Add log rotation (if logging to file). Make rsyslog the default.

master
Dimitri Huisman 3 years ago
parent 1f51777f7e
commit d5896fb2c6

@ -19,7 +19,7 @@ RUN apk add --no-cache --virtual .build-deps gcc musl-dev python3-dev
RUN pip3 install --no-binary :all: postfix-mta-sts-resolver==1.0.1 RUN pip3 install --no-binary :all: postfix-mta-sts-resolver==1.0.1
RUN apk del .build-deps gcc musl-dev python3-dev RUN apk del .build-deps gcc musl-dev python3-dev
RUN apk add --no-cache postfix postfix-pcre cyrus-sasl-login rsyslog RUN apk add --no-cache postfix postfix-pcre cyrus-sasl-login rsyslog logrotate
COPY conf /conf COPY conf /conf
COPY start.py /start.py COPY start.py /start.py

@ -0,0 +1,11 @@
{{POSTFIX_LOG_FILE}} {
weekly
rotate 52
nocompress
extension log
create 0644 root root
postrotate
/bin/kill -HUP $(cat /run/rsyslogd.pid)
postfix reload
endscript
}

@ -33,7 +33,7 @@ module(load="imuxsock")
{% if POSTFIX_LOG_FILE %} {% if POSTFIX_LOG_FILE %}
# Log mail logs to file # Log mail logs to file
mail.* -{{LOG_FILE}} mail.* -{{POSTFIX_LOG_FILE}}
{% endif %} {% endif %}
# Log mail logs to stdout # Log mail logs to stdout

@ -46,7 +46,8 @@ os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT",
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin") os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332") os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332")
os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525") os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525")
os.environ["POSTFIX_LOG_SYSLOG"] = os.environ.get("POSTFIX_LOG_SYSLOG","disabled") os.environ["POSTFIX_LOG_SYSLOG"] = os.environ.get("POSTFIX_LOG_SYSLOG","local")
os.environ["POSTFIX_LOG_FILE"] = os.environ.get("POSTFIX_LOG_FILE", "")
for postfix_file in glob.glob("/conf/*.cf"): for postfix_file in glob.glob("/conf/*.cf"):
conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file))) conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file)))
@ -85,6 +86,11 @@ if os.environ["POSTFIX_LOG_SYSLOG"]=="local":
# Configure and start local rsyslog server # Configure and start local rsyslog server
conf.jinja("/conf/rsyslog.conf", os.environ, "/etc/rsyslog.conf") conf.jinja("/conf/rsyslog.conf", os.environ, "/etc/rsyslog.conf")
os.system("/usr/sbin/rsyslogd -n &") os.system("/usr/sbin/rsyslogd -n &")
# Configure logrotate
if os.environ["POSTFIX_LOG_FILE"] != "":
conf.jinja("/conf/logrotate.conf", os.environ, "/etc/logrotate.d/postfix.conf")
if os.path.exists("/overrides/logrotate.conf"):
shutil.copyfile("/overrides/logrotate.conf", "/etc/logrotate.d/postfix.conf")
# Run Podop and Postfix # Run Podop and Postfix
multiprocessing.Process(target=start_podop).start() multiprocessing.Process(target=start_podop).start()

@ -188,9 +188,6 @@ Log messages equal or higher than this priority will be printed.
Can be one of: CRITICAL, ERROR, WARNING, INFO, DEBUG or NOTSET. Can be one of: CRITICAL, ERROR, WARNING, INFO, DEBUG or NOTSET.
See the `python docs`_ for more information. See the `python docs`_ for more information.
``POSTFIX_LOG_FILE`` enables postfix logging to the given file (in addition to log to stdout).
Log rotation should be done externally.
.. _`python docs`: https://docs.python.org/3.6/library/logging.html#logging-levels .. _`python docs`: https://docs.python.org/3.6/library/logging.html#logging-levels
The ``LETSENCRYPT_SHORTCHAIN`` (default: False) setting controls whether we send the ISRG Root X1 certificate in TLS handshakes. This is required for `android handsets older than 7.1.1` but slows down the performance of modern devices. The ``LETSENCRYPT_SHORTCHAIN`` (default: False) setting controls whether we send the ISRG Root X1 certificate in TLS handshakes. This is required for `android handsets older than 7.1.1` but slows down the performance of modern devices.
@ -270,8 +267,11 @@ Mail log settings
By default, all services log directly to stdout/stderr. Logs can be collected by any docker log processing solution. By default, all services log directly to stdout/stderr. Logs can be collected by any docker log processing solution.
In some situations, a separate mail log is required (e.g. for legal reasons). Postfix can be configured to write the logs to a Postfix writes the logs to a syslog server which logs to stdout. This is used to filter out messages from the healthcheck.
syslog server that stores the log files to a volume. It can be configured by the following options: In some situations, a separate mail log is required (e.g. for legal reasons). The syslog server can be configured to write log files to a volume. It can be configured by the following options:
- ``POSTFIX_LOG_SYSLOG``: (default: ``disabled``) set to ``local`` to enable a local syslog server for postfix - ``POSTFIX_LOG_SYSLOG`` (default: ``local`` ): Set to ``local`` (default) to enable the syslog server. Set to ``disable`` to disable the syslog server. If disabled, Postfix will log directly to stdout and the healthcheck messages will not be filtered out.
- ``POSTFIX_LOG_FILE``: The file to log the mail log to - ``POSTFIX_LOG_FILE``: The file to log the mail log to. When enabled, the syslog server will also log to stdout.
When ``POSTFIX_LOG_FILE`` is enabled, the logrotate program will automatically rotate the logs every week and keep 52 logs.
To override the logrotate configuration, create the file logrotate.conf with the desired configuration in the :ref:`Postfix overrides folder<override-label>`.

@ -263,6 +263,7 @@ correct syntax. The following file names will be taken as override configuration
- All ``$ROOT/overrides/postfix/*.map`` files - All ``$ROOT/overrides/postfix/*.map`` files
- For both ``postfix.cf`` and ``postfix.master``, you need to put one configuration per line, as they are fed line-by-line - For both ``postfix.cf`` and ``postfix.master``, you need to put one configuration per line, as they are fed line-by-line
to postfix. to postfix.
- ``logrotate.conf`` as ``$ROOT/overrides/postfix/logrotate.conf`` - Replaces the logrotate.conf file used for rotating ``POSTFIX_LOG_FILE``.
- `Dovecot`_ - ``dovecot.conf`` in dovecot sub-directory; - `Dovecot`_ - ``dovecot.conf`` in dovecot sub-directory;
- `Nginx`_ - All ``*.conf`` files in the ``nginx`` sub-directory; - `Nginx`_ - All ``*.conf`` files in the ``nginx`` sub-directory;
- `Rspamd`_ - All files in the ``rspamd`` sub-directory. - `Rspamd`_ - All files in the ``rspamd`` sub-directory.

Loading…
Cancel
Save