Description of problem: During debugging a host with running syslog-ng I found that the RHL 7.3 standard installation with sysklogd and postfix also has this issue. If sysklogd is restarted, postfix's chroot'ed smtpd lost its log unix socket, resulting that many information will no longer be logged. Version-Release number of selected component (if applicable): postfix-1.1.7-2 sysklogd-1.4.1-8 How reproducible: Always Steps to Reproduce: 1.Start ssklogd and postfix 2.Monitor /var/log/maillog 3.Connect from outside to host, deliver an e-mail (but connect is enough) 4.Restart sysklogd Actual Results: No longer logging of smtpd and nqmgr in some cases Expected Results: Still logging further on Additional info: Fix (todo: adjust postfix spec file) # mkdir -p 755 /var/spool/postfix/dev Specify extra log socket for now --- /etc/sysconfig/syslog.orig Wed Feb 12 07:39:41 2003 +++ /etc/sysconfig/syslog Wed Feb 12 07:48:28 2003 @@ -3,7 +3,7 @@ # -r enables logging from remote machines # -x disables DNS lookups on messages recieved with -r # See syslogd(8) for more details -SYSLOGD_OPTIONS="-m 0" +SYSLOGD_OPTIONS="-m 0 -a /var/spool/postfix/dev/log" # Options to klogd # -2 prints all kernel oops messages twice; once for klogd to decode, and # once for processing with 'ksymoops' Perhaps more intelligence is required whether postfix is installed or not, so it would be better to check this in syslog-initscript like if [ -d /var/spool/postfix/dev ]; then SYSLOGD_OPTIONS="$SYSLOGD_OPTIONS -a /var/spool/postfix/dev/log" fi I've set severtiy to "security" because unexpected loose of loglines is imho a security issue.
Problem also found in RHL 8.0 Any reasons why this bug is still in state "NEW"?
BTW: there is a bug in upper shown workaround: - # mkdir -p 755 /var/spool/postfix/dev + # mkdir -p -m 755 /var/spool/postfix/dev
Current postfix rpms no longer run chroot. Wietse Venema and others believe chroot was causing more problems (such as this) than was worth the minimal security enhancement.