Bug#1003728: debian-edu-config: nullmailer pollutes syslog on roaming workstations
On Fri, 14 Jan 2022 12:43:18 +0000 Mike Gabriel <mike.gabriel@das-netzwerkteam.de> wrote:
> On Debian Edu Roaming Workstations, the nullmailer pollutes
> /var/log/mail.info* and /var/log/mail.warn* and lets it rise to
> several GB if notebooks stay of campus often / for long periods.
>
> I'd suggest disabling nullmailer syslog writings entirely.
>
> Opinions on this? Other suggestions?
I checked this on bookworm and found that a manual installation
of a (roaming) workstation does not install nullmailer but exim4.
nullmailer only seems to be installed when using FAI (see
https://salsa.debian.org/debian-edu/debian-edu-fai/-/blob/92ddbdd2e36e50eae95ffbd300c5c60610176fee/fai/config/package_config/DEBIAN#L11).
nullmailer's behavior is indeed problematic, if nullmailer e.g. cannot
connect to the smarthost it will still try to deliver each queued
message without any delays in between which produces 5 lines of log
output each.
(Roaming) workstations which are manually installed seem to use
exim4 with the smarthost configuration from debian-edu-config
(exim-ldap-client-v4.conf) which seems more intelligent and has
configurable backoff when retrying delivery whereas nullmailer can
only be configured with a fixed minimum time between queue runs and
will trigger a queue run when a new message is queued.
Interestingly exim4 is configured to log to its own local logfile
and not syslog.
Now there are different ways to address this:
- as suggested above the quick fix would be to discard messages from
nullmailer in rsyslog on tjener, I think we should not discard them on
the client so they still go into the local journal which should have
size limits (see draft MR:
https://salsa.debian.org/debian-edu/debian-edu-config/-/merge_requests/26)
- we could also switch the FAI installations to the exim4 smarthost
configuration like manual installs, then the question is whether exim4
should log to syslog or not
- we could configure the client rsyslog not to forward the mail facility
but to log only locally or discard (messages would still be in the local
journal)
- we could address this problem more generally by configuring a
rate-limit, I think this would only be practical on the client,
rsyslog supports this
So the questions are:
Do we want to address excessive logging in general?
Why the inconsistency between FAI and non-FAI installations?
Should mail logging be local-only?
--
Guido Berhoerster
Reply to: