Postfix / Logwatch question

General Discussion
1

I installed a greylisting application to work with my postfix installation, which has dramatically reduced the amount of spam that gets processed by my server.

However, it is writing a line to the maillog file for every policy rejection - code 450 4.2.0. Is there a way to keep logwatch from reporting these? It’s taken my logwatch mails from about 20k to sometimes well over 5M in size, and thus it’s hard to spot real problems.

2

Following up on my own post… A slight tweaking of my google search turned up the following page: http://www.zimbra.com/forums/administrators/14453-logwatch-5-0-1-now-sending-out-large-messages.html

Following the instructions there now gives me the output of:

--------------------- Postfix Begin ------------------------ 
    1   SASL authentication failed

47.992M Bytes accepted 50,323,641
1.220M Bytes sent via SMTP 1,278,771
48.198M Bytes delivered 50,538,988
======== ==================================================

  507   Accepted                                    78.00%
  143   Rejected                                    22.00%

  650   Total                                      100.00%

======== ==================================================

    7   5xx Reject relay denied                      4.90%
  136   5xx Reject unknown user                     95.10%

  143   Total 5xx Rejects                          100.00%

======== ==================================================

 7344   4xx Reject recipient address               100.00%

 7344   Total 4xx Rejects                          100.00%

======== ==================================================

 5850   Connections
 4889   Connections lost (inbound)
   20   Connections lost (outbound)
 5850   Disconnections
  504   Removed from queue
  498   Delivered
   41   Sent via SMTP
    1   Resent
    1   Deferred
   13   Deferrals

   44   Connection failure (outbound)
   39   Timeout (inbound)
    1   Numeric hostname
 1325   Hostname verification errors
    5   SASL authenticated messages

---------------------- Postfix End -------------------------

Which is really all I’m looking for, just something to give me a summary of what’s going on. Hopefully this will help others out as well.

3

That looks really good. :wink:

I was going to suggest a logwatch configuration change rather than disappearing the log entries (I never like to disable any event logs in the MTA–it can make it really hard to troubleshoot problems), and this is definitely nicer than just ignoring the 450 rejections.

4

Oh yeah, I never wanted to stop logging the messages, just stop seeing them in my email every day :slight_smile: