Hello,
I've poked around the archives and wiki and can't tell what I'm
missing. Soo...
Using 4.50, I am trying to add a mailserver to a central-loghost setup
i've already had running.
Adding
LOG_FILE_PATH=:syslog
to the beginning of main worked well enough; the local logging appears
to be completely unchanged. I have mainlog, rejectlog etc. in
/var/log/exim4/ steaming right along. Great.
The server itself is logging as per my syslog-ng / stunnel setup, and
items are hitting the database properly. Great.
What isn't great is i seem to have no control whatsoever over what Exim
is sending over the wire / to syslog, and what's deeply weird is that it
is still logging the 'missing' info locally. Adding a
log_selector = +all
seems to change nothing. What's also odd is I noted the default
settings, and commented out this statement completely, rebuilt the exim
config, and stopped / restarted the mta completely. No change. o_O
I've messed with various settings for it, but ranging from "default" to
"everything" should really have done it if that was it, yah?
I can tail -f the mailserver's local /var/log/exim4/rejectlog all day,
and watch it scroll along (would someone tell Verizon that offering
Fiber lines to the home is only a good idea if you have at least some
basic security measures in place?), and at the same time my central host
only seems to be logging debug and info:
15993057 <server>
mail-debug 2006-06-23 11:48:59 imapd-ssl: Connection,
ip=[::ffff:1.2.3.4]
15993056 <server>
<https://syslogs/index.php?host%5B%5D=dirtybill&table=logs&limit=100&orderby=seq&order=DESC&collapse=1&pageId=Search&>
mail-debug 2006-06-23 11:48:59 imapd-ssl: Unexpected SSL connection
shutdown.
15993055 <server>
<https://syslogs/index.php?host%5B%5D=dirtybill&table=logs&limit=100&orderby=seq&order=DESC&collapse=1&pageId=Search&>
mail-debug 2006-06-23 11:48:59 pop3d-ssl: Connection,
ip=[::ffff:1.2.3.4]
so i know items are being sent to syslog-ng, and stunnel is shooting
them over to my central host. doing a
logger -p mail.notice HiI'mAHackedCableModemUser
gets inserted into the central logs.
Occasionally, i see
15993211 <server> mail-err 2006-06-23 11:51:51 imapd-ssl:
DISCONNECTED, user=..... etc
so i know that facilities greater than .notice, as the rejectlog is
supposed to map to, can make it across.
My syslog-ng config makes it pretty clear that mail.notice should be
logged just fine, and like i said firing off a test with logger from the
mailserver *does* get logged in the central host. So i'm pretty sure it
isn't -ng or stunnel.
This exim was compiled with local logging, obviously. the PATH
directive is at the head of the config; but i've left log_selector where
is already was, by default. I get no errors or warnings when i
update-exim.conf.
What affects, or can affect, what gets sent to syslog? It seems to me
like the rejectlog entries are just never being sent to the syslog
facility. Which is odd, since other entries are. And for that matter,
how can i turn down some of these spammy 'debug' level messages... i
can't see how it's turned on by default (log_selector is currently
commented out and therefore should be at defaults).
thanks for reading this novella. I don't like being this stumped.
getting more coffee,
rob
--
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com
