From 2e4388a803649b56ce5d30d6e4836dd815fe531e Mon Sep 17 00:00:00 2001 From: justin Date: Wed, 17 Jun 2026 19:47:13 -0500 Subject: [PATCH] mail: add logrotate for Postfix mail.log (postlogd copytruncate) mail.log had no logrotate rule and grew unbounded to ~1GB (~150MB/day) since Jun 8. This host logs via Postfix's built-in postlogd (maillog_file mode), not rsyslog (no rsyslog.service exists), so postlogd holds the file open -- a plain rename+create would leave it writing to the stale inode. Use copytruncate (no daemon signal needed). Rotate daily, keep 14 days compressed. Applied live: forced first rotation, compressed the 1GB archive (->99MB), verified logging + bounce watchers + DKIM signing intact. Part of the email-deliverability incident hardening (follows DKIM fix 4d59019). --- infra/ansible/roles/mail/tasks/main.yml | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/infra/ansible/roles/mail/tasks/main.yml b/infra/ansible/roles/mail/tasks/main.yml index c99d787..252fa85 100644 --- a/infra/ansible/roles/mail/tasks/main.yml +++ b/infra/ansible/roles/mail/tasks/main.yml @@ -96,3 +96,30 @@ register: postfix_milter changed_when: false notify: Reload postfix + +# Postfix on this host logs via its built-in postlogd (maillog_file mode), not +# rsyslog -- there is no rsyslog.service. postlogd holds mail.log open, so a +# plain rename+create leaves it writing to the old inode. Use copytruncate +# (copy then truncate in place) which needs no daemon signal. mail.log had +# grown unbounded to ~1 GB (~150 MB/day) with no rotation rule at all. +- name: Install logrotate rule for Postfix (postlogd) mail logs + ansible.builtin.copy: + dest: /etc/logrotate.d/rsyslog-mail + owner: root + group: root + mode: "0644" + content: | + /var/log/mail.log + /var/log/mail.err + /var/log/mail.warn + /var/log/mail.info + { + rotate 14 + daily + missingok + notifempty + compress + delaycompress + copytruncate + } +