Postfix no logging in to /var/log/mail*

Postfix no logging in to /var/log/mail*
Restart postfix and rsyslog does not help.
Files /var/log/mail* always empty.

/etc/systemd/journald.conf

[Journal]
Storage=none
....

/etc/rsyslog.conf

##
## === When you're using remote logging, enable on-disk queues ===
## === in rsyslog.d/remote.conf. When neccesary also set the   ===
## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog,   ===
## === e.g. when rsyslog has to receive on a specific IP only. ===
##
## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules
## (provided in separate rsyslog-module-* packages) are enabled, the
## configuration can't be used on a system with /usr on a remote
## filesystem, except on newer systems where initrd mounts /usr.
## [The modules are linked against libraries installed bellow of
##  /usr thus also installed in /usr/lib*/rsyslog because of this.]
##

#
# if you experience problems, check
# http://www.rsyslog.com/troubleshoot for assistance
# and report them at http://bugzilla.novell.com/
#

# since rsyslog v3: load input modules
# If you do not load inputs, nothing happens!

# provides --MARK-- message capability (every 1 hour)
$ModLoad immark.so
$MarkMessagePeriod      3600

# provides support for local system logging (e.g. via logger command)
$ModLoad imuxsock.so

# reduce dupplicate log messages (last message repeated n times)
$RepeatedMsgReduction   on

# kernel logging (may be also provided by /sbin/klogd)
# see also http://www.rsyslog.com/doc-imklog.html.
$ModLoad imklog.so
# set log level 1 (same as in /etc/sysconfig/syslog).
$klogConsoleLogLevel    1

# Use rsyslog native, rfc5424 conform log format as default
# ($ActionFileDefaultTemplate RSYSLOG_FileFormat).
#
# To change a single file to use obsolete BSD syslog format
# (rfc 3164, no high-precision timestamps), set the variable
# bellow or append ";RSYSLOG_FileFormat" to the filename.
# See
#   http://www.rsyslog.com/doc/rsyslog_conf_templates.html
# for more informations.
#
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Include config generated by /etc/init.d/syslog script
# using the SYSLOGD_ADDITIONAL_SOCKET* variables in the
# /etc/sysconfig/syslog file.
#
$IncludeConfig /run/rsyslog/additional-log-sockets.conf

#
# Include config files, that the admin provided? :
#
$IncludeConfig /etc/rsyslog.d/*.conf


###
# print most important on tty10 and on the xconsole pipe
#
if    ( \
        /* kernel up to warning except of firewall  */ \
        ($syslogfacility-text == 'kern')      and      \
        ($syslogseverity <= 4 /* warning */ ) and not  \
        ($msg contains 'IN=' and $msg contains 'OUT=') \
    ) or ( \
        /* up to errors except of facility authpriv */ \
        ($syslogseverity <= 3 /* errors  */ ) and not  \
        ($syslogfacility-text == 'authpriv')           \
    ) \
then {
    /dev/tty10
    |/dev/xconsole
}


# Emergency messages to everyone logged on (wall)
*.emerg                     :omusrmsg:*

# enable this, if you want that root is informed
# immediately, e.g. of logins
#*.alert                root

#
# firewall messages into separate file and stop their further processing
#
if    ($syslogfacility-text == 'kern') and \
    ($msg contains 'IN=' and $msg contains 'OUT=') \
then {
    -/var/log/firewall
    stop
}


#
# acpid messages into separate file and stop their further processing
#
# => all acpid messages for debuging (uncomment if needed):
#if    ($programname == 'acpid' or $syslogtag == '[acpid]:') then \
#    -/var/log/acpid
#
# => up to notice (skip info and debug)
if    ($programname == 'acpid' or $syslogtag == '[acpid]:') and \
    ($syslogseverity <= 5 /* notice */) \
then {
    -/var/log/acpid
    stop
}


#
# NetworkManager into separate file and stop their further processing
#
if      ($programname == 'NetworkManager') or \
    ($programname startswith 'nm-') \
then {
    -/var/log/NetworkManager
    stop
}


#
# email-messages
#
mail.*                    -/var/log/mail
mail.info                -/var/log/mail.info
mail.warning                -/var/log/mail.warn
mail.err                 /var/log/mail.err


#
# news-messages
#
news.crit                -/var/log/news/news.crit
news.err                -/var/log/news/news.err
news.notice                -/var/log/news/news.notice
# enable this, if you want to keep all news messages
# in one file
#news.*                    -/var/log/news.all


#
# Warnings in one file
#
*.=warning;*.=err            -/var/log/warn
*.crit                     /var/log/warn


#
# the rest in one file
#
*.*;mail.none;news.none            -/var/log/messages


#
# enable this, if you want to keep all messages
# in one file
#*.*                    -/var/log/allmessages


#
# Some foreign boot scripts require local7
#
local0.*;local1.*            -/var/log/localmessages
local2.*;local3.*            -/var/log/localmessages
local4.*;local5.*            -/var/log/localmessages
local6.*;local7.*            -/var/log/localmessages

###

postconf -n

alias_maps = hash:/etc/aliases
biff = no
compatibility_level = 2
daemon_directory = /usr/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_protocols = ipv4
local_recipient_maps = $alias_maps
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
manpage_directory = /usr/share/man
message_size_limit = 0
mydomain = $myhostname
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_domains = $mydestination, hash:/etc/postfix/relay
sample_directory = /usr/share/doc/packages/postfix-doc/samples
setgid_group = maildrop
smtp_tls_CAfile = /etc/apache2/ssl.crt/wosign.com.crt
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_cert_file = /etc/apache2/ssl.crt/ilya.pp.ua.crt
smtp_tls_key_file = /etc/apache2/ssl.key/ilya.pp.ua.key
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_client, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, permit_sasl_authenticated, reject
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/apache2/ssl.crt/wosign.com.crt
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/apache2/ssl.crt/ilya.pp.ua.crt
smtpd_tls_key_file = /etc/apache2/ssl.key/ilya.pp.ua.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_gid_maps = static:303
virtual_mailbox_base = /var/lib/vmail
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:303

ls -lah /var/log | grep mail

-rw-r--r--  1 root  root     0 дек 19 20:34 mail
-rw-r--r--  1 root  root     0 дек 19 20:31 mail.err
-rw-r--r--  1 root  root     0 дек 19 20:31 mail.info
-rw-r--r--  1 root  root     0 дек 19 20:31 mail.log
-rw-r--r--  1 root  root     0 дек 19 20:31 mail.warn

Have you searched the journal? For instance,

journalctl -u postfix.service

Depending on what you’re looking for, you can further modify the above to search within the last boot, only today, within a day/time range, error levels, more.

You can also export syslog data into the legacy log files like what you’re asking about.

TSU

Did you check journald.conf (ForwardToSyslog and MaxLevelSyslog)? Do you see any postfix log entries with journalctl? If you test with “logger -p mail.info …”, does it appear in log file?

I uncommented ForwardToSyslog=yes

[Journal]
Storage=none
Compress=yes
#Seal=yes
#SplitMode=login
#SyncIntervalSec=4m
#RateLimitInterval=30s
#RateLimitBurst=1000
SystemMaxUse=4M
#SystemKeepFree=
SystemMaxFileSize=4M
RuntimeMaxUse=4M
#RuntimeKeepFree=
RuntimeMaxFileSize=4M
#MaxRetentionSec=
MaxFileSec=1week
**ForwardToSyslog=yes**
ForwardToKMsg=no
ForwardToConsole=no
TTYPath=/dev/tty10
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info

sudo systemctl restart systemd-journald

It helped me.
This means that I have to use systemd-journald, if you want to get logs from postfix?
I’m not talking about the manual specify the log file in the configuration file, as in all normal applications, however at least with rsyslog directly without systemd-journald, postfix can work?

That’s strange, I expected it to be default.

This means that I have to use systemd-journald, if you want to get logs from postfix?

It has nothing to do with postfix. On systems using modern systemd journald is central instance that receives log entries from different sources, including traditional /dev/log. It then optionally forwards them to legacy syslog daemon (some daemons can pull log entries from journal and do not need this). Syslog implementations, shipped with openSUSE, are configured to get logs from journald, not from /dev/log.

Hmm … now when I mentioned it, your problem may result from disagreement between journald - that expects syslog daemon to pull entries - and syslog daemon that is configured to passively listen what journald pushes to it.

Yup,
It seems there has been some major changes recently.

I just posted in another similar thread a link to the Arch Wiki on journald and syslog-ng

https://forums.opensuse.org/showthread.php/521941-Postfix-logfiles?p=2805803#post2805803

TSU

I stay corrected, it is disabled by default upstream for quite some time and in consequence in TW as well.