|
Packit |
57988d |
--limit 421rejectrbl="1:10:" --limit 5xxrejectrbl="1:10:"
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
See \fBreject_reply_patterns\fR above, and comments in the configuration file \fBpostfix-logwatch.conf\fR.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.de TQ
|
|
Packit |
57988d |
. br
|
|
Packit |
57988d |
. ns
|
|
Packit |
57988d |
. TP \\$1
|
|
Packit |
57988d |
..
|
|
Packit |
57988d |
|
|
Packit |
57988d |
[ THIS SECTION IS NOT YET COMPLETE ]
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.PD 0
|
|
Packit |
57988d |
.IP "\fBAttrError"
|
|
Packit |
57988d |
Errors obtaining attribute data from service.
|
|
Packit |
57988d |
.IP "\fBBCCed"
|
|
Packit |
57988d |
Messages that triggered access, header_checks or body_checks BCC action. (postfix 2.6 experimental branch)
|
|
Packit |
57988d |
.IP "\fBBounceLocal"
|
|
Packit |
57988d |
.IP "\fBBounceRemote"
|
|
Packit |
57988d |
Local and remote bounces.
|
|
Packit |
57988d |
A bounce is considered a local bounce if the relay was one of none, local, virtual,
|
|
Packit |
57988d |
avcheck, maildrop or 127.0.0.1.
|
|
Packit |
57988d |
.IP "\fBByIpRejects"
|
|
Packit |
57988d |
Regrouping by client host IP address of all 5xx (permanent) reject variants.
|
|
Packit |
57988d |
.IP "\fBCommunicationError"
|
|
Packit |
57988d |
Postfix errors talking to one of its services.
|
|
Packit |
57988d |
.IP "\fBAnvil"
|
|
Packit |
57988d |
Anvil rate or concurrency limits.
|
|
Packit |
57988d |
.IP "\fBConnectionInbound"
|
|
Packit |
57988d |
Connections made to the \fBsmtpd\fR server.
|
|
Packit |
57988d |
.IP "\fBConnectionLostInbound"
|
|
Packit |
57988d |
Connections lost to the \fBsmtpd\fR server.
|
|
Packit |
57988d |
.IP "\fBConnectionLostOutbound"
|
|
Packit |
57988d |
Connections lost during \fBsmtp\fR communications with remote MTA.
|
|
Packit |
57988d |
.IP "\fBConnectToFailure"
|
|
Packit |
57988d |
Failures reported by \fBsmtp\fR when connecting to remote MTA.
|
|
Packit |
57988d |
.IP "\fBDatabaseGeneration"
|
|
Packit |
57988d |
Warnings noted when binary database map file requires \fBpostmap\fR update from newer source file.
|
|
Packit |
57988d |
.IP "\fBDeferrals"
|
|
Packit |
57988d |
.IP "\fBDeferred"
|
|
Packit |
57988d |
Message delivery deferrals.
|
|
Packit |
57988d |
A single \fBdeferred\fR message will have one or more \fBdeferrals\fR many times.
|
|
Packit |
57988d |
.IP "\fBDeliverable"
|
|
Packit |
57988d |
Address verification indicates recipient address is deliverable.
|
|
Packit |
57988d |
.IP "\fBDelivered"
|
|
Packit |
57988d |
Number of messages handed-off to a delivery agent such as local or virtual.
|
|
Packit |
57988d |
.IP "\fBDiscarded"
|
|
Packit |
57988d |
Messages that triggered access, header_checks or body_checks DISCARD action.
|
|
Packit |
57988d |
.IP "\fBDNSError"
|
|
Packit |
57988d |
Any one of several errors encounted during DNS lookups.
|
|
Packit |
57988d |
.IP "\fBEnvelopeSenderDomains"
|
|
Packit |
57988d |
List of sending domains. (2 levels: envelope sender domain, localpart)
|
|
Packit |
57988d |
.IP "\fBEnvelopeSenders"
|
|
Packit |
57988d |
List of envelope senders. (1 level: envelope sender)
|
|
Packit |
57988d |
.IP "\fBError"
|
|
Packit |
57988d |
Postfix general \fBerror\fR messages.
|
|
Packit |
57988d |
.IP "\fBFatalConfigError"
|
|
Packit |
57988d |
Fatal main.cf or master.cf configuration errors.
|
|
Packit |
57988d |
.IP "\fBFatalError"
|
|
Packit |
57988d |
Postfix general \fBfatal\fR messages.
|
|
Packit |
57988d |
.IP "\fBFiltered"
|
|
Packit |
57988d |
Messages that triggered access, header_checks or body_checks FILTER action.
|
|
Packit |
57988d |
.IP "\fBForwarded"
|
|
Packit |
57988d |
Messages forwarded by MDA for one address class to another (eg. local -> virtual).
|
|
Packit |
57988d |
.IP "\fBHeloError"
|
|
Packit |
57988d |
XXXXXXXXXXX
|
|
Packit |
57988d |
.IP "\fBHold"
|
|
Packit |
57988d |
Messages that were placed on hold by postsuper, or triggered by access, header_checks or body_checks HOLD action.
|
|
Packit |
57988d |
.IP "\fBHostnameValidationError"
|
|
Packit |
57988d |
Invalid hostname detected.
|
|
Packit |
57988d |
.IP "\fBHostnameVerification"
|
|
Packit |
57988d |
Lookup of hostname does not map back to the IP of the peer (ie. the remote system connecting to \fBsmtpd\fR).
|
|
Packit |
57988d |
Also known as forward-confirmed reverse DNS (FCRDNS).
|
|
Packit |
57988d |
When the reverse name has no DNS entry, the message "host not found, try again" is included; otherwise, it is not
|
|
Packit |
57988d |
(e.g. when the reverse has some IP address, but not the one Postfix expects).
|
|
Packit |
57988d |
.IP "\fBIllegalAddrSyntax"
|
|
Packit |
57988d |
Illegal syntax in an email address provided during the MAIL FROM or RCPT TO dialog.
|
|
Packit |
57988d |
.IP "\fBLdapError"
|
|
Packit |
57988d |
Any LDAP errors during LDAP lookup.
|
|
Packit |
57988d |
.IP "\fBMailerLoop"
|
|
Packit |
57988d |
An MX lookup for the best mailer to use to deliver mail would result in a sending to ourselves.
|
|
Packit |
57988d |
.IP "\fBMapProblem"
|
|
Packit |
57988d |
Problem with an access table map that needs correcting.
|
|
Packit |
57988d |
.IP "\fBMessageWriteError"
|
|
Packit |
57988d |
Postfix encountered an error when trying to create a message file somewhere in the spool directory.
|
|
Packit |
57988d |
.IP "\fBNumericHostname"
|
|
Packit |
57988d |
A hostname was found that was numeric, instead of alphabetic.
|
|
Packit |
57988d |
.IP "\fBPanicError"
|
|
Packit |
57988d |
Postfix general \fBpanic\fR messages.
|
|
Packit |
57988d |
.IP "\fBPixWorkaround"
|
|
Packit |
57988d |
Workarounds were enabled to avoid remote Cisco PIX SMTP "fixups".
|
|
Packit |
57988d |
.IP "\fBPolicydWeight"
|
|
Packit |
57988d |
Summarization of policyweight/policydweight results.
|
|
Packit |
57988d |
.IP "\fBPolicySpf"
|
|
Packit |
57988d |
Summarization of PolicySPF results.
|
|
Packit |
57988d |
.IP "\fBPostgrey"
|
|
Packit |
57988d |
Summarization of Postgrey results.
|
|
Packit |
57988d |
.IP "\fBPostscreen"
|
|
Packit |
57988d |
Summarization of 2.7's postscreen and verify services.
|
|
Packit |
57988d |
.IP "\fBDNSBLog"
|
|
Packit |
57988d |
Summarization of 2.7's dnsblog service.
|
|
Packit |
57988d |
.IP "\fBPrepended"
|
|
Packit |
57988d |
Messages that triggered header_checks or body_checks PREPEND action.
|
|
Packit |
57988d |
.IP "\fBProcessExit"
|
|
Packit |
57988d |
Postfix services that exited unexpectedly.
|
|
Packit |
57988d |
.IP "\fBProcessLimit"
|
|
Packit |
57988d |
A Postfix service has reached or exceeded the maximum number of processes allowed.
|
|
Packit |
57988d |
.IP "\fBQueueWriteError"
|
|
Packit |
57988d |
Problems writing a Postfix queue file.
|
|
Packit |
57988d |
.IP "\fBRblError"
|
|
Packit |
57988d |
Lookup errors for RBLs.
|
|
Packit |
57988d |
.IP "\fBRedirected"
|
|
Packit |
57988d |
Messages that triggered access, header_checks or body_checks REDIRECT action.
|
|
Packit |
57988d |
.IP "\fB###RejectBody"
|
|
Packit |
57988d |
Messages that triggered body_checks REJECT action.
|
|
Packit |
57988d |
.IP "\fB###RejectClient"
|
|
Packit |
57988d |
Messages rejected by client access controls (smtpd_client_restrictions).
|
|
Packit |
57988d |
.IP "\fB###RejectConfigError"
|
|
Packit |
57988d |
Message rejected due to server configuration errors.
|
|
Packit |
57988d |
.IP "\fB###RejectContent"
|
|
Packit |
57988d |
Messages rejected by message_reject_characters.
|
|
Packit |
57988d |
.IP "\fB###RejectData"
|
|
Packit |
57988d |
Messages rejected at DATA stage in SMTP conversation (smtpd_data_restrictions).
|
|
Packit |
57988d |
.IP "\fB###RejectEtrn"
|
|
Packit |
57988d |
Messages rejected at ETRN stage in SMTP conversation (smtpd_etrn_restrictions).
|
|
Packit |
57988d |
.IP "\fB###RejectHeader"
|
|
Packit |
57988d |
Messages that triggered header_checks REJECT action.
|
|
Packit |
57988d |
.IP "\fB###RejectHelo"
|
|
Packit |
57988d |
Messages rejected at HELO/EHLO stage in SMTP conversation (smtpd_helo_restrictions).
|
|
Packit |
57988d |
.IP "\fB###RejectInsufficientSpace"
|
|
Packit |
57988d |
Messages rejected due to insufficient storage space.
|
|
Packit |
57988d |
.IP "\fB###RejectLookupFailure"
|
|
Packit |
57988d |
Messages rejected due to temporary DNS lookup failures.
|
|
Packit |
57988d |
.IP "\fB###RejectMilter"
|
|
Packit |
57988d |
Milter rejects. No reject reply code is available for these rejects, but an extended 5.7.1 DSN is provided.
|
|
Packit |
57988d |
These rejects are forced into the generic 5xx rejects group.
|
|
Packit |
57988d |
If you redefine \fBreject_reply_patterns\fR such that it does not contain the pattern \fB5..\fR, milter rejects
|
|
Packit |
57988d |
will not be output.
|
|
Packit |
57988d |
.IP "\fB###RejectRbl"
|
|
Packit |
57988d |
Messages rejected by an RBL hit.
|
|
Packit |
57988d |
.IP "\fB###RejectRecip"
|
|
Packit |
57988d |
Messages rejected by recipient access controls (smtpd_recipient_restrictions).
|
|
Packit |
57988d |
.IP "\fB###RejectRelay"
|
|
Packit |
57988d |
Messages rejected by relay access controls.
|
|
Packit |
57988d |
.IP "\fB###RejectSender"
|
|
Packit |
57988d |
Messages rejected by sender access controls (smtpd_sender_restrictions).
|
|
Packit |
57988d |
.IP "\fB###RejectSize"
|
|
Packit |
57988d |
Messages rejected due to excessive message size.
|
|
Packit |
57988d |
.IP "\fB###RejectUnknownClient"
|
|
Packit |
57988d |
Messages rejected by unknown client access controls.
|
|
Packit |
57988d |
.IP "\fB###RejectUnknownReverseClient"
|
|
Packit |
57988d |
Messages rejected by unknown reverse client access controls.
|
|
Packit |
57988d |
.IP "\fB###RejectUnknownUser"
|
|
Packit |
57988d |
Messages rejected by unknown user access controls.
|
|
Packit |
57988d |
.IP "\fB###RejectUnverifiedClient"
|
|
Packit |
57988d |
Messages rejected by unverified client access controls.
|
|
Packit |
57988d |
.IP "\fB###RejectVerify"
|
|
Packit |
57988d |
Messages rejected dueo to address verification failures.
|
|
Packit |
57988d |
.IP "\fBReplaced"
|
|
Packit |
57988d |
Messages that triggered header_checks or body_checks REPLACE action.
|
|
Packit |
57988d |
.IP "\fBReturnedToSender"
|
|
Packit |
57988d |
Messages returned to sender due to exceeding queue lifetime (maximal_queue_lifetime).
|
|
Packit |
57988d |
.IP "\fBSaslAuth"
|
|
Packit |
57988d |
SASL authentication successes, includes SASL method, username, and sender when present.
|
|
Packit |
57988d |
.IP "\fBSaslAuthFail"
|
|
Packit |
57988d |
SASL authentication failures.
|
|
Packit |
57988d |
.IP "\fBSent"
|
|
Packit |
57988d |
Messages sent via the SMTP delivery agent.
|
|
Packit |
57988d |
.IP "\fBSentLmtp"
|
|
Packit |
57988d |
Messages sent via the LMTP delivery agent.
|
|
Packit |
57988d |
.IP "\fBSmtpConversationError"
|
|
Packit |
57988d |
Errors during the SMTP/ESMTP dialog.
|
|
Packit |
57988d |
.IP "\fBSmtpProtocolViolation"
|
|
Packit |
57988d |
Protocol violation during the SMTP/ESMTP dialog.
|
|
Packit |
57988d |
.IP "\fBStartupError"
|
|
Packit |
57988d |
Errors during Postfix server startup.
|
|
Packit |
57988d |
.IP "\fBTimeoutInbound"
|
|
Packit |
57988d |
Connections to \fBsmtpd\fR that timed out.
|
|
Packit |
57988d |
.IP "\fBTlsClientConnect"
|
|
Packit |
57988d |
TLS client connections.
|
|
Packit |
57988d |
.IP "\fBTlsOffered"
|
|
Packit |
57988d |
TLS communication offerred.
|
|
Packit |
57988d |
.IP "\fBTlsServerConnect"
|
|
Packit |
57988d |
TLS server connections.
|
|
Packit |
57988d |
.IP "\fBTlsUnverified"
|
|
Packit |
57988d |
Unverified TLS connections.
|
|
Packit |
57988d |
.IP "\fBUndeliverable"
|
|
Packit |
57988d |
Address verification indicates recipient address is undeliverable.
|
|
Packit |
57988d |
.IP "\fBWarn"
|
|
Packit |
57988d |
Messages that triggered access, header_checks or body_checks WARN action.
|
|
Packit |
57988d |
.IP "\fBWarnConfigError"
|
|
Packit |
57988d |
Warnings regarding Postfix configuration errors.
|
|
Packit |
57988d |
.IP "\fBWarningsOther"
|
|
Packit |
57988d |
Postfix general \fBwarning\fR messages.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.PD
|
|
Packit |
57988d |
.SH LEVEL CONTROL
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
The \fBDetailed\fR section of the report consists of a number of sub-sections,
|
|
Packit |
57988d |
each of which is controlled both globally and independently.
|
|
Packit |
57988d |
Two settings influence the output provided in the \fBDetailed\fR report:
|
|
Packit |
57988d |
a global detail level (specified with \fB--detail\fR) which has final (big hammer)
|
|
Packit |
57988d |
output-limiting control over the \fBDetailed\fR section,
|
|
Packit |
57988d |
and sub-section specific detail settings (small hammer), which allow further limiting
|
|
Packit |
57988d |
of the output for a sub-section.
|
|
Packit |
57988d |
Each sub-section may be limited to a specific depth level, and each sub-level may be limited with top N or threshold limits.
|
|
Packit |
57988d |
The \fIlevelspec\fR argument to each of the level limiters listed above is used to accomplish this.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
It is probably best to continue explanation of sub-level limiting with the following well-known outline-style hierarchy, and
|
|
Packit |
57988d |
some basic examples:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
level 0
|
|
Packit |
57988d |
level 1
|
|
Packit |
57988d |
level 2
|
|
Packit |
57988d |
level 3
|
|
Packit |
57988d |
level 4
|
|
Packit |
57988d |
level 4
|
|
Packit |
57988d |
level 2
|
|
Packit |
57988d |
level 3
|
|
Packit |
57988d |
level 4
|
|
Packit |
57988d |
level 4
|
|
Packit |
57988d |
level 4
|
|
Packit |
57988d |
level 3
|
|
Packit |
57988d |
level 4
|
|
Packit |
57988d |
level 3
|
|
Packit |
57988d |
level 1
|
|
Packit |
57988d |
level 2
|
|
Packit |
57988d |
level 3
|
|
Packit |
57988d |
level 4
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
The simplest form of output limiting suppresses all output below a specified level.
|
|
Packit |
57988d |
For example, a \fIlevelspec\fR set to "2" shows only data in levels 0 through 2.
|
|
Packit |
57988d |
Think of this as collapsing each sub-level 2 item, thus hiding all inferior levels (3, 4, ...),
|
|
Packit |
57988d |
to yield:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
level 0
|
|
Packit |
57988d |
level 1
|
|
Packit |
57988d |
level 2
|
|
Packit |
57988d |
level 2
|
|
Packit |
57988d |
level 1
|
|
Packit |
57988d |
level 2
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
Sometimes the volume of output in a section is too great, and it is useful to suppress any data that does not exceed a certain threshold value.
|
|
Packit |
57988d |
Consider a dictionary spam attack, which produces very lengthy lists of hit-once recipient email or IP addresses.
|
|
Packit |
57988d |
Each sub-level in the hierarchy can be threshold-limited by setting the \fIlevelspec\fR appropriately.
|
|
Packit |
57988d |
Setting \fIlevelspec\fR to the value "2::5" will suppress any data at level 2 that does not exceed a hit count of 5.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
Perhaps producing a top N list, such as top 10 senders, is desired.
|
|
Packit |
57988d |
A \fIlevelspec\fR of "3:10:" limits level 3 data to only the top 10 hits.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
With those simple examples out of the way, a \fIlevelspec\fR is defined as a whitespace- or comma-separated list of one or more of the following:
|
|
Packit |
57988d |
.IP "\fIl\fR"
|
|
Packit |
57988d |
Specifies the maximum level to be output for this sub-section, with a range from 0 to 10.
|
|
Packit |
57988d |
if \fIl\fR is 0, no levels will be output, effectively disabling the sub-section
|
|
Packit |
57988d |
(level 0 data is already provided in the Summary report, so level 1 is considered the first useful level in the \fBDetailed\fR report).
|
|
Packit |
57988d |
Higher values will produce output up to and including the specified level.
|
|
Packit |
57988d |
.IP "\fIl\fB.\fIn\fR"
|
|
Packit |
57988d |
Same as above, with the addition that \fIn\fR limits this section's level 1 output to
|
|
Packit |
57988d |
the top \fIn\fR items.
|
|
Packit |
57988d |
The value for \fIn\fR can be any integer greater than 1.
|
|
Packit |
57988d |
(This form of limiting has less utility than the syntax shown below. It is provided for
|
|
Packit |
57988d |
backwards compatibility; users are encouraged to use the syntax below).
|
|
Packit |
57988d |
.IP "\fIl\fB:\fIn\fB:\fIt\fR"
|
|
Packit |
57988d |
This triplet specifies level \fIl\fR, top \fIn\fR, and minimum threshold \fIt\fR.
|
|
Packit |
57988d |
Each of the values are integers, with \fIl\fR being the level limiter as described above, \fIn\fR being
|
|
Packit |
57988d |
a top \fIn\fR limiter for the level \fIl\fR, and \fIt\fR being the threshold limiter for level \fIl\fR.
|
|
Packit |
57988d |
When both \fIn\fR and \fIt\fR are specified, \fIn\fR has priority, allowing top \fIn\fR lists (regardless of
|
|
Packit |
57988d |
threshold value).
|
|
Packit |
57988d |
If the value of \fIl\fR is omitted, the specified values for \fIn\fR and/or \fIt\fR are used for
|
|
Packit |
57988d |
all levels available in the sub-section.
|
|
Packit |
57988d |
This permits a simple form of wildcarding (eg. place minimum threshold limits on all levels).
|
|
Packit |
57988d |
However, specific limiters always override wildcard limiters.
|
|
Packit |
57988d |
The first form of level limiter may be included in \fIlevelspec\fR to restrict output, regardless of how many triplets are present.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
All three forms of limiters are effective only when \fBpostfix-logwatch\fR's detail level is 5
|
|
Packit |
57988d |
or greater (the \fBDetailed\fR section is not activated until detail is at least 5).
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
See the \fBEXAMPLES\fR section for usage scenarios.
|
|
Packit |
57988d |
.SH CONFIGURATION FILE
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
\fBPostfix-logwatch\fR can read configuration settings from a configuration file.
|
|
Packit |
57988d |
Essentially, any command line option can be placed into a configuration file, and
|
|
Packit |
57988d |
these settings are read upon startup.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
Because \fBpostfix-logwatch\fR can run either standalone or within Logwatch,
|
|
Packit |
57988d |
to minimize confusion, \fBpostfix-logwatch\fR inherits Logwatch's configuration
|
|
Packit |
57988d |
file syntax requirements and conventions.
|
|
Packit |
57988d |
These are:
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
White space lines are ignored.
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
Lines beginning with \fB#\fR are ignored
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
Settings are of the form:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fIoption\fB = \fIvalue\fR
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
Spaces or tabs on either side of the \fB=\fR character are ignored.
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
Any \fIvalue\fR protected in double quotes will be case-preserved.
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
All other content is reduced to lowercase (non-preserving, case insensitive).
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
All \fBpostfix-logwatch\fR configuration settings must be prefixed with "\fB$postfix_\fR" or
|
|
Packit |
57988d |
\fBpostfix-logwatch\fR will ignore them.
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
When running under Logwatch, any values not prefixed with "\fB$postfix_\fR" are
|
|
Packit |
57988d |
consumed by Logwatch; it only passes to \fBpostfix-logwatch\fR (via environment variable)
|
|
Packit |
57988d |
settings it considers valid.
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
The values \fBTrue\fR and \fBYes\fR are converted to 1, and \fBFalse\fR and \fBNo\fR are converted to 0.
|
|
Packit |
57988d |
.IP \(bu 4'.
|
|
Packit |
57988d |
Order of settings is not preserved within a configuration file (since settings are passed
|
|
Packit |
57988d |
by Logwatch via environment variables, which have no defined order).
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To include a command line option in a configuration file,
|
|
Packit |
57988d |
prefix the command line option name with the word "\fB$postfix_\fR".
|
|
Packit |
57988d |
The following configuration file setting and command line option are equivalent:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fB$postfix_Line_Style = Truncate\fR
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fB--line_style Truncate\fR
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
Level limiters are also prefixed with \fB$postfix_\fR, but on the command line are specified with the \fB--limit\fR option:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fB$postfix_Sent = 2\fR
|
|
Packit |
57988d |
|
|
Packit |
57988d |
\fB--limit Sent=2\fR
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
The order of command line options and configuration file processing occurs as follows:
|
|
Packit |
57988d |
1) The default configuration file is read if it exists and no \fB--config_file\fR was specified on a command line.
|
|
Packit |
57988d |
2) Configuration files are read and processed in the order found on the command line.
|
|
Packit |
57988d |
3) Command line options override any options already set either via command line or from any configuration file.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
Command line options are interpreted when they are seen on the command line, and later options will override previously set options.
|
|
Packit |
57988d |
The notable exception is with limiter variables, which are interpreted in the order found, but only after all other options have been processed.
|
|
Packit |
57988d |
This allows \fB--reject_reply_patterns\fR to determine the dynamic list of the various reject limiters.
|
|
Packit |
57988d |
|
|
Packit |
57988d |
See also \fB--reject_reply_patterns\fR.
|
|
Packit |
57988d |
.SH "EXIT STATUS"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
The \fBpostfix-logwatch\fR utility exits with a status code of 0, unless an error
|
|
Packit |
57988d |
occurred, in which case a non-zero exit status is returned.
|
|
Packit |
57988d |
.SH "EXAMPLES"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.SS Running Standalone
|
|
Packit |
57988d |
\fBNote:\fR \fBpostfix-logwatch\fR reads its log data from one or more named Postfix log files, or from STDIN.
|
|
Packit |
57988d |
For brevity, where required, the examples below use the word \fIfile\fR as the command line
|
|
Packit |
57988d |
argument meaning \fI/path/to/postfix.log\fR.
|
|
Packit |
57988d |
Obviously you will need to substitute \fIfile\fR with the appropriate path.
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To run \fBpostfix-logwatch\fR in standalone mode, simply run:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBpostfix-logwatch \fIfile\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
A complete list of options and basic usage is available via:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBpostfix-logwatch --help\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To print a summary only report of Postfix log data:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBpostfix-logwatch --detail 1 \fIfile\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To produce a summary report and a one-level detail report for May 25th:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBgrep 'May 25' \fIfile\fB | postfix-logwatch --detail 5\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To produce only a top 10 list of Sent email domains, the summary report and detailed reports
|
|
Packit |
57988d |
are first disabled.
|
|
Packit |
57988d |
Since commands line options are read and enabled left-to-right,
|
|
Packit |
57988d |
the Sent section is re-enabled to level 1 with a level 1 top 10 limiter:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBpostfix-logwatch --nosummary --nodetail --limit sent='1 1:10:' \fIfile\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
The following command and its sample output shows a more complex level limiter example.
|
|
Packit |
57988d |
The command gives the top 3 Sent email addresses from the top 5 domains,
|
|
Packit |
57988d |
in addition, all level 3 items with a hit count of 2 or less are suppressed (in the Sent sub-section,
|
|
Packit |
57988d |
this happens to be email's Original To address).
|
|
Packit |
57988d |
Ellipses indicate top N or threshold-limited data:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBpostfix-logwatch --nosummary --nodetail \\
|
|
Packit |
57988d |
--limit sent '1:5: 2:3: 3::2' \fIfile\fR
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
1762 Sent via SMTP -----------------------------------
|
|
Packit |
57988d |
352 example.com
|
|
Packit |
57988d |
310 joe
|
|
Packit |
57988d |
255 joe.bob@virtdomain.example.com
|
|
Packit |
57988d |
7 info@virtdomain.example.com
|
|
Packit |
57988d |
21 pooryoda3
|
|
Packit |
57988d |
11 hot93uh
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
244 sample.net
|
|
Packit |
57988d |
97 buzz
|
|
Packit |
57988d |
26 leroyjones
|
|
Packit |
57988d |
14 sally
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
152 example.net
|
|
Packit |
57988d |
40 jim_jameson
|
|
Packit |
57988d |
23 sam_sampson
|
|
Packit |
57988d |
19 paul_paulson
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
83 sample.us
|
|
Packit |
57988d |
44 root
|
|
Packit |
57988d |
39 jenny1
|
|
Packit |
57988d |
69 dom3.example.us
|
|
Packit |
57988d |
10 kay
|
|
Packit |
57988d |
7 ron
|
|
Packit |
57988d |
6 mrsmith
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
The next command uses both \fBreject_reply_patterns\fR and level limiters to see 421 RBL rejects,
|
|
Packit |
57988d |
threshold-limiting level 2 output to hits greater than 5 (level 2 in the Reject RBL sub-section
|
|
Packit |
57988d |
is the client's IP address / hostname pair).
|
|
Packit |
57988d |
This makes for a very nice RBL offenders list, shown in the sample output
|
|
Packit |
57988d |
(note the use of the unambiguous, abbreviated command line option reject_reply_pat):
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBpostfix-logwatch --reject_reply_pat '421 4.. 5.. Warn' \\
|
|
Packit |
57988d |
--nosummary --nodetail --limit 421rejectrbl='2 2::5' \fIfile\fR
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
|
|
Packit |
57988d |
300 421 Reject RBL ---------------------------------------
|
|
Packit |
57988d |
243 zen.spamhaus.org=127.0.0.2
|
|
Packit |
57988d |
106 10.0.0.129 129.0.0.example.com
|
|
Packit |
57988d |
41 192.168.10.70 hostx10.sample.net
|
|
Packit |
57988d |
40 192.168.42.39 hostz42.sample.net
|
|
Packit |
57988d |
15 10.1.1.152 dsl-10-1-1-152.example.us
|
|
Packit |
57988d |
14 10.10.10.122 mail122.sample.com
|
|
Packit |
57988d |
7 192.168.3.44 smalltime-spammer.example.com
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
48 zen.spamhaus.org=127.0.0.4
|
|
Packit |
57988d |
17 10.29.124.92 10-29-124-92.adsl-static.sample.us
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
8 zen.spamhaus.org=127.0.0.11
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
1 zen.spamhaus.org=127.0.0.10
|
|
Packit |
57988d |
...
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.RE 4
|
|
Packit |
57988d |
.SS Running within Logwatch
|
|
Packit |
57988d |
\fBNote:\fR Logwatch versions prior to 7.3.6, unless configured otherwise, required the \fB--print\fR option to print to STDOUT instead of sending reports via email.
|
|
Packit |
57988d |
Since version 7.3.6, STDOUT is the default output destination, and the \fB--print\fR option has been replaced
|
|
Packit |
57988d |
by \fB--output stdout\fR. Check your configuration to determine where report output will be directed, and add the appropriate option to the commands below.
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To print a summary report for today's Postfix log data:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBlogwatch --service postfix --range today --detail 1\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To print a report for today's Postfix log data, with one level
|
|
Packit |
57988d |
of detail in the \fBDetailed\fR section:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBlogwatch --service postfix --range today --detail 5\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To print a report for yesterday, with two levels of detail in the \fBDetailed\fR section:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBlogwatch --service postfix --range yesterday --detail 6\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To print a report from Dec 12th through Dec 14th, with four levels of detail in the \fBDetailed\fR section:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBlogwatch --service postfix --range \\
|
|
Packit |
57988d |
'between 12/12 and 12/14' --detail 8\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
To print a report for today, with all levels of detail:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBlogwatch --service postfix --range today --detail 10\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
Same as above, but leaves long lines uncut:
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.RS 4
|
|
Packit |
57988d |
.PP
|
|
Packit |
57988d |
\fBlogwatch --service postfix --range today --detail 11\fR
|
|
Packit |
57988d |
.RE 0
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.SH "ENVIRONMENT"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
The \fBpostfix-logwatch\fR program uses the following (automatically set) environment
|
|
Packit |
57988d |
variables when running under Logwatch:
|
|
Packit |
57988d |
.IP \fBLOGWATCH_DETAIL_LEVEL\fR
|
|
Packit |
57988d |
This is the detail level specified with the Logwatch command line argument \fB--detail\fR
|
|
Packit |
57988d |
or the \fBDetail\fR setting in the ...conf/services/postfix.conf configuration file.
|
|
Packit |
57988d |
.IP \fBLOGWATCH_DEBUG\fR
|
|
Packit |
57988d |
This is the debug level specified with the Logwatch command line argument \fB--debug\fR.
|
|
Packit |
57988d |
.IP \fBpostfix_\fIxxx\fR
|
|
Packit |
57988d |
The Logwatch program passes all settings \fBpostfix_\fIxxx\fR in the configuration file ...conf/services/postfix.conf
|
|
Packit |
57988d |
to the \fBpostfix\fR filter (which is actually named .../scripts/services/postfix) via environment variable.
|
|
Packit |
57988d |
.SH "FILES"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.SS Standalone mode
|
|
Packit |
57988d |
.IP "/usr/local/bin/postfix-logwatch"
|
|
Packit |
57988d |
The \fBpostfix-logwatch\fR program
|
|
Packit |
57988d |
.IP "/usr/local/etc/postfix-logwatch.conf"
|
|
Packit |
57988d |
The \fBpostfix-logwatch\fR configuration file in standalone mode
|
|
Packit |
57988d |
.SS Logwatch mode
|
|
Packit |
57988d |
.IP "/etc/logwatch/scripts/services/postfix"
|
|
Packit |
57988d |
The Logwatch \fBpostfix\fR filter
|
|
Packit |
57988d |
.IP "/etc/logwatch/conf/services/postfix.conf"
|
|
Packit |
57988d |
The Logwatch \fBpostfix\fR filter configuration file
|
|
Packit |
57988d |
.SH "SEE ALSO"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
logwatch(8), system log analyzer and reporter
|
|
Packit |
57988d |
.SH "README FILES"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
README, an overview of \fBpostfix-logwatch\fR
|
|
Packit |
57988d |
Changes, the version change list history
|
|
Packit |
57988d |
Bugs, a list of the current bugs or other inadequacies
|
|
Packit |
57988d |
Makefile, the rudimentary installer
|
|
Packit |
57988d |
LICENSE, the usage and redistribution licensing terms
|
|
Packit |
57988d |
.SH "LICENSE"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
.ad
|
|
Packit |
57988d |
Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
.SH "AUTHOR(S)"
|
|
Packit |
57988d |
.na
|
|
Packit |
57988d |
.nf
|
|
Packit |
57988d |
Mike Cappella
|
|
Packit |
57988d |
|
|
Packit |
57988d |
.fi
|
|
Packit |
57988d |
The original \fBpostfix\fR Logwatch filter was written by
|
|
Packit |
57988d |
Kenneth Porter, and has had many contributors over the years.
|
|
Packit |
57988d |
They are entirely not responsible for any errors, problems or failures since the current author's
|
|
Packit |
57988d |
hands have touched the source code.
|