Re: postfix log

2009-10-15 Thread Noel Jones 

On 10/15/2009 1:36 PM, Mark Johnson wrote:

Where I can setup log level on postfix to look at more details hankshake 
between server and client?
I have default setting on debug_peer_level = 2
Sendmail has LogLevel=15


Thanks.
MJ






Generally you add the interesting client IP to 
debug_peer_list, or add a -v to the master.cf service you're 
interested in.


http://www.postfix.org/DEBUG_README.html

  -- Noel Jones

Re: postfix log

2012-03-22 Thread Noel Jones 
On 3/22/2012 2:12 PM, K bharathan wrote:
> hi
> appreciate if somebody could help interpret the following log:
> 
> Mar 22 21:07:25 relay0 postfix/smtpd[61707]: disconnect from
> unknown[69.167.155.81]
> Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: start
> interval Mar 22 21:03:29
> Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: domain
> lookup hits=20 miss=20 success=50%
> Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: address
> lookup hits=0 miss=20 success=0%
> 
> why it is saying 'success=50%' !
> 
> am running a local resolver (unbound)
> 
> -bharathan
> 
> 

This has nothing to do with DNS.

Please see
http://www.postfix.org/CONNECTION_CACHE_README.html
http://www.postfix.org/scache.8.html



  -- Noel Jones

Re: postfix log

2011-11-18 Thread Brian Evans - Postfix List 
On 11/18/2011 8:45 AM, Amira Othman wrote:
>
> Hi all
>
> Is it possible to have postfix log to be written in database instead
> of file? If it’s not possible could I copy some information out of log
> file and then insert them in database?
>
>

As reported to you twice in the past week, Postfix logs to your syslog
daemon.
It will basically only send the facility, level and message.
It does not choose what to do with it.

Some syslog daemons, such as syslog-ng, can log to a database.
This is beyond the scope of this list and you should really find support
for your syslog daemon or, perhaps, your OS vendor.

Brian

Re: postfix log

2011-11-18 Thread Wietse Venema 
Brian Evans - Postfix List:
> >
> > Hi all
> >
> > Is it possible to have postfix log to be written in database instead
> > of file? If it?s not possible could I copy some information out of log
> > file and then insert them in database?
> 
> As reported to you twice in the past week, Postfix logs to your syslog
> daemon.
> It will basically only send the facility, level and message.
> It does not choose what to do with it.
> 
> Some syslog daemons, such as syslog-ng, can log to a database.
> This is beyond the scope of this list and you should really find support
> for your syslog daemon or, perhaps, your OS vendor.

http://www.rsyslog.com/doc/rsyslog_high_database_rate.html
http://en.gentoo-wiki.com/wiki/Syslog-ng_directly_to_MySQL

And so on. I'd like to hear of setups where the DBMS does not
use more system resources than Postfix itself.

Wietse

Re: postfix log

2011-11-18 Thread jeffrey j donovan 

On Nov 18, 2011, at 8:45 AM, Amira Othman wrote:

> Hi all
> Is it possible to have postfix log to be written in database instead of file? 
> If it’s not possible could I copy some information out of log file and then 
> insert them in database?
>  
> regards

you can cat awk grep sed /var/log/filename to file.db
technically the log file is already in a db format of $1,$2,$3

-j

Re: postfix log

2011-11-18 Thread Leslie León Sinclair 
You can do a python script to parse/split in different lines or 
parameters /var/log/[mail.log | maillog] and insert records into MySQL 
database.


Best regards,
Leslie.

--
/***
*Leslie León Sinclair
*Administrador de Redes
*Facultad de Ingenieria Electrica, CUJAE.
*Calle 114 #11901 e/ Ciclovía y Rotonda
*Marianao 19390, Ciudad de la Habana, Cuba
*Tel: (53 7) 266-3321
*Miembro de GUTL ->   
http://www.ecured.cu/index.php/Grupo_de_Usuarios_de_Tecnolog%C3%ADas_Libres_GUTL
*Another happy Slackware&   Debian GNU/Linux user
*Proud GNU/Linux User #445535 ->   http://counter.li.org/
*Katana yanai, otoko nanda.
/


Participe en Universidad 2012, del 13 al 17 de febrero de 2012.
Habana, Cuba: http://www.congresouniversidad.cu
Consulte la enciclopedia colaborativa cubana. http://www.ecured.cu

Participe en el Segundo Congreso Medio Ambiente Construido y 
Desarrollo Sustentable (MACDES 2011) del 6 al 9 de diciembre de 2011, 
Hotel Nacional, Habana, Cuba: http://macdes.cujae.edu.cu

RE: Postfix log

2019-08-09 Thread Matthew Lowy 
Hi Enrico,

I can't speak for why postscript behaviour has changed, but this is a known 
issue for other applications that hold a file open across time instead of 
opening it to write / closing it after write. Logrotate allows you to put in a 
postrotate / endscript sequence that can be used to make the application do 
whatever is necessary to make it re-open it's log file (or anything else...)  
Any lines between the line containing 'postrotate' and the line containing 
'endscript' will be run after the rotate job has rotated the files. So in 
between you can stop / start postfix or restart postfix or any other action 
that can cause it to re-process it's log file.

For example...
postrotate
service postscript restart
endscript

someone else might know if postscript will handle kill -HUP (kill -1) correctly 
(I'm running an older version of postscript that doesn't exhibit this 
behaviour, it handles the log being switched under it just fine) or you could 
try it out.

ML

-Original Message-
From: owner-postfix-us...@postfix.org  On 
Behalf Of Enrico Morelli
Sent: 09 August 2019 08:33
To: postfix-users@postfix.org
Subject: Postfix log

Dear,

I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12 to 
3.4.5. I'm checking log with multitail in real time and with the new postfix 
version, I've a strange behavior. When the logs rotate, postfix continues to 
write in the old file renamed mail.log.1 instead of the new mail.log. I've to 
restart postfix to solve the problem.

I created a postfix file in logrotate.d, as the following, that worked before 
the update:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log {
weekly
missingok
notifempty
delaycompress
compress
  create 640 root adm
rotate 3650
size 10M
}

Any suggestion?

--
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Re: Postfix log

2019-08-09 Thread Enrico Morelli 
On Fri, 9 Aug 2019 08:18:21 +
Matthew Lowy  wrote:

> Hi Enrico,
> 
> I can't speak for why postscript behaviour has changed, but this is a
> known issue for other applications that hold a file open across time
> instead of opening it to write / closing it after write. Logrotate
> allows you to put in a postrotate / endscript sequence that can be
> used to make the application do whatever is necessary to make it
> re-open it's log file (or anything else...)  Any lines between the
> line containing 'postrotate' and the line containing 'endscript' will
> be run after the rotate job has rotated the files. So in between you
> can stop / start postfix or restart postfix or any other action that
> can cause it to re-process it's log file.
> 
> For example...
> postrotate
> service postscript restart
> endscript
> 
> someone else might know if postscript will handle kill -HUP (kill -1)
> correctly (I'm running an older version of postscript that doesn't
> exhibit this behaviour, it handles the log being switched under it
> just fine) or you could try it out.
> 

Thanks, postscript is not part of the Debian package. I'll try to put:
service postfix restart


> ML
> 
> -Original Message-
> From: owner-postfix-us...@postfix.org
>  On Behalf Of Enrico Morelli Sent:
> 09 August 2019 08:33 To: postfix-users@postfix.org
> Subject: Postfix log
> 
> Dear,
> 
> I upgraded Debian from version 9 to 10 and consequently postfix
> 3.1.12 to 3.4.5. I'm checking log with multitail in real time and
> with the new postfix version, I've a strange behavior. When the logs
> rotate, postfix continues to write in the old file renamed mail.log.1
> instead of the new mail.log. I've to restart postfix to solve the
> problem.
> 
> I created a postfix file in logrotate.d, as the following, that
> worked before the update:
> 
> /var/log/mail.info
> /var/log/mail.warn
> /var/log/mail.err
> /var/log/mail.log {
>   weekly
>   missingok
>   notifempty
>   delaycompress
>   compress
>   create 640 root adm
>   rotate 3650
>   size 10M
> }
> 
> Any suggestion?
> 
> --
> ---
>   Enrico Morelli
>   System Administrator | Programmer | Web Developer
> 
>   CERM - Polo Scientifico
>   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> 



-- 
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Re: Postfix log

2019-08-09 Thread Benny Pedersen 

Enrico Morelli skrev den 2019-08-09 10:45:


Thanks, postscript is not part of the Debian package. I'll try to put:
service postfix restart


this is not working, postfix send logs to syslogd, so restarting postfix 
is not what to do, restart the syslogd will work


please create a bug on debian so it can be resolved, its default 
logrotate problem that does not restart syslogd

Re: Postfix log

2019-08-09 Thread Alexander Wirt 
On Fri, 09 Aug 2019, Benny Pedersen wrote:

Hi,

> > Thanks, postscript is not part of the Debian package. I'll try to put:
> > service postfix restart
> 
> this is not working, postfix send logs to syslogd, so restarting postfix is
> not what to do, restart the syslogd will work
> 
> please create a bug on debian so it can be resolved, its default logrotate
> problem that does not restart syslogd
The default syslogd (rsyslogd) in debian does that:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}

cat /usr/lib/rsyslog/rsyslog-rotate
#!/bin/sh

if [ -d /run/systemd/system ]; then
systemctl kill -s HUP rsyslog.service
else
invoke-rc.d rsyslog rotate > /dev/null
fi

Re: Postfix log

2019-08-09 Thread Enrico Morelli 
On Fri, 9 Aug 2019 11:17:26 +0200
Alexander Wirt  wrote:

> On Fri, 09 Aug 2019, Benny Pedersen wrote:
> 
> Hi,
> 
> > > Thanks, postscript is not part of the Debian package. I'll try to
> > > put: service postfix restart  
> > 
> > this is not working, postfix send logs to syslogd, so restarting
> > postfix is not what to do, restart the syslogd will work
> > 
> > please create a bug on debian so it can be resolved, its default
> > logrotate problem that does not restart syslogd  
> The default syslogd (rsyslogd) in debian does that:
> 
> /var/log/mail.info
> /var/log/mail.warn
> /var/log/mail.err
> /var/log/mail.log
> /var/log/daemon.log
> /var/log/kern.log
> /var/log/auth.log
> /var/log/user.log
> /var/log/lpr.log
> /var/log/cron.log
> /var/log/debug
> /var/log/messages
> {
> rotate 4
> weekly
> missingok
> notifempty
> compress
> delaycompress
> sharedscripts
> postrotate
> /usr/lib/rsyslog/rsyslog-rotate
> endscript
> }
> 
> cat /usr/lib/rsyslog/rsyslog-rotate
> #!/bin/sh
> 
> if [ -d /run/systemd/system ]; then
> systemctl kill -s HUP rsyslog.service
> else
> invoke-rc.d rsyslog rotate > /dev/null
> fi
> 
> 

I'll try to put 

   postrotate
 /usr/lib/rsyslog/rsyslog-rotate
   endscript

in my postfix logrotate script to see if it works.

-- 
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Re: Postfix log

2019-08-09 Thread Matus UHLAR - fantomas 

On 09.08.19 09:32, Enrico Morelli wrote:

I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12
to 3.4.5. I'm checking log with multitail in real time and with the new
postfix version, I've a strange behavior. When the logs rotate, postfix
continues to write in the old file renamed mail.log.1 instead of the
new mail.log. I've to restart postfix to solve the problem.

I created a postfix file in logrotate.d, as the following, that worked
before the update:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log {
weekly
missingok
notifempty
delaycompress
compress
 create 640 root adm
rotate 3650
size 10M
}

Any suggestion?


those files are written by syslog server, and should be rotated in syslog,
not postfix logrotate config file. It's the one that causes syslog to reopen
log files when they are rotated.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges.

Re: Postfix log

2019-08-09 Thread Matus UHLAR - fantomas 

On 09.08.19 11:56, Enrico Morelli wrote:

I'll try to put

  postrotate
/usr/lib/rsyslog/rsyslog-rotate
  endscript

in my postfix logrotate script to see if it works.


don't. Simply look what's in /etc/logrotate.d/*syslog*
it should contain /var/log/mail. files

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.

Re: Postfix log

2019-08-09 Thread Enrico Morelli 
On Fri, 9 Aug 2019 12:11:35 +0200
Matus UHLAR - fantomas  wrote:

> On 09.08.19 11:56, Enrico Morelli wrote:
> >I'll try to put
> >
> >   postrotate
> > /usr/lib/rsyslog/rsyslog-rotate
> >   endscript
> >
> >in my postfix logrotate script to see if it works.  
> 
> don't. Simply look what's in /etc/logrotate.d/*syslog*
> it should contain /var/log/mail. files
> 

Yes, I know. But I've to maintain the log for a long time, so I created
a logrotate script that worked with the previous version of
Debian/Postfix. Now I encounter the problem described in this post.

-- 
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Re: Postfix log warning

2008-08-05 Thread Brian Evans - Postfix List 

Ken Hathaway wrote:


First off I don't think this is a postfix problem. I'm hoping someone 
here has seen something similar and can help me out. Google so far has 
turned up nothing for me. :(


I get this same warning from gmail, yahoo & live. The email goes 
straight the the junk email folder on all of these systems. :( Makes 
me very unhappy.


Log snippet: (74.86.26.64  spellwellinc.com 
 is my server)


Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 
: address not listed for hostname spellwellinc.com 

Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from 
unknown[74.86.26.64 ]
Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: 
client=unknown[74.86.26.64 ]
Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: 
message-id=<[EMAIL PROTECTED] 
 (Spell Well 
Inc. Password Reset)>
Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: 
from=<[EMAIL PROTECTED] >, 
size=1193, nrcpt=1 (queue active)
Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from 
unknown[74.86.26.64 ]
Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: 
to=<[EMAIL PROTECTED] >, 
relay=gmail-smtp-in.l.google.com 
[64.233.185.27 
]:25, delay=1.4, delays=0.11/0.01/0.09/1.2, 
dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904 l43si10712889wrl.17)

Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed

I assume the warning: 27.86.26.64 : address not 
listed message if from the far end. I check DNS and see PTR is there. 
Then check dig -x


Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
Here's a great post by Wietse from the archives to see what Postfix 
sees: http://archives.neohapsis.com/archives/postfix/2001-02/1165.html

This should help you debug a bit more.

If that turns up nothing interesting, someone more knowledgeable than me 
can help further.


I must have something screwed up in DNS but can't find it. I can post 
my zone file if that helps. Anyone out there that can toss me a bone?


I'm only using postfix for outgoing mail. No incoming.

Just in case someone thinks my postconf might help.

root: postconf -n

[...]

mydestination = $myhostname, localhost.$mydomain, localhost

myhostname is default.  Hard to tell what it is from this output.
'postconf -d myhostname' may help you know what postfix is using.


smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks


This line is useless as everything permits (implied permit at the end).

Brian

Re: Postfix log warning

2008-08-05 Thread Ken Hathaway 
Thanks Brian! You got me going in the right direction.

I probably should have mentioned that this running in a FreeBSD jail.

I read the archive reference you gave and pulled and compiled gethostbyaddr
& gethostbyname. I haven't used c in long time so I was pretty impressed
with myself getting these to compile. ;) So here is what I got.

SWI.spellwellinc.com:~
kenhat: ./gethostbyaddr 74.86.26.64
host 74.86.26.64 not found
SWI.spellwellinc.com:~
kenhat: ./gethostbyname swi.spellwellinc.com
Hostname:swi.spellwellinc.com
Aliases:
Addresses:74.86.26.64
SWI.spellwellinc.com:~
kenhat:

I copied these programs to my master server (not a jail) and get the same
results.

While I'm further along with my debugging I'm still not sure how to fix it.
Any help appreciated...

Also would this cause the assorted email ISP out there to classify my email
as junk? Is postfix passing on the warning message to the far end smtp? That
doesn't seem right.

Anyway thanks for the help

ken



So if I'm reading this right the warning message is coming from postfix.

On Tue, Aug 5, 2008 at 1:12 PM, Brian Evans - Postfix List <
[EMAIL PROTECTED]> wrote:

> Ken Hathaway wrote:
>
>>
>> First off I don't think this is a postfix problem. I'm hoping someone here
>> has seen something similar and can help me out. Google so far has turned up
>> nothing for me. :(
>>
>> I get this same warning from gmail, yahoo & live. The email goes straight
>> the the junk email folder on all of these systems. :( Makes me very unhappy.
>>
>> Log snippet: (74.86.26.64  spellwellinc.com <
>> http://spellwellinc.com> is my server)
>>
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 <
>> http://74.86.26.64>: address not listed for hostname spellwellinc.com <
>> http://spellwellinc.com>
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[
>> 74.86.26.64 ]
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
>> 74.86.26.64 ]
>> Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=<
>> [EMAIL PROTECTED] > [EMAIL PROTECTED]> (Spell Well Inc.
>> Password Reset)>
>> Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=<
>> [EMAIL PROTECTED] >, size=1193,
>> nrcpt=1 (queue active)
>> Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
>> 74.86.26.64 ]
>> Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=<
>> [EMAIL PROTECTED] >, relay=
>> gmail-smtp-in.l.google.com [
>> 64.233.185.27 ]:25, delay=1.4,
>> delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
>> l43si10712889wrl.17)
>> Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed
>>
>> I assume the warning: 27.86.26.64 : address not
>> listed message if from the far end. I check DNS and see PTR is there. Then
>> check dig -x
>>
>
> Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
> Here's a great post by Wietse from the archives to see what Postfix sees:
> http://archives.neohapsis.com/archives/postfix/2001-02/1165.html
> This should help you debug a bit more.
>
> If that turns up nothing interesting, someone more knowledgeable than me
> can help further.
>
>  I must have something screwed up in DNS but can't find it. I can post my
>> zone file if that helps. Anyone out there that can toss me a bone?
>>
>> I'm only using postfix for outgoing mail. No incoming.
>>
>> Just in case someone thinks my postconf might help.
>>
>> root: postconf -n
>>
> [...]
>
>> mydestination = $myhostname, localhost.$mydomain, localhost
>>
> myhostname is default.  Hard to tell what it is from this output.
> 'postconf -d myhostname' may help you know what postfix is using.
>
>  smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
>>
>
> This line is useless as everything permits (implied permit at the end).
>
> Brian
>

Re: Postfix log warning

2008-08-05 Thread Ken Hathaway 
Doh! forgot to include this

kenhat: postconf -d myhostname
myhostname = swi.spellwellinc.com
SWI.spellwellinc.com:~


On Tue, Aug 5, 2008 at 6:01 PM, Ken Hathaway <[EMAIL PROTECTED]
> wrote:

> Thanks Brian! You got me going in the right direction.
>
> I probably should have mentioned that this running in a FreeBSD jail.
>
> I read the archive reference you gave and pulled and compiled gethostbyaddr
> & gethostbyname. I haven't used c in long time so I was pretty impressed
> with myself getting these to compile. ;) So here is what I got.
>
> SWI.spellwellinc.com:~
> kenhat: ./gethostbyaddr 74.86.26.64
> host 74.86.26.64 not found
> SWI.spellwellinc.com:~
> kenhat: ./gethostbyname swi.spellwellinc.com
> Hostname:swi.spellwellinc.com
> Aliases:
> Addresses:74.86.26.64
> SWI.spellwellinc.com:~
> kenhat:
>
> I copied these programs to my master server (not a jail) and get the same
> results.
>
> While I'm further along with my debugging I'm still not sure how to fix it.
> Any help appreciated...
>
> Also would this cause the assorted email ISP out there to classify my email
> as junk? Is postfix passing on the warning message to the far end smtp? That
> doesn't seem right.
>
> Anyway thanks for the help
>
> ken
>
>
>
> So if I'm reading this right the warning message is coming from postfix.
>
>
> On Tue, Aug 5, 2008 at 1:12 PM, Brian Evans - Postfix List <
> [EMAIL PROTECTED]> wrote:
>
>> Ken Hathaway wrote:
>>
>>>
>>> First off I don't think this is a postfix problem. I'm hoping someone
>>> here has seen something similar and can help me out. Google so far has
>>> turned up nothing for me. :(
>>>
>>> I get this same warning from gmail, yahoo & live. The email goes straight
>>> the the junk email folder on all of these systems. :( Makes me very unhappy.
>>>
>>> Log snippet: (74.86.26.64  spellwellinc.com <
>>> http://spellwellinc.com> is my server)
>>>
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: warning: 74.86.26.64 <
>>> http://74.86.26.64>: address not listed for hostname spellwellinc.com <
>>> http://spellwellinc.com>
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: connect from unknown[
>>> 74.86.26.64 ]
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: 03377BDCC2: client=unknown[
>>> 74.86.26.64 ]
>>> Aug  4 16:55:03 swi postfix/cleanup[23278]: 03377BDCC2: message-id=<
>>> [EMAIL PROTECTED] >> [EMAIL PROTECTED]> (Spell Well Inc.
>>> Password Reset)>
>>> Aug  4 16:55:03 swi postfix/qmgr[66310]: 03377BDCC2: from=<
>>> [EMAIL PROTECTED] >, size=1193,
>>> nrcpt=1 (queue active)
>>> Aug  4 16:55:03 swi postfix/smtpd[23275]: disconnect from unknown[
>>> 74.86.26.64 ]
>>> Aug  4 16:55:04 swi postfix/smtp[23279]: 03377BDCC2: to=<
>>> [EMAIL PROTECTED] >, relay=
>>> gmail-smtp-in.l.google.com [
>>> 64.233.185.27 ]:25, delay=1.4,
>>> delays=0.11/0.01/0.09/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1217868904
>>> l43si10712889wrl.17)
>>> Aug  4 16:55:04 swi postfix/qmgr[66310]: 03377BDCC2: removed
>>>
>>> I assume the warning: 27.86.26.64 : address not
>>> listed message if from the far end. I check DNS and see PTR is there. Then
>>> check dig -x
>>>
>>
>> Postfix smtpd uses gethostbyaddr() and gethostbyname() system libraries.
>> Here's a great post by Wietse from the archives to see what Postfix sees:
>> http://archives.neohapsis.com/archives/postfix/2001-02/1165.html
>> This should help you debug a bit more.
>>
>> If that turns up nothing interesting, someone more knowledgeable than me
>> can help further.
>>
>>  I must have something screwed up in DNS but can't find it. I can post my
>>> zone file if that helps. Anyone out there that can toss me a bone?
>>>
>>> I'm only using postfix for outgoing mail. No incoming.
>>>
>>> Just in case someone thinks my postconf might help.
>>>
>>> root: postconf -n
>>>
>> [...]
>>
>>> mydestination = $myhostname, localhost.$mydomain, localhost
>>>
>> myhostname is default.  Hard to tell what it is from this output.
>> 'postconf -d myhostname' may help you know what postfix is using.
>>
>>  smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
>>>
>>
>> This line is useless as everything permits (implied permit at the end).
>>
>> Brian
>>
>
>

Re: postfix log format

2009-04-07 Thread Wietse Venema 
jittinan suwanrueangsri:
> Hi everybody
> 
> Are there any postfix log format documents so I can understand meaning of
> each column in raw log ?

Postfix logging is not yet documented - it is one of those ancient
pieces of version "zero" code that was meant to be replaced by real
code that is properly configurable.

By now it is time to start thinking of postfix-lite.

Wietse

Re: postfix log format

2009-04-08 Thread Magnus Bäck 
On Wed, April 8, 2009 12:14 pm, jittinan suwanrueangsri said:

> I want to know message size of an email which was send through postfix.A
> part of raw log is shown as below
>
> Apr  8 14:22:02 MailSecure03 postfix/smtpd[32388]: BA1CE38965: client=
> mail.example.com[x.x.x.x]
> Apr  8 14:22:03 MailSecure03 postfix/cleanup[32070]: BA1CE38965:
> message-id=<49dc4d9a.6020...@example.com>
> Apr  8 14:22:03 MailSecure03 postfix/qmgr[19685]: BA1CE38965: from=<
> mailt...@example.com>, size=1087, nrcpt=2 (queue active)

[...]

> Apr  8 14:22:04 MailSecure03 postfix/qmgr[19685]: 62D8438973: from=<
> mailt...@example.com>, size=1636, nrcpt=2 (queue active)

[...]

> 1.Does the word size mean size of email message ?

Yes.

> 2.Size is not specified unit ,Does it mean Byte ?

Yes.

> 3.I found 2 rows which show size but which row is actual size of a
> message?
> (1087,1636)

The first size is before the content filter and the second size is after
the content filter. An SMTP content filter will add two Received: headers
plus any headers the content filter itself adds, so a size increase of 450
bytes is reasonable.

Please do not top-post.

-- 
Magnus Bäck
mag...@dsek.lth.se

Re: postfix log format

2009-04-08 Thread kj 

Wietse Venema wrote:

Postfix logging is not yet documented - it is one of those ancient
pieces of version "zero" code that was meant to be replaced by real
code that is properly configurable.
  

If it's not broken, don't fix it. :)

Working with qmail all day, I really appreciate the postfix log format.

--kj

Re: postfix log format

2009-04-08 Thread jittinan suwanrueangsri 
Hi All

I want to know message size of an email which was send through postfix.A
part of raw log is shown as below

Apr  8 14:22:02 MailSecure03 postfix/smtpd[32388]: BA1CE38965: client=
mail.example.com[x.x.x.x]
Apr  8 14:22:03 MailSecure03 postfix/cleanup[32070]: BA1CE38965:
message-id=<49dc4d9a.6020...@example.com>
Apr  8 14:22:03 MailSecure03 postfix/qmgr[19685]: BA1CE38965: from=<
mailt...@example.com>, size=1087, nrcpt=2 (queue active)
Apr  8 14:22:04 MailSecure03 postfix/smtp[32608]: BA1CE38965: to=<
us...@test.com>, relay=127.0.0.1[127.0.0.1]:10025, delay=1.7,
delays=1/0/0/0.68, dsn=2.0.0, status=sent (250 OK, sent 49DC509B_360_15637_1
62D8438973)
Apr  8 14:22:04 MailSecure03 postfix/smtp[32608]: BA1CE38965: to=<
us...@test.com>, relay=127.0.0.1[127.0.0.1]:10025, delay=1.7,
delays=1/0/0/0.68, dsn=2.0.0, status=sent (250 OK, sent 49DC509B_360_15637_1
62D8438973)
Apr  8 14:22:04 MailSecure03 postfix/qmgr[19685]: BA1CE38965: removed
Apr  8 14:22:04 MailSecure03 postfix/smtpd[32589]: 62D8438973:
client=localhost.localdomain[127.0.0.1]
Apr  8 14:22:04 MailSecure03 postfix/cleanup[32080]: 62D8438973:
message-id=<49dc4d9a.6020...@example.com>
Apr  8 14:22:04 MailSecure03 postfix/qmgr[19685]: 62D8438973: from=<
mailt...@example.com>, size=1636, nrcpt=2 (queue active)
Apr  8 14:22:04 MailSecure03 postfix/smtp[32417]: 62D8438973: to=<
us...@test.com>, relay=y.y.y.y[y.y.y.y]:25, delay=0.19,
delays=0.04/0/0.04/0.1, dsn=2.6.0, status=sent (250 2.6.0  <
49dc4d9a.6020...@example.com> Queued mail for delivery)
Apr  8 14:22:04 MailSecure03 postfix/smtp[32417]: 62D8438973: to=<
us...@test.com>, relay=y.y.y.y[y.y.y.y]:25, delay=0.19,
delays=0.04/0/0.04/0.1, dsn=2.6.0, status=sent (250 2.6.0  <
49dc4d9a.6020...@example.com> Queued mail for delivery)
Apr  8 14:22:04 MailSecure03 postfix/qmgr[19685]: 62D8438973: removed

1.Does the word size mean size of email message ?
2.Size is not specified unit ,Does it mean Byte ?
3.I found 2 rows which show size but which row is actual size of a message?
(1087,1636)

Jittinan Suwanrueangsri


2009/4/7 Wietse Venema 

> jittinan suwanrueangsri:
> > Hi everybody
> >
> > Are there any postfix log format documents so I can understand meaning of
> > each column in raw log ?
>
> Postfix logging is not yet documented - it is one of those ancient
> pieces of version "zero" code that was meant to be replaced by real
> code that is properly configurable.
>
> By now it is time to start thinking of postfix-lite.
>
>Wietse
>

Re: Postfix Log Analysis options

2008-09-23 Thread Sahil Tandon 
James Robertson <[EMAIL PROTECTED]> wrote:

> We use postfix as a relay and Antispam filter in front of an Exchange 
> Server.
>
> Management want to log the sender and recipient of emails both inbound and 
> outbound and the totals for a given period e.g. 24 hours and have it easily 
> viewable in a web browser etc.
>
> They don't require what the email contents just the levels so they can see 
> whether any employees are spending to much time emailing friends with 
> non-work related email etc.
>
> I have looked at pflogsum and awstats but it doesn't really provide the 
> details I'm looking for (unless I missed some of the config).
>
> I would need something like.
>
> DateSenderRecipentemail count
> 23/09/2008[EMAIL PROTECTED][EMAIL PROTECTED]20

Look into postfix-logwatch and then write your own script that uses that
and others as inspiration.  And next time please don't hi-jack an
unrelated thread. :-)

-- 
Sahil Tandon <[EMAIL PROTECTED]>

Re: Postfix Log Analysis options

2008-09-24 Thread mouss 

James Robertson wrote:
We use postfix as a relay and Antispam filter in front of an Exchange 
Server.




Please do not hijack unrelated threads. compose a _new_ mail instead of 
replying to an unrelated one.


Management want to log the sender and recipient of emails both inbound 
and outbound and the totals for a given period e.g. 24 hours and have it 
easily viewable in a web browser etc.


They don't require what the email contents just the levels so they can 
see whether any employees are spending to much time emailing friends 
with non-work related email etc.



This is really a social problem. The first thing is to create a clear 
and simple policy that is accepted/acknowledged by users. if in addition 
you tell users that their mail is watched, this should discourage them 
and you won't need to watch (as Nimzowitsch said: the threat is often 
stronger than the execution. This was about chess, but it's true in 
other areas).


otherwise, users can create accounts at yahoo/gmail/... and your postfix 
logs won't help you. or they can just surf the web!



anyway, if you use amavisd-new, then just grep its logs. otherwise, you 
need to aggregate multiple lines (lines that contain from= and lines 
that contain to=. use the QueueID to correlate these). but if you are 
using a content_filter, make sure not to count each transaction more 
than once.





I have looked at pflogsum and awstats but it doesn't really provide the 
details I'm looking for (unless I missed some of the config).


I would need something like.

DateSenderRecipentemail count
23/09/2008[EMAIL PROTECTED][EMAIL PROTECTED]20

Re: Postfix log file question

2012-05-22 Thread Ralf Hildebrandt 
* Henry Stryker :
> 
> This is certainly not of critical importance, but my curiosity makes me
> wonder:
> 
> May 20 12:28:40 <2.6> hyperion postfix/smtpd[22436]:
> 
> 
> What does the "<2.6>" signify in every Postfix log line entry?

Dunno. That's probably a function of your syslog daemon

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Postfix log file question

2012-05-22 Thread Chris Robinson 

On 22/05/2012 15:29, Henry Stryker wrote:

This is certainly not of critical importance, but my curiosity makes me
wonder:

May 20 12:28:40<2.6>  hyperion postfix/smtpd[22436]:


What does the "<2.6>" signify in every Postfix log line entry?

I am running postfix-current on FreeBSD 8.3
mail_version = 2.10-20120423

!DSPAM:4fbb94d5193091048919757!



I'd guess it's the Linux version no, since that's where the server name 
normally goes. Try uname -a.


Chris Robinson

Re: Postfix log file question

2012-05-22 Thread Henry Stryker 


On 5/22/12 6:31 AM, Ralf Hildebrandt wrote:
>> What does the "<2.6>" signify in every Postfix log line entry?
> 
> Dunno. That's probably a function of your syslog daemon

Very good, and thanks for the quick answer.  I was able to learn from
/usr/include/sys/syslog.h that this maps to a facility/priority code.

2 = mail
6 = informational

Re: Postfix log file question

2012-05-22 Thread Ralf Hildebrandt 
* Henry Stryker :

> Very good, and thanks for the quick answer.  I was able to learn from
> /usr/include/sys/syslog.h that this maps to a facility/priority code.
> 
> 2 = mail
> 6 = informational

Ah, interesting. Wouldn't have been able to guess this :)

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: postfix log in mysql

2017-08-27 Thread Christian Kivalo 


Am 28. August 2017 05:51:10 MESZ schrieb Kev :
>Hi postfixers,
>
>We have spam filter servers for our down, 5 of them to be exact. we use
>amavisd, bitdefender & clamav for spam and virus filter. 
>
>we have a self help portal done in php/mysql for users to manage
>whitelist/blacklist etc, now i want to allow users to check there email
>logs to they can find if any wanted email is blocked,
>
>so the question is, how can i log postfix to a mysql db where i can
>write
>an interface for users to search for email and see what did the
>blocking, such as rbl, amavis etc ? 
>
>ive seen some solutions to use syslog in to mysql but i was thinking
>something much simpler where i will still have logs in place even if
>mysql fails.
Most syslog daemons can write to more than one output stream so besides 
absorbing your logs with mysql additionally you could keep logging to file and 
have your logs as normal. 
>rgds

-- 
Christian Kivalo

Re: postfix log in mysql

2017-08-28 Thread James Reynolds 
You might want to look into something like the Logstash 
(https://www.elastic.co/products/logstash).  

James

> On Aug 27, 2017, at 9:51 PM, Kev  wrote:
> 
> Hi postfixers,
> 
> We have spam filter servers for our down, 5 of them to be exact. we use
> amavisd, bitdefender & clamav for spam and virus filter. 
> 
> we have a self help portal done in php/mysql for users to manage
> whitelist/blacklist etc, now i want to allow users to check there email
> logs to they can find if any wanted email is blocked,
> 
> so the question is, how can i log postfix to a mysql db where i can write
> an interface for users to search for email and see what did the
> blocking, such as rbl, amavis etc ? 
> 
> ive seen some solutions to use syslog in to mysql but i was thinking
> something much simpler where i will still have logs in place even if
> mysql fails.
> 
> rgds
> 
>

Re: postfix log in mysql

2017-08-29 Thread joao reis 

I save correlated logs from postfix (and milter daemons) in mongodb.

https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-mongodb.html
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-pattern-databases.html

In one registry I can get all information about delivery that I need and 
nothing more:


{
"_id" : ObjectId("5991fbb0c2544d511c3a5290"),
"TO" : "xxx...@domain.com",
"SUBJECT" : 
"KEdSVVBPIE1QRSkgQXJxdWl2byBkZSBSZW1lc3NhIGRvIGRpYTogMTAvMDgvMjAxNw==",

"STATUS_AT" : ISODate("2017-08-14T19:36:16.000Z"),
"STATUS" : "sent",
"SIZE" : 2918,
"SERVER" : "submitter31.zyx.net",
"SASLAUTH" : "a...@o62.xyz.net",
"RETURNPATH" : "sup...@xyz.com",
"RELAY_IP" : "168.0.0.0",
"RELAY_HOST" : "relay..com.br",
"REASON" : "(250 OK id=1dhLEB-03037zm-MD)",
"QUEUEID_CUST" : "None",
"QUEUEID" : "024D781B27AC",
"FROM" : "sup...@xyz.com",
"DSN" : "2.0.0",
"DELAY" : "8.6",
"CLIENTIP" : "177.7.7.7",
"BEGIN_AT" : ISODate("2017-08-14T19:36:08.000Z")
}

much cleaner and simpler than logstash, either rsyslog and syslog-ng 
clients connect to the log server without any other external software 
and it is working very well.


Joao Reis.


On 08/29/2017 05:51 AM, Kev wrote:

You might want to look into something like the Logstash 
(https://www.elastic.co/products/logstash).

looks promising! thanks you!

On Mon, 28 Aug 2017 10:11:14 -0600
James Reynolds  wrote:


You might want to look into something like the Logstash 
(https://www.elastic.co/products/logstash).

James


On Aug 27, 2017, at 9:51 PM, Kev  wrote:

Hi postfixers,

We have spam filter servers for our down, 5 of them to be exact. we use
amavisd, bitdefender & clamav for spam and virus filter.

we have a self help portal done in php/mysql for users to manage
whitelist/blacklist etc, now i want to allow users to check there email
logs to they can find if any wanted email is blocked,

so the question is, how can i log postfix to a mysql db where i can write
an interface for users to search for email and see what did the
blocking, such as rbl, amavis etc ?

ive seen some solutions to use syslog in to mysql but i was thinking
something much simpler where i will still have logs in place even if
mysql fails.

rgds