Ok, so if I understand this correctly, I have to do something like
this:
mail.info;local4.none /var/log/maillog
mail.notice;local4.none /var/log/maillog_rejects
mail.alert;mail.err;mail.crit;local4.none /var/log/maillog_errors
Which of doesn't work. I now have a new file maillog_rejects with a
single reject notice in there, and duplicates in the maillog file for
a a total of 3 messages for each rejection. This is just consuming
diskspace as well as increased disk i/o. I tried a combination of
things like mail.info;!mail.notice which resulted in all mail systems
stopping logging. Is this something I will have to hack in the code
to get the desired results, or am I simply missing something here?
Regards,
Jeff
> -----Original Message-----
> From: Philip Hazel [mailto:ph10@cus.cam.ac.uk]
> Sent: Friday, November 22, 2002 5:43 AM
> To: Christopher Bodenstein
> Cc: Jeffrey Wheat; exim-users@???
> Subject: Re: [Exim] syslog question (4.10)
>
>
> On Fri, 22 Nov 2002, Christopher Bodenstein wrote:
>
> > > Nov 21 16:33:33 mail exim[50884]: 2002-11-21 16:33:33
> > > H=to7.senderlist5682.com [12.158.236.70]
> > > F=<dneu9@???> rejected RCPT
> <user@???>: host
> > > is listed in sbl.spamhaus.org Nov 21 16:33:33 mail exim[50884]:
> > > 2002-11-21 16:33:33 H=to7.senderlist5682.com [12.158.236.70]
> > > F=<dneu9@???> rejected RCPT
> <user@???>: host
> > > is listed in sbl.spamhaus.org
> > >
> > > Obviously this will make the logs much bigger than they
> need to be
> > > for starters. Is there a way to correct this so that I
> only get one
> > > entry?
> > >
> > Check out your syslogd.conf file. You're probably logging both
> > mail.log and mail.err to the same file, hence the duplicate
> entries.
> > (just my guess ;)
>
> Correct guess in general, details not quite... :-) As it says
> in the manual:
>
> 44.3 Logging to syslog
>
> The use of syslog does not change what Exim logs or the
> format of its messages, except in one respect. If
> "syslog_timestamp" is set false, the timestamps on Exim's log
> lines are omitted when these lines are sent to syslog. Apart
> from that, the same strings are written to syslog as to log
> files. The syslog 'facility' is set to LOG_MAIL, and the
> program name to 'exim'. On systems that permit it (all except
> ULTRIX) the LOG_PID flag is set so that the "syslog()" call
> adds the pid as well as the time and host name to each line.
> The three log streams are mapped onto syslog priorities as follows:
>
> "mainlog" is mapped to LOG_INFO
>
> "rejectlog" is mapped to LOG_NOTICE
>
> "paniclog" is mapped to LOG_ALERT
>
> Many log lines are written to both "mainlog" and "rejectlog",
> so there will be duplicates if these are routed by syslog to
> the same place.
>
>
> --
> Philip Hazel University of Cambridge Computing Service,
> ph10@??? Cambridge, England. Phone: +44 1223 334714.
>
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.419 / Virus Database: 235 - Release Date: 11/13/2002
>
>
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
http://www.grisoft.com).
Version: 6.0.422 / Virus Database: 237 - Release Date: 11/20/2002