Greg Klanderman via Postfix-users: > > Hello all and Happy New Year! > > Is there some documentation for the list of tags, their meanings, and > the format for the value after '=' for the 'disconnect from' log > lines?
This was described in RELEASE_NOTES-3.0, but not in the manpages or README files. I suppose it could go into the smtpd manpage? You can find a copy of the text here: https://mirror.reverse.net/pub/postfix-release/official/postfix-3.0.0.RELEASE_NOTES Look under "session fingerprint". It has many examples. The order of commands shown in the logging may be different from the order in which the client sent commands, but it is rarely a problem. Wietse > For example: > > | disconnect from XXXXX[IP] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 > > I believe auth=0/1 indicates that auth was attempted once and never > succeeded? > > | disconnect from XXXXX[IP] ehlo=1 starttls=0/1 commands=1/2 > > This means starttls was attempted once and failed? > > | disconnect from XXXXX[IP] unknown=0/2 commands=0/2 > > 'unknown'? unknown command was attempted twice and failed both times? > > | disconnect from XXXXX[IP] ehlo=1 quit=1 commands=2 > > Issued just 'ehlo' and then 'quit', no attempt to deliver an email > message? > > > Is there a relatively simple regex I can use to categorize these > connection terminations as > > - error, i.e. connection reset, various other protocol errors > - failure, due to config settings etc, ideally with a smallish number > of sub categories for the reason > - success, ideally distinguishing actually delivered an email from > just connected, did some stuff, and then quit without doing anything > useful > > I was also going to ask how to distinguish port 25 vs submission in > the logs but looks like I should be able to use syslog_name for that.. > though changing this may require adjustments to fail2ban config. > > thank you, > Greg > _______________________________________________ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
