🔭 Want to centralize and monitor your application logs?
Head over to Logtail and start ingesting your logs in 5 minutes.
This tutorial explains how to start logging with Postfix. Postfix is a mail server that attempts to be fast, easy to administer, and secure.
Nowadays, logging becoming an important part of almost every service. As a mail server administrator, you will appreciate debugging troubles with the logs (for example, when the mail server does not receive or deliver email).
Since Postfix 3.4, the mail server offers build-in logging support. Alternatively, you can use more standard logging with the Syslog. This tutorial will describe both approaches.
In this tutorial, you will do following actions:
Head over to Logtail and start ingesting your logs in 5 minutes.
You will need:
sudo
access.Postfix logs can be maintained through the Syslog, which is a logging daemon for
Linux that can maintain logs from multiple sources. The advantage of the Syslog
is a centralised approach and built-in support of log rotation. On the other
hand, if the Syslog maintains too many logs, then it could cause a system
performance decrease. Postfix default installation on the Ubuntu 20.04 retrieved
through apt
(apt install postfix
), logs into the Syslog.
Postfix configuration is defined in the directory /etc/postfix
, especially in
the files main.cf
and master.cf
. However, rather than editing these files
directly, you can use a command-line utility postconf
that allows you to view
and change a configuration setting.
You can view your default configuration by executing postconf
with the
argument maillog_file
:
$ postconf maillog_file
The directive maillog_file
determines the name of an optional log file that is
written by the Postfix service. The directive can hold the following values:
/dev/stdout
determines logging to standard output./var/log/postfix.log
).You'll see the program's output appear on the screen:
Output
maillog_file =
The output shows that Postfix logs into the Syslog.
If your directive maillog_file
holds a non-empty value and you want to log to
the Syslog, you must change it. Firstly, you must stop the Postfix service by
executing postfix stop
(sudo
required):
$ sudo postfix stop
You'll see the program's output appear on the screen:
Output
postfix/postfix-script: stopping the Postfix mail system
Now, you can change the value of the directive maillog_file
to an empty value
(sudo
required):
$ sudo postconf maillog_file=
At last, you must start Postfix with the new configuration:
$ sudo postfix start
You'll see the program's output appear on the screen:
Output
postfix/postfix-script: warning: symlink leaves directory: /etc/postfix/./makedefs.out
postfix/postfix-script: starting the Postfix mail system
At this point, your Postfix service logs are maintained with the Syslog.
The value in the maillog_file
must start with a prefix that is specified in
the directive maillog_file_prefixes
(default prefixes are /var
, and
/dev/stdout
). This is a safety feature to contain the damage from a single
configuration mistake. You can specify one or more prefix strings, separated by
comma or white space.
When your Postfix service logs into the Syslog, you can view these logs with the journactl utility. If you don't know what is the journald and journactl, you can read the tutorial How to Control Journald with Journalctl.
Let's view the Syslog records that belongs to the Postfix service by executing
journactl
:
$ journalctl -u postfix@-.service
The option -u
specifies to list only records of the service with the name
postfix@-.service
(the name of the Postfix service in the system). You'll see
the program's output appear on the screen:
Output
June 14 08:50:38 alice systemd[1]: Starting Postfix Mail Transport Agent (instance -)...
June 14 08:50:39 alice postfix/master[55893]: daemon started -- version 3.4.13, configuration /etc/postfix
June 14 08:50:39 alice systemd[1]: Started Postfix Mail Transport Agent (instance -).
June 14 09:16:13 alice systemd[1]: Stopping Postfix Mail Transport Agent (instance -)...
June 14 09:16:13 alice postfix/postfix-script[58960]: stopping the Postfix mail system
June 14 09:16:13 alice postfix/master[55893]: terminating on signal 15
June 14 09:16:13 alice systemd[1]: postfix@-.service: Succeeded.
June 14 09:16:13 alice systemd[1]: Stopped Postfix Mail Transport Agent (instance -).
June 14 09:16:13 alice systemd[1]: Starting Postfix Mail Transport Agent (instance -)...
June 14 09:16:14 alice postfix/postfix-script[59643]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
June 14 09:16:14 alice postfix/postfix-script[59829]: starting the Postfix mail system
June 14 09:16:14 alice postfix/master[59831]: daemon started -- version 3.4.13, configuration /etc/postfix
June 14 09:16:14 alice systemd[1]: Started Postfix Mail Transport Agent (instance -).
June 14 09:19:20 alice postfix/pickup[59832]: F3710A248D: uid=1000 from=<alice>
June 14 09:19:21 alice postfix/cleanup[60444]: F3710A248D: message-id=<20210614071920.F3710A248D@alice>
June 14 09:19:21 alice postfix/qmgr[59833]: F3710A248D: from=<alice@example.com>, size=304, nrcpt=1 (queue active)
June 14 09:19:21 alice postfix/local[60446]: F3710A248D: to=<alice@example.com>, orig_to=<alice>, relay=local, delay=0.04, delay>
June 14 09:19:21 alice postfix/qmgr[59833]: F3710A248D: removed
...
The output shows syslog records about Postfix, starting, stopping, but also about sending mails.
Syslog typically stores log records into the file /var/log/syslog
. However,
the Syslog configuration allows storing log records into different files by the
facility (for further information, read the tutorial How to view Linux logs and
their configuration on Ubuntu
20.04. One of the
facilities is also a mail, soo the Syslog stores all mail logs into the file
/var/log/mail.log
. You can view this file, and you will see that the content
is identical to the previous journactl
query.
If you don't want to use the Syslog daemon for the log maintenance, you can set up Postfix to store logs into the stdout, stderr, or custom**file**.
Let's change the destination of the Postfix log. At first, you must stop the
Postfix service by executing postfix stop
(sudo
required):
$ sudo postfix stop
Now, you can change the value of the directive maillog_file
to the desired log
destination (sudo
required):
$ sudo postconf maillog_file=/some/log/file
There are two typical use cases:
/var/log/postfix.log
./dev/stdout
) is useful when Postfix runs in a
container because Docker stores to the log everything captured from the
stdout.When you set up the value of the maillog_file
, then you must start Postfix
with the new configuration:
$ sudo postfix start
At this point, your Postfix service configuration is reloaded.
The log files size must be controlled because their size always grows over time. Linux solves this problem with a concept called log rotation. In this step, we will configure log rotation for Postfix with Syslog, alternatively for custom log without Syslog support.
If you are using Postfix with the Syslog then you can use Logrotate daemon.
Ubuntu 20.04 uses Logrotate by default, and it also rotates mail logs (including
Postfix, if installed). Logrotate configuration for the Postfix log rotation is
defined in the file /etc/rsyslog.d/50-default.conf
. Let's open this file
(sudo
required for the file editing):
$ sudo nano /etc/rsyslog.d/50-default.conf
The file contains following lines that defines log rotation for the different facilities:
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
The directives in the curly brackets define how to rotate the log defined above
them (for example, mail.log
, kern.log
, or auth.log
have the same log
rotation settings). The file defines that mail log (including Postfix log
/var/log/mail.log
) rotate logs with the following settings:
rotate 4
: Log files are rotated 4 times before being removed. If rotate is
set to 0 then old versions are removed rather than rotated.weekly
: Logs are rotated every week. Alternatively, you can specify another
time interval (daily
, weekly
, monthly
, or yearly
). You can also
specify to rotate every hour (hourly
), but note that the logrotate daemon
runs daily. In such a case, you have to change the logrotate cron job interval
to be able to really rotate logs hourly.missingok
: Daemon do not report any error if the log file is missing.notifempty
: Do not rotate the log if it is empty.delaycompress
: Postpone compression of the previous log file to the next
rotation cycle, because it is still used by some program.postrotate/endscript
: The lines between postrotate
and endscript
are
executed after the log file is rotated.All possible directives are described in logrotate manual pages (you can see
them by executing man logrotate
). When you edit, remove, add settings that
match your use case, you can save, and close the file. Now, your Postfix logs
will be rotated periodically with Logrotate.
If you set up logging into the custom file then Syslog no longer manages log
rotation of the Postfix service. Postfix offers command postfix logrotate
that
do the following:
maillog_file_rotate_suffix
. The default suffix is %Y%m%d-%H%M%S
. For
example, the log file postfix.log
is renamed into the
postfix.log.20210615-114926
).maillog_file_compressor
parameter (default: gzip
).You can run this command by hand, or you can create a cronjob. Let's create
cronjob by executing crontab
:
$ crontab -e
The -e
option is used to edit the current crontab using the editor specified
by the environment variable. You'll be redirected to the file that defines
cronjobs. The file contains some commented-out instructions on how to use it:
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
Add the new line at the end of the file, and put there following line of the code:
# m h dom mon dow command
0 1 * * * postfix logrotate
The code defines a new cron job that runs script postfix logrotate
every day
at 1 am. However, you can set up a period that matches your use case. At this,
point you can save the file and close it. If everything succeeded then you will
see the following output in the console:
Output
crontab: installing new crontab
Now, your custom Postfix log will be rotated periodically with cronjob.
The command postfix logrotate
does not remove old logs. You must treat them on
your own.
In this tutorial, you configured Postfix logging with Syslog, viewed the default settings, changed them, and view the log content. You configured custom Postfix logging without Syslog. At last, you set up a log rotation for Postfix with Syslog and Logrotate daemon. Alternatively, you configured a custom log rotation without the Syslog.