From e979743226768c14aba3b366a7bd064013ff2dd7 Mon Sep 17 00:00:00 2001 From: Michael Wyraz Date: Thu, 9 Apr 2020 14:34:54 +0200 Subject: [PATCH] Rsyslog logging for postfix, optional logging to file, no logging of test requests --- core/postfix/Dockerfile | 2 +- core/postfix/conf/main.cf | 3 --- core/postfix/conf/rsyslog.conf | 40 ++++++++++++++++++++++++++++++++++ core/postfix/start.py | 6 +++++ docs/configuration.rst | 3 +++ 5 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 core/postfix/conf/rsyslog.conf diff --git a/core/postfix/Dockerfile b/core/postfix/Dockerfile index af29bf91..0c7e136d 100644 --- a/core/postfix/Dockerfile +++ b/core/postfix/Dockerfile @@ -12,7 +12,7 @@ RUN pip3 install socrate==0.2.0 RUN pip3 install "podop>0.2.5" # Image specific layers under this line -RUN apk add --no-cache postfix postfix-pcre cyrus-sasl-plain cyrus-sasl-login +RUN apk add --no-cache postfix postfix-pcre cyrus-sasl-plain rsyslog cyrus-sasl-login COPY conf /conf COPY start.py /start.py diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf index 8f35f609..10143f29 100644 --- a/core/postfix/conf/main.cf +++ b/core/postfix/conf/main.cf @@ -2,9 +2,6 @@ # General ############### -# Logging configuration -maillog_file = /dev/stdout - # Main domain and hostname mydomain = {{ DOMAIN }} myhostname = {{ HOSTNAMES.split(",")[0] }} diff --git a/core/postfix/conf/rsyslog.conf b/core/postfix/conf/rsyslog.conf new file mode 100644 index 00000000..d8a7bdf4 --- /dev/null +++ b/core/postfix/conf/rsyslog.conf @@ -0,0 +1,40 @@ +# rsyslog configuration file +# +# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html +# or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html +# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html + + +#### Global directives #### + +# Sets the directory that rsyslog uses for work files. +$WorkDirectory /var/lib/rsyslog + +# Sets default permissions for all log files. +$FileOwner root +$FileGroup adm +$FileCreateMode 0640 +$DirCreateMode 0755 +$Umask 0022 + +# Reduce repeating messages (default off). +$RepeatedMsgReduction on + + +#### Modules #### + +# Provides support for local system logging (e.g. via logger command). +module(load="imuxsock") + +#### Rules #### + +# Discard messages from local test requests +:msg, contains, "connect from localhost[127.0.0.1]" ~ + +{% if POSTFIX_LOG_FILE %} +# Log mail logs to file +mail.* -{{LOG_FILE}} +{% endif %} + +# Log mail logs to stdout +mail.* -/dev/stdout diff --git a/core/postfix/start.py b/core/postfix/start.py index b68303e1..d942c8f1 100755 --- a/core/postfix/start.py +++ b/core/postfix/start.py @@ -37,6 +37,9 @@ os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", os.environ["ANTISPAM_MILTER_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_MILTER", "antispam:11332") os.environ["LMTP_ADDRESS"] = system.get_host_address_from_environment("LMTP", "imap:2525") +conf.jinja("/conf/rsyslog.conf", os.environ, "/etc/rsyslog.conf") + + for postfix_file in glob.glob("/conf/*.cf"): conf.jinja(postfix_file, os.environ, os.path.join("/etc/postfix", os.path.basename(postfix_file))) @@ -61,6 +64,9 @@ if "RELAYUSER" in os.environ: conf.jinja("/conf/sasl_passwd", os.environ, path) os.system("postmap {}".format(path)) +# Start rsyslog +os.system("/usr/sbin/rsyslogd -n &") + # Run Podop and Postfix multiprocessing.Process(target=start_podop).start() os.system("/usr/libexec/postfix/post-install meta_directory=/etc/postfix create-missing") diff --git a/docs/configuration.rst b/docs/configuration.rst index 5ff3546a..78d147fa 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -147,6 +147,9 @@ Log messages equal or higher than this priority will be printed. Can be one of: CRITICAL, ERROR, WARNING, INFO, DEBUG or NOTSET. See the `python docs`_ for more information. +``POSTFIX_LOG_FILE`` enables postfix logging to the given file (in addition to log to stdout). +Log rotation should be done externally. + .. _`python docs`: https://docs.python.org/3.6/library/logging.html#logging-levels Antivirus settings