[pfx] Re: smtpd reports no queueid in lost connection log

Tue, 05 Nov 2024 03:19:51 -0800 

Matus UHLAR - fantomas via Postfix-users:

When processing logs I have noticed that some queue IDs get reported by
smtpd when DATA phase starts, but when connection is lost, those IDs aren't
reported as lost.

Example:

Sep  2 16:51:11 mail postfix/smtps/smtpd[3697]: connect from 
a.b.t-com.sk[178.41.x.y]
Sep  2 16:51:11 mail postfix/smtps/smtpd[3697]: 4WyBXH6Dp7z6C7g: 
client=a.b.t-com.sk[178.41.x.y], sasl_method=LOGIN, sasl_username=redacted1
Sep  2 16:51:11 mail postfwd2/policy[7072]: [RULES] rule=23, id=GLOBAL-RATE-02, 
queue=4WyBXH6Dp7z6C7g, client=a.b.t-com.sk[178.41.x.y], user=redacted1, 
sender=<redact...@example.com>, recipient=<redact...@example.com>, 
helo=<redacted3>, proto=ESMTP, state=DATA, rate=rate/D/0.00s, delay=0.01s, 
hits=GLOBAL-RATE-01;GLOBAL-RATE-02, action=WARN GLOBAL rate limit of C messages in 1 hour 
exceeded [D hits]
Sep  2 16:51:11 mail postfix/smtps/smtpd[3697]: 4WyBXH6Dp7z6C7g: warn: DATA from 
a.b.t-com.sk[178.41.x.y]: GLOBAL rate limit of C messages in 1 hour exceeded [D hits]; 
from=<redact...@example.com> to=<redact...@example.com> proto=ESMTP 
helo=<redacted3>
Sep  2 16:51:15 mail postfix/smtps/smtpd[3697]: lost connection after DATA (6 
bytes) from a.b.t-com.sk[178.41.x.y]


Could the last message "lost connection" report the queue id, so log parser
would drop that queue id?


On 04.11.24 11:55, Wietse Venema via Postfix-users wrote:

No, but I do have a different suggestion.

The queue ID is generated by the cleanup server. That server could
log that a transaction is aborted. That would also signal an aborted
transaction from non-SMTP sources such as the pickup daemon, or
when smtpd process aborts in the middle of a transaction after some
fatal or panic error condition.
This is good idea as well (maybe even better) but knowinf the queue ID in the "lost connection" log makes it easier to debug problem with failing connections. 

I guess you don't want to change format of existing log messages.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to