On 4/18/2010 4:40 PM, groups wrote:
Noel Jones wrote, On 04/18/2010 04:20 PM:
On 4/18/2010 4:16 PM, groups wrote:
Postfix logs help you know what happened to a particular message. Look
in your logs for bounces (sender=<>) arriving from your relayhost, and
see what postfix does with it. No need to wonder where they went.
-- Noel Jones
A lot of the send only hosts have only an IP (not in DNS)
Look in the logs for the IP to find associated QUEUEIDs.
Apr 18 16:01:24 mailhost postfix/qmgr[3283]: 5BE9956799: from=<>,
size=89424, nrcpt=1 (queue active)
Look in the logs for other entries with that same QUEUEID 5BE9956799
to see other information associated with that transaction.
only 1 entry per transaction ID..
notthing in
/var/spool/postfix ...
ok.. and found something interesting..
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 04C2A56799: from=<>,
size=83199, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 2B54756799: from=<>,
size=83614, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 4D99856799: from=<>,
size=84029, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 7B1F756799: from=<>,
size=84444, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: 9BD4456799: from=<>,
size=84859, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: BF6DC56799: from=<>,
size=85274, nrcpt=1 (queue active)
Apr 18 16:01:22 mailhost postfix/qmgr[3283]: E147056799: from=<>,
size=85689, nrcpt=1 (queue active)
All have the same invalid recipient..
These show the sender and number of recipients = 1; the
recipient address is listed in a different log line.
That seems like an awful lot of bounces in a short period of
time. Sending lots of mail to undeliverable addresses is a
red flag that something is wrong -- such as a badly outdated
mail list, or a compromised machine spewing spam.
One of your tasks is to investigate why there are so many
bounces, and find a way to reduce them. Sending large amounts
of undeliverable mail will have a bad effect on your server's
reputation and may eventually lead to blacklisting.
Almost looks like it is "ping-ponging" back and forth between the
*master-relay* and my relay..
Messages with the null sender "<>" are never bounced, they
must be delivered or discarded.
Bounces are always sent with the null sender.
This prevents bounces from ever looping (except in rare cases
of stupid user tricks such as a .forward that rewrites <> to
something else -- don't do that).
Further information about those messages can be found in the logs.
I have seen this invalid recipient on the old Sendmail box.. and
it ended up in my queue then expires.. (the sender host has been out of
the office when I tried to contact them)
so it looks like I have something not right..
there is nothing in mailq..
Charles
You need to examine the log further. If there's a problem,
postfix will likely tell you what it is, or at least give you
a better idea of where to look.
Postfix generates several log lines for each message. You
need to look at *all* the lines with the same QUEUEID to see
what happened to a message.
Logs for a single message look something like this below (with
my comments). Because postfix can process many messages in
parallel, logs for a single message may be separated by a
considerable number of unrelated log entries. There may be
more or fewer entries depending on what happens with a
transaction, but this is fairly typical.
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: connect from
private.webmail.example.org[192.168.70.47] to smtpd
(client connected; the hostname and IP are logged)
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: 1A2C779788F:
client=private.webmail.example.org[192.168.70.47]
(the QUEUEID "1A2C779788F" is assigned. That means there was
at least one recipient accepted and a queue file was created.
Future lines pertaining to this specific message will
include this same QUEUEID)
Apr 18 00:00:20 mgate2 postfix/cleanup[92028]: 1A2C779788F:
message-id=<11004180000.aa11...@example.org>
(the Message-id: header is logged. This is a helpful unique
message identifier when searching the logs for a specific
message.)
Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F:
from=<>, size=382, nrcpt=1 (queue active)
(envelope sender, size, number of recipients, which queue it's
assigned to)
Apr 18 00:00:20 mgate2 postfix/smtpd[91955]: disconnect from
private.webmail.vbhcs.org[192.168.70.47]
(postfix has disconnected from the client. This line can be
related to the "connect" line above by the smtpd process id,
in this case "91955")
Apr 18 00:00:20 mgate2 postfix/local[94393]: 1A2C779788F:
to=<njo...@example.org>, relay=local, delay=0.11, delays=0.05
/0.03/0/0.02, dsn=2.0.0, status=sent (delivered to maildir)
(the mail was delivered to a local user)
Apr 18 00:00:20 mgate2 postfix/qmgr[95868]: 1A2C779788F: removed
(postfix completed this message, and removed the queue file)
-- Noel Jones
