Bug#1003728: debian-edu-config: nullmailer pollutes syslog on roaming workstations

To: 1003728@bugs.debian.org
Subject: Bug#1003728: debian-edu-config: nullmailer pollutes syslog on roaming workstations
From: Guido Berhoerster <guido@berhoerster.name>
Date: Fri, 8 Sep 2023 08:39:10 +0200
Message-id: <[🔎] cea3ae07-2d3d-c989-a513-9c8c26e4943d@berhoerster.name>
Reply-to: Guido Berhoerster <guido@berhoerster.name>, 1003728@bugs.debian.org
In-reply-to: <20220114124318.Horde.-rjzwlg_uDKhGSIeJnCNm-S@mail.das-netzwerkteam.de>
References: <20220114124318.Horde.-rjzwlg_uDKhGSIeJnCNm-S@mail.das-netzwerkteam.de> <20220114124318.Horde.-rjzwlg_uDKhGSIeJnCNm-S@mail.das-netzwerkteam.de> <20220114124318.Horde.-rjzwlg_uDKhGSIeJnCNm-S@mail.das-netzwerkteam.de>

On Fri, 14 Jan 2022 12:43:18 +0000 Mike Gabriel <mike.gabriel@das-netzwerkteam.de> wrote:
> On Debian Edu Roaming Workstations, the nullmailer pollutes  
> /var/log/mail.info* and /var/log/mail.warn* and lets it rise to  
> several GB if notebooks stay of campus often / for long periods.
> 
> I'd suggest disabling nullmailer syslog writings entirely.
> 
> Opinions on this? Other suggestions?

I checked this on bookworm and found that a manual installation
of a (roaming) workstation does not install nullmailer but exim4.

nullmailer only seems to be installed when using FAI (see
https://salsa.debian.org/debian-edu/debian-edu-fai/-/blob/92ddbdd2e36e50eae95ffbd300c5c60610176fee/fai/config/package_config/DEBIAN#L11).
nullmailer's behavior is indeed problematic, if nullmailer e.g. cannot
connect to the smarthost it will still try to deliver each queued
message without any delays in between which produces 5 lines of log
output each.

(Roaming) workstations which are manually installed seem to use
exim4 with the smarthost configuration from debian-edu-config
(exim-ldap-client-v4.conf) which seems more intelligent and has
configurable backoff when retrying delivery whereas nullmailer can
only be configured with a fixed minimum time between queue runs and
will trigger a queue run when a new message is queued.
Interestingly exim4 is configured to log to its own local logfile
and not syslog.

Now there are different ways to address this:

- as suggested above the quick fix would be to discard messages from
  nullmailer in rsyslog on tjener, I think we should not discard them on
  the client so they still go into the local journal which should have
  size limits (see draft MR:
  https://salsa.debian.org/debian-edu/debian-edu-config/-/merge_requests/26)
- we could also switch the FAI installations to the exim4 smarthost
  configuration like manual installs, then the question is whether exim4
  should log to syslog or not
- we could configure the client rsyslog not to forward the mail facility
  but to log only locally or discard (messages would still be in the local
  journal) 
- we could address this problem more generally by configuring a
  rate-limit, I think this would only be practical on the client,
  rsyslog supports this

So the questions are:

Do we want to address excessive logging in general?
Why the inconsistency between FAI and non-FAI installations?
Should mail logging be local-only?

-- 
Guido Berhoerster

Reply to:

Follow-Ups:
- Bug#1003728: debian-edu-config: nullmailer pollutes syslog on roaming workstations
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Prev by Date: Processed: Bug#1003728 marked as pending in debian-edu-config
Next by Date: Bug#1051446: debian-edu-update-netblock depends on iptables which is not installed by default
Previous by thread: Processed: Bug#1003728 marked as pending in debian-edu-config
Next by thread: Bug#1003728: debian-edu-config: nullmailer pollutes syslog on roaming workstations
Index(es):
- Date
- Thread