>> not every time. Actually this line is missing just in cases the spam >> is sent. :) How's that possible? Any ideas how can I get the IP >> address of the sender in such case? > > From the SMTP server's PROCESS ID field in the logfile. I've investigated this and I haven't found any connection between smtp process and smtpd process which usually logs the 'client=' line. I'm pasting sample lines. See lines 197 and 199. That's all I have about the C74FC6A60A0 queue id :/ The common format is pasted below for the non spam message - there is everything I need.
... 195 Jul 23 07:00:32 server_name postfix/local[30842]: AFA756A60A3: to=<us...@server_name.another_server.cz>, relay=local, delay=0.24, delays=0.22/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") 196 Jul 23 07:00:32 server_name postfix/qmgr[2580]: AFA756A60A3: removed 197 Jul 23 07:01:23 server_name postfix/qmgr[2580]: C74FC6A60A0: from=<probably_spam...@server_name.another_server.cz>, size=3518, nrcpt=1 (queue active) 198 Jul 23 07:01:23 server_name postfix/smtp[30845]: connect to mycroft.junyks.cz[82.119.243.12]:25: Connection refused 199 Jul 23 07:01:23 server_name postfix/smtp[30845]: C74FC6A60A0: to=<us...@another_server.cz>, relay=none, delay=160062, delays=160062/0.01/0.01/0, dsn=4.4.1, status=deferred (connect to mycroft.junyks.cz[82.119.243.12]:25: Connection refused) 200 Jul 23 07:03:09 server_name postfix/smtpd[30847]: connect from unknown[100.100.100.100] 201 Jul 23 07:03:09 server_name postfix/smtpd[30847]: NOQUEUE: reject: RCPT from unknown[100.100.100.100]: 550 5.1.1 <inocencioi...@server_name.another_server.cz>: Recipient address rejected: User unknown in local recipient table; from=<inocencioi...@server_name.another_server.cz> to=<inocencioi...@server_name.another_server.cz> proto=ESMTP helo=<[100.100.100.100]> 202 Jul 23 07:03:09 server_name postfix/smtpd[30847]: disconnect from unknown[100.100.100.100] 203 Jul 23 07:03:19 server_name postfix/smtpd[30847]: connect from ppp-58-9-96-3.revip2.asianet.co.th[58.9.96.3] 204 Jul 23 07:03:20 server_name postfix/smtpd[30847]: NOQUEUE: reject: RCPT from ppp-58-9-96-3.revip2.asianet.co.th[58.9.96.3]: 550 5.1.1 <us...@srv.another_server.cz>: Recipient address rejected: User unknown in local recipient table; from=<sen...@yandex.ru> to=<us...@srv.another_server.cz> proto=SMTP helo=<ppp-58-9-96-3.revip2.asianet.co.th> ... ... 65827 Jul 28 09:48:27 server_name postfix/smtpd[20964]: disconnect from unknown[100.100.100.100]^M 65828 Jul 28 09:48:42 server_name postfix/smtpd[20964]: connect from unknown[111.111.111.111]^M 65829 Jul 28 09:48:44 server_name postfix/smtpd[20964]: 50F926A60A0: client=unknown[111.111.111.111]^M 65830 Jul 28 09:48:45 server_name postfix/cleanup[20970]: 50F926A60A0: message-id=<4054ysm.61391517d.1721248700006blsopfhpnnideop...@219.64.114.86.chn.bb-static.vsnl.net.in>^M 65831 Jul 28 09:48:47 server_name postfix/qmgr[2580]: 50F926A60A0: from=<nice_u...@server_name.server.cz>, size=9986, nrcpt=1 (queue active)^M 65832 Jul 28 09:48:47 server_name postfix/local[20972]: 50F926A60A0: to=<nice_u...@server_name.server.cz>, relay=local, delay=3.7, delays=3.7/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")^M 65833 Jul 28 09:48:47 server_name postfix/qmgr[2580]: 50F926A60A0: removed^M 65834 Jul 28 09:48:48 server_name postfix/smtpd[20964]: disconnect from unknown[111.111.111.111]^M ...
