search

fastmail / authentication_milter

Email Authentication by SPF/DKIM/DMARC etc.
Other
121 stars 21 forks source link

how to reduce log level? "log_dispatchouli" : {"priority" : "emergency"}" is ignored/incorrect. #87

Open pgnd opened 4 years ago

pgnd commented 4 years ago

i'm attempting to dial DOWN the verbosity of auth-milter output, logging only to systemd's journald at a specified loglevel.

if my auth-milter config includes

    {
        "debug"     : 0,
        "dryrun"    : 0,
        "logtoerr"  : 0,
        "error_log" : "/var/log/fm-auth-milter/fm-auth-milter.err",
        "errors_headers" : {},
        "log_dispatchouli" : {
            "ident"    : "fm-auth-milter",
            "facility" : "mail",
            "priority" : "emergency",
        },

with that^, journal still contains verbose output, e.g.

    ...
    Nov 03 08:41:41 mx03 postfix/postscreen-internal/smtpd[47044]: NOQUEUE: client=mail10-1.sender01.com[111.222.111.222]
    Nov 03 08:41:41 mx03 fm-auth-milter[47095]: B0665AE6539: SMTP Transaction count: 1.1
    Nov 03 08:41:41 mx03 fm-auth-milter[47095]: B0665AE6539: SPFCode: pass
    Nov 03 08:41:41 mx03 fm-auth-milter[47095]: B0665AE6539: EncryptedAs: TLSv1.2, ECDHE-RSA-AES256-GCM-SHA384, 256/256 bits
    Nov 03 08:41:41 mx03 fm-auth-milter[47095]: B0665AE6539: ARCResult: No ARC headers
    Nov 03 08:41:42 mx03 fm-auth-milter[47095]: B0665AE6539: DKIMResult: pass
    Nov 03 08:41:42 mx03 fm-auth-milter[47095]: B0665AE6539: DMARCCode: pass
    Nov 03 08:41:42 mx03 fm-auth-milter[47095]: B0665AE6539: DMARCDisposition: none
    Nov 03 08:41:42 mx03 fm-auth-milter[47095]: B0665AE6539: DMARCSubdomain: no
    Nov 03 08:41:42 mx03 fm-auth-milter[47095]: B0665AE6539: DMARCPolicy: reject default
    Nov 03 08:41:42 mx03 fm-auth-milter[47095]: B0665AE6539: DMARCReportTo (skipped): mailto:dmarc_rua@emaildefense.proofpoint.com
    Nov 03 08:41:42 mx03 fm-auth-milter[47095]: B0665AE6539: PreHeader: Received-SPF: pass<LF>    (sender01.com: Sender is authorized to use 'sender01@domain01.com' in 'mfrom' identity (mechanism 'include:_spf.sender01.com' matched))<LF>    receiver=auth-milter.mx.example.com;<LF>    identity=mailfrom;<LF>    envelope-from="sender01@domain01.com";<LF>    helo=mail10-1.sender01.com;<LF>    client-ip=111.222.111.222
    ...

how do you turn auth-milter's log level down?

marcbradshaw commented 4 years ago

I don't think this is possible (easily) with the current setup, I'll make it a feature request.

pgnd commented 4 years ago

it's manageable using rsyslog. e.g.,

if (
    $programname == 'fm-auth-milter' AND $syslogseverity <= '5')
) then {
    action(type="omfile" sync="off" file="/var/log/milters.log")
    stop
}

works well enough to segregate less noise into a target file.

no, it doesn't actually limit the logging level ... just makes seeing only what you want a tad more convenient.

blackpaulillyria commented 3 years ago

Hi, I would love to see this functionality added too. It's adversely affecting performance of applications that read maillog entries