[Rspamd-Users] syslog and missing log messages

Michael Grimm trashcan at ellael.org
Thu Apr 11 12:04:08 UTC 2024 

Hi,

this is rspamd 3.8.4 and postfix 3.9.0 (milter) running in a jail with FreeBSD 14-STABLE as host. 

My /etc/syslog.conf is configured to send all syslog messages to the host's syslog, *and* to a logfile in addition:

	mail.* /var/log/maillog
	*.* @<host IP>

My local.d/loggin.inc is as follows:

	type = "syslog";
	facility = "mail";
	level = "info";     # log all non-debug messages

I do have difficulties to understand, why some the rspamd messages aren't forwarded to the host's syslog but are reported to /var/log/maillog.

Example /var/log/maillog in the jail:

Apr 11 13:42:20 mail rspamd[72887]: <358183>; proxy; finalize_item: slow rule: DKIM_CHECK(189): 803.19 ms; enable slow timer delay
Apr 11 13:42:20 mail rspamd[72887]: <358183>; proxy; rspamd_stat_classifiers_process: skip statistics as SPAM class is missing
Apr 11 13:42:20 mail rspamd[72887]: <358183>; proxy; rspamd_task_write_log: id: <eyir2q6cqoibchg7i2zpj7ovnfuee3dld2ygq6ex6fjsfivcvj at ujgmihmfgie5>, qid: <4VFd8q0HCjzxrc>, ip: ...
Apr 11 13:42:20 mail rspamd[72887]: <358183>; proxy; rspamd_protocol_http_reply: regexp statistics: 225 pcre regexps scanned, 1 regexps matched, 176 regexps total, 11 regexps cached, 46.92KiB scanned using pcre, 46.92KiB scanned total
Apr 11 13:42:20 mail rspamd[72887]: <e27081>; proxy; proxy_milter_finish_handler: finished milter connection
Apr 11 13:43:01 mail rspamd[72888]: <yj9776>; map; http_map_finish: data is not modified for server maps.rspamd.com, next check at Thu, 11 Apr 2024 15:43:01 GMT (http cache based: Thu, 11 Apr 2024 15:43:01 GMT)

Corresponding syslog at the host:

Apr 11 13:42:20 <mail.info> mail rspamd[72887]: <358183>; proxy; finalize_item: slow rule: DKIM_CHECK(189): 803.19 ms; enable slow timer delay
Apr 11 13:42:20 <mail.info> mail rspamd[72887]: <358183>; proxy; rspamd_stat_classifiers_process: skip statistics as SPAM class is missing
? rspamd_task_write_log
? rspamd_protocol_http_reply 
Apr 11 13:42:20 <mail.info> mail rspamd[72887]: <e27081>; proxy; proxy_milter_finish_handler: finished milter connection
Apr 11 13:43:01 <mail.info> mail rspamd[72888]: <yj9776>; map; http_map_finish: data is not modified for server maps.rspamd.com, next check at Thu, 11 Apr 2024 15:43:01 GMT (http cache based: Thu, 11 Apr 2024 15:43:01 GMT)


FYI: reverting /etc/syslog.conf entries and omitting 'mail.* /var/log/maillog' doesn't help.


Any hints for understanding and thus solving this issue is highly appreciated.

Thanks in advance and regards,
Michael

More information about the Users mailing list