1

Topic: Logwatch messages

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
Topic: Change domain admin email address
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9 MYSQL edition
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Ubuntu Ubuntu 18.04.1 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Trying to understand monitor daily email Logwatch report sent by cron/scheduled script.
Not sure the definitions of few terms and thus don't know if any administrative action is required.

Can you send me some reference info or links to study?

For example:
In section "Amavisd-new ", there are "Spam passed" and "Spammy passed"? Are they the same, any differences?
In section "Postix", there are many "**Unmatched Entries**", are they error message of the postfix server?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Logwatch messages

- "Spam passed" means spam emails passed to users' mailboxes.
- "Spammy passed" means possible spams, and also passed to mailboxes.

You can check Amavisd doc to get more details:
https://amavis.org

3

Re: Logwatch messages

ZhangHuangbin wrote:

- "Spam passed" means spam emails passed to users' mailboxes.
- "Spammy passed" means possible spams, and also passed to mailboxes.

You can check Amavisd doc to get more details:
https://amavis.org

Thank you.

For postfix unmatched entries... since there are many, how to tell which I should take action to rectify any potential issue. Any doc to study?

4

Re: Logwatch messages

Try to understand the log content itself, then you can answer whether it's safe to ignore.

5

Re: Logwatch messages

Hi.
I would like to add my 10 cents worth.

I've just installed the latest iRedMail and iRedAdmin (MySQL on Ubuntu 18/04) and have also been getting long messages from PostFix Unmatched Entries.   I personally think this is is a dangerous thing to receive every day as I am already ignoring it and clicking delete. its training me to ignore logs as it is not useful.

I've tried reading it. I come with 40 years computer experience including running email for over 30 years. I cannot find any useful information to action.

Example:
1   Dec 30 04:08:23 mail01 postfix/qmgr[231505]: 4D5Hnz6t4Gz3rqh: from=<friendsvalid@email.address>, size=3745, nrcpt=1 (queue active)

What am I meant to do with this? did it make it through? Who was it to? what is wrong with it? whats unmatched?

       1   Dec 30 11:19:49 mail01 postfix/cleanup[275329]: 4D5TMn0vnTz3rlM: message-id=<20201230111946.1.4FA71AF268568C35@post.xero.com>

Did someone miss out on receiving an invoice? Why?

The entries aren't in date / time order so make no sense from that point of view.

I could use the time date and grep through logs but to what purpose? Most of these seem like a waste of time and the others I have no idea what happened. I dont have time to scroll through hundreds of these every day.

Is this something specific to iRedMail or is it part of a change in the PostFix systems?

Which ever way it is a thing that will put people off iRedMail.

Thoughts?

6 (edited by ming 2020-12-31 18:00:50)

Re: Logwatch messages

vbconz wrote:

Hi.
I would like to add my 10 cents worth.

I've just installed the latest iRedMail and iRedAdmin (MySQL on Ubuntu 18/04) and have also been getting long messages from PostFix Unmatched Entries.   I personally think this is is a dangerous thing to receive every day as I am already ignoring it and clicking delete. its training me to ignore logs as it is not useful.

I've tried reading it. I come with 40 years computer experience including running email for over 30 years. I cannot find any useful information to action.

Example:
1   Dec 30 04:08:23 mail01 postfix/qmgr[231505]: 4D5Hnz6t4Gz3rqh: from=<friendsvalid@email.address>, size=3745, nrcpt=1 (queue active)

What am I meant to do with this? did it make it through? Who was it to? what is wrong with it? whats unmatched?

       1   Dec 30 11:19:49 mail01 postfix/cleanup[275329]: 4D5TMn0vnTz3rlM: message-id=<20201230111946.1.4FA71AF268568C35@post.xero.com>

Did someone miss out on receiving an invoice? Why?

The entries aren't in date / time order so make no sense from that point of view.

I could use the time date and grep through logs but to what purpose? Most of these seem like a waste of time and the others I have no idea what happened. I dont have time to scroll through hundreds of these every day.

Is this something specific to iRedMail or is it part of a change in the PostFix systems?

Which ever way it is a thing that will put people off iRedMail.

Thoughts?

This is a configuration problem of logwatch. Postfix 2.8 starts to use a new and longer identifier. You need to change the configuration of logwatch to match it.

Edit the file /etc/logwatch/conf/services/postfix.conf (if it does not exist, create a new one), and write the following to enable support for postfix long queue id:

$postfix_Enable_Long_Queue_Ids = Yes

The default value of this configuration can be found in /usr/share/logwatch/default.conf/services/postfix.conf, it is No.

Check the link below:
https://forum.iredmail.org/topic17546-l … tries.html
https://forum.efa-project.org/viewtopic.php?t=3596

7

Re: Logwatch messages

Fixed by adding `$postfix_Enable_Long_Queue_Ids = Yes`:
https://github.com/iredmail/iRedMail/co … 7c192f7374