Hello,
When processing logs I have noticed that some queue IDs get reported by
smtpd when DATA phase starts, but when connection is lost, those IDs aren't
reported as lost.
Example:
Sep 2 16:51:11 mail postfix/smtps/smtpd[3697]: connect from
a.b.t-com.sk[178.41.x.y]
Sep 2 16:51:11 mail postfix/smtps/smtpd[3697]: 4WyBXH6Dp7z6C7g:
client=a.b.t-com.sk[178.41.x.y], sasl_method=LOGIN, sasl_username=redacted1
Sep 2 16:51:11 mail postfwd2/policy[7072]: [RULES] rule=23, id=GLOBAL-RATE-02,
queue=4WyBXH6Dp7z6C7g, client=a.b.t-com.sk[178.41.x.y], user=redacted1,
sender=<redact...@example.com>, recipient=<redact...@example.com>,
helo=<redacted3>, proto=ESMTP, state=DATA, rate=rate/D/0.00s, delay=0.01s,
hits=GLOBAL-RATE-01;GLOBAL-RATE-02, action=WARN GLOBAL rate limit of C messages in 1 hour
exceeded [D hits]
Sep 2 16:51:11 mail postfix/smtps/smtpd[3697]: 4WyBXH6Dp7z6C7g: warn: DATA from
a.b.t-com.sk[178.41.x.y]: GLOBAL rate limit of C messages in 1 hour exceeded [D hits];
from=<redact...@example.com> to=<redact...@example.com> proto=ESMTP
helo=<redacted3>
Sep 2 16:51:15 mail postfix/smtps/smtpd[3697]: lost connection after DATA (6
bytes) from a.b.t-com.sk[178.41.x.y]
Could the last message "lost connection" report the queue id, so log parser
would drop that queue id?
...I guess this is kind of problematic AV software on client's side, but I
noticed more such cases
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
