postfix is sending only warnings to messages
Well, this rings a bell. When you run a chrooted postfix then it could fall back using /dev/log (or its FreeBSD equivalent) in the chroot when syslog-ng is restarted. A commonly used workaround on linux is to create the /var/spool/postfix/dev directory by hand and add /var/spool/postfix/dev/log to the sources of syslog-ng.
Interesting point, thanks. We aren't running chroot, but noted for the future. To the "log" directives feeding stuff into destination file "messages", I added a NOT filter for "postfix.*warning" and for "postgrey".
I don't see any problems with your config, although I did only a quick check.
fixed my error: filter f_conn_from_unk { match(": connection from unknown"); }; to filter f_conn_from_unk { match(": connect from unknown"); }; thanks, Len