This might be of use to others out there. I decided that monitoring mail.log was too much of a pain with all the postscreen and dnsblog 'noise' from obscuring the information that I wanted to see, so I split those log events into their own log file using rsyslogd with the following lines in rsyslogd.conf (before the lines that log mail.log)
if $syslogtag contains 'postscreen' then /var/log/postscreen.log if $syslogtag contains 'postscreen' then ~ if $syslogtag contains 'dnsblog' then /var/log/postscreen.log if $syslogtag contains 'dnsblog' then ~ This lets me keep mail.log for quite a while and rotate off postscreen.log very quickly since it is not something I need to check very often at all. I've been doing this for a week or two now and found it useful enough I thought it worth passing along.
