Hello all and Happy New Year!
Is there some documentation for the list of tags, their meanings, and the format for the value after '=' for the 'disconnect from' log lines? For example: | disconnect from XXXXX[IP] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 I believe auth=0/1 indicates that auth was attempted once and never succeeded? | disconnect from XXXXX[IP] ehlo=1 starttls=0/1 commands=1/2 This means starttls was attempted once and failed? | disconnect from XXXXX[IP] unknown=0/2 commands=0/2 'unknown'? unknown command was attempted twice and failed both times? | disconnect from XXXXX[IP] ehlo=1 quit=1 commands=2 Issued just 'ehlo' and then 'quit', no attempt to deliver an email message? Is there a relatively simple regex I can use to categorize these connection terminations as - error, i.e. connection reset, various other protocol errors - failure, due to config settings etc, ideally with a smallish number of sub categories for the reason - success, ideally distinguishing actually delivered an email from just connected, did some stuff, and then quit without doing anything useful I was also going to ask how to distinguish port 25 vs submission in the logs but looks like I should be able to use syslog_name for that.. though changing this may require adjustments to fail2ban config. thank you, Greg _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
