How can I suppress Postfix anvil statistics from system logs?
After every email sent through my mail server, postfix/anvil
appends something like the following:
Nov 9 15:09:11 keutenberg postfix/anvil[30006]: statistics: max connection rate 1/60s for (smtp:103.28.42.75) at Nov 9 15:02:42
Nov 9 15:09:11 keutenberg postfix/anvil[30006]: statistics: max connection count 1 for (smtp:103.28.42.75) at Nov 9 15:02:42
Nov 9 15:09:11 keutenberg postfix/anvil[30006]: statistics: max message rate 1/60s for (smtp:103.28.42.75) at Nov 9 15:02:43
Nov 9 15:09:11 keutenberg postfix/anvil[30006]: statistics: max cache size 1 at Nov 9 15:02:42
I understand why these messages are being logged (I set up the restrictions), but I can't find any way to change anvil
's log level (i.e. to suppress these informational messages from mail.log
). Is there a setting I can use in my main.cf
to disable these statistical messages? I'd rather stop them at the source than suppress them through a syslog setting.
Solution 1:
If you want to change the frequency of the logs you can set anvil_status_update_time
in main.cf
. The default is 600s. http://www.postfix.org/postconf.5.html#anvil_status_update_time
Two hours worked better for me, than using the default 10 minutes, but it will vary depending on the environment obviously.
anvil_rate_time_unit = 60s
anvil_status_update_time = 2h
Also, in order to solve an issue I had with long delay in logging of incoming mail, I had to configure the following settings. If you notice your incoming mail logs aren't updating when they should be, try this:
smtpd_error_sleep_time = 2s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
*If your server gets less than 1 email per 600s
The anvil daemon by default logs statistics when it exits. Since the default idle time is 600s, you will continue to receive anvil logs every 10 minutes in the event no email is received.
This can be changed to a longer time-span by adding -o max_idle
to master.cf
anvil unix - - n - 1 anvil -o max_idle=3600s
Solution 2:
Beware this setting will override your ability to limit client connection.
There is a parameter in main.cf
to suppress the anvil process. This parameter is called smtpd_client_event_limit_exceptions. The purpose of this parameter is to exclude some client from smtpd_client_*_count/rate_limit restrictions. In your case, you should specify it in main.cf
smtpd_client_event_limit_exceptions = static:all
This will make all IP address listed as clients that are excluded from smtpd_client_*_count/rate_limit restrictions. Thus this setting will suppress anvil log because there is nothing to log.
Source: similar question in postfix mailing list.
Solution 3:
I am using rsyslogd(8) to put specific messages in a different logfile.
For example, create a new file /etc/rsyslog.d/maillog-stats.conf
with this contents:
# extract then discard stats from anvil daemon
:msg, contains, "statistics: max" /var/log/maillog-stats
:msg, contains, "statistics: max" stop
Files in the /etc/rsyslog.d
directory are read before /etc/rsyslog.conf
so these filters happen before the main config file.
The first property-based filter writes messsages containing "statistics: max" in /var/log/maillog-stats
and the second one discards the message for further treatment with the stop
action.
Remaining messages are treated as before by the rule in /etc/rsyslog.conf
,
# Log all the mail messages in one place.
mail.* -/var/log/maillog
You also may wish to set some rotation rule, eg by creating the file: /etc/logrotate.d/maillog
:
/var/log/maillog-stats
{
weekly
rotate 10
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}