Artica Milter exposes a local REST control API on a Unix socket, plus operator-facing verdict lines in Postfix's
mail.log. Together they let you monitor throughput, reload the policy with zero downtime, generate DKIM keys and dry-run greylisting or DLP decisions — all scriptable from the shell.
mail.log format with a rule= attribution, so existing parsers keep working.All examples below use curl on the gateway itself:
SOCK=/usr/share/artica-postfix/bin/run/artica-milter.sock
GET /statscurl -s --unix-socket $SOCK http://x/stats | jq .
Returns a JSON snapshot: daemon version and uptime, message counts by action, 1s/10s/60s rates, lookup-cache statistics (hits, misses, timeouts), database-writer queue depth/drops, per-instance counters, plus dedicated greylisting and dlp blocks. Add ?full=1 to include Go memory statistics.
GET /reloadcurl -s --unix-socket $SOCK http://x/reload
Flushes the rule cache and reloads all rules and options from the database, and applies any pending PostgreSQL schema patches. This is what the web interface calls when you press Reload service.
GET /createPK/{domain}/{selector}curl -s --unix-socket $SOCK http://x/createPK/example.com/mail
Creates the private key at /etc/dkimPKs/example.com/mail.pem (used by both DKIM and ARC rules).
GET /greylisting/metrics, POST /greylisting/simulatecurl -s --unix-socket $SOCK http://x/greylisting/metrics
curl -s --unix-socket $SOCK -X POST http://x/greylisting/simulate \
-d '{"instance_id":0,"hostname":"mx.example.net","ip":"203.0.113.10","mail_from":"user@example.net"}'
The simulator evaluates the active policy for a hostname + IP + sender tuple without side effects — ideal to answer "why was this sender delayed?".
GET /dlp/metrics, POST /dlp/simulatecurl -s --unix-socket $SOCK http://x/dlp/metrics
curl -s --unix-socket $SOCK -X POST http://x/dlp/simulate \
-H 'Content-Type: application/json' \
-d '{"instanceid":0,"subject":"q3 report","text_body":"card 4111 1111 1111 1111"}'
The DLP simulator runs the active per-instance policy against the supplied subject/body/attachment text and returns the matched rule, detectors (with redacted values) and the action that would be taken — no mail is sent, no incident is recorded.
Active decisions are written into Postfix's mail.log under the instance's own syslog tag, in the standard Postfix shape:
postfix/artica-milter[1234]: NOQUEUE: milter-reject: END-OF-MESSAGE from mx.example.net[203.0.113.10]:
554 5.7.1 Message blocked by DLP policy; from=<a@example.net> to=<b@example.com> rule=dlp:12:Block confidential data leaks
The keyword after milter- reflects the action class (reject, sign, backup, bcc, header, info), and rule= carries the deciding rule's id and name — everything a SIEM needs for attribution. A plain accept is not logged here (no noise).
For deep troubleshooting, a separate internal debug stream can be enabled — see Debug mode and export events.