When running Postfix on Ubuntu systems, mail server logs typically get routed through the system's syslog daemon. The default configuration often results in Postfix messages appearing in both /var/log/syslog and dedicated mail log files, which can create redundancy and make log management inefficient.
The existing syslog configuration shows these relevant directives:
mail.* -/opt/psa/var/log/maillog
mail.info -/var/log/mail.info
mail.warning -/var/log/mail.warn
mail.err -/var/log/mail.err
*.*;auth,authpriv.none -/var/log/syslogThe empty mail-specific log files indicate one of several potential issues:
- Postfix might be configured to log at a different facility than 'mail'
- File permission issues preventing log writes
- Syslog daemon not properly reloaded after configuration changes
Here's how to properly separate Postfix logs from syslog:
Step 1: Modify syslog.conf
# Original line to modify:
*.*;auth,authpriv.none -/var/log/syslog
# Updated version:
*.*;auth,authpriv.none;mail.none;cron.none -/var/log/syslog
# Ensure these mail directives exist:
mail.* -/var/log/mail.log
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err -/var/log/mail.errStep 2: Configure Postfix Logging Behavior
Edit /etc/postfix/main.cf:
# Ensure debug_peer_list is empty
debug_peer_list =
# Set appropriate log levels
maillog_file = /var/log/mail.log
debug_peer_level = 2Step 3: Verify File Permissions
sudo touch /var/log/mail.{log,info,warn,err}
sudo chown syslog:adm /var/log/mail.*
sudo chmod 640 /var/log/mail.*Step 4: Restart Services
sudo service rsyslog restart
sudo service postfix restartIf mail logs remain empty after these changes:
- Check syslog facility with:
logger -p mail.info "Test message" - Verify Postfix log facility with:
postconf -n | grep syslog - Test logging directly:
logger -t postfix/qmgr "Test qmgr message"
For more advanced filtering with rsyslog:
# Create /etc/rsyslog.d/01-postfix.conf
:programname, isequal, "postfix" -/var/log/mail.log
& stopAfter implementation, verify with:
tail -f /var/log/mail.log
grep postfix /var/log/syslog | wc -lThe first command should show Postfix activity, while the second should show minimal or no results.
In Ubuntu systems, Postfix logs typically end up in /var/log/syslog by default, even when you've configured dedicated mail log files in /etc/syslog.conf. Let's examine why this happens and how to properly redirect these logs.
The main problem stems from how syslog processes facility/priority combinations. Your current configuration has:
mail.info -/var/log/mail.info
mail.warning -/var/log/mail.warn
mail.err -/var/log/mail.err
mail.* -/opt/psa/var/log/maillogHowever, Postfix logs at different priority levels (info, warning, error) aren't being captured properly.
Since Ubuntu 10.04 uses rsyslog, we need to modify /etc/rsyslog.d/50-default.conf instead of the legacy syslog.conf:
# Mail logging - separate all Postfix messages
mail.* -/var/log/mail.log
mail.info -/var/log/mail.info
mail.warning -/var/log/mail.warn
mail.err -/var/log/mail.err
# Exclude mail from syslog
*.*;auth,authpriv.none;mail.none -/var/log/syslogAfter making changes, restart rsyslog and verify:
sudo service rsyslog restart
sudo tail -f /var/log/mail.logYou should now see Postfix logs appearing in the dedicated mail log files.
If logs still aren't appearing in the correct files:
- Check file permissions:
sudo chmod 640 /var/log/mail.* - Verify Postfix logging level in
main.cf:syslog_name = postfix - Test with logger:
logger -p mail.info "Test mail info message"
Create /etc/logrotate.d/mail to properly rotate mail logs:
/var/log/mail.log
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err {
weekly
missingok
rotate 4
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}