From ee4345cfc93747587608f0a87497123a6cacb946 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Mon, 30 Jun 2014 03:34:50 +0200
Subject: Log SASL usernames for longer, but don't include mail.log into
 syslog.

---
 roles/common/templates/etc/rsyslog.d/postfix.conf.j2 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 roles/common/templates/etc/rsyslog.d/postfix.conf.j2

(limited to 'roles/common/templates/etc')

diff --git a/roles/common/templates/etc/rsyslog.d/postfix.conf.j2 b/roles/common/templates/etc/rsyslog.d/postfix.conf.j2
new file mode 100644
index 0000000..5acb56d
--- /dev/null
+++ b/roles/common/templates/etc/rsyslog.d/postfix.conf.j2
@@ -0,0 +1,17 @@
+# Create an additional socket in postfix's chroot in order not to break
+# mail logging when rsyslog is restarted.  If the directory is missing,
+# rsyslog will silently skip creating the socket.
+$AddUnixListenSocket /var/spool/postfix/dev/log
+{% for g in postfix_instance.keys() | sort %}
+{% if g in group_names %}
+$AddUnixListenSocket /var/spool/postfix-{{ postfix_instance[g].name }}/dev/log
+{% endif %}
+{% endfor %}
+
+{% if 'MSA' in group_names %}
+# User of our Authenticated SMTP server can choose the envelope from and From:
+# header of their choice.  As the SASL username is not logged in the mail
+# header, we keep a mapping Postfix's message ID -> SASL username in a separate
+# log file that is only rotated monthly.
+if $programname == 'postfix-msa' and $syslogfacility-text == 'mail' and $msg contains 'sasl_username=' then /var/log/mail.sasl
+{% endif %}
-- 
cgit v1.2.3