On Feb 25, 2014, at 9:50 AM, Noel Jones wrote:
> On 2/25/2014 4:44 AM, Eivind Olsen wrote:
>> Hello (or should that be EHLO? :))
>>
>> It has been a while since I've had a need to change my Postfix
>> configuration, so I'm a bit rusty. I have searched, checked the
>> configuration, etc. No luck yet.
>>
>> Is it possible to get Postfix to log the hostname presented to it during
>> HELO/EHLO? Any configuration setting I've missed? Or will I have to change
>> the sourcecode for this?
>
>
> If you don't want to patch the source, an easy workaround is to add
> to your header_checks file:
> /^From: / WARN
> which will log some information including the helo. This works with
> any version of postfix.
>
>
>
> If you don't mind a little patch, here's a simple patch I've used
> for years to log the HELO hostname. This will apply to postfix 2.8
> and newer.
That is so qmail-esque (in a good way, seriously). I really like
the idea of logging the helo from a data analysis perspective.
I wonder if you could do this with a simple policy server? IIRC,
the helo is one of the bits of data passed to the policy server, and
logging the IP, to/from, helo and a few other things seems like it
would be pretty simple. And just return an OK. Of course it would
be a totally separate log file, but you'd have the data and you
wouldn't have to alter the postfix source.
Also a quick question on the patch below - if you're running
postscreen, and it has decided a sending host is "bad", will the
connection ever hit the real smtpd daemon and be logged?
Thanks,
Charles
ps - I lurk here and just wanted to say "thanks" to all for postfix
and the list denizens. I just started work on putting an old
qmail/vpopmail setup behind postfix and I'm just consistently blown
away by the flexibility of postfix - it's hard to find an unsolvable
problem.
>
> Sample log entry:
> Feb 25 08:40:39 mx1 postfix/smtpd[30241]: NOQUEUE:
> client=mail.example.com[192.2.0.2], helo=mail.example.com
>
> Note the modified log entry may break some log parsers, but is
> compatible with pflogsumm.pl and postfix-logwatch.
>
>
> (beware line wrapping)
>
> --- /usr/local/src/postfix-2.8-20100728/src/smtpd/smtpd.c Mon
> Jul 26 18:39:39 2010
> +++ src/smtpd/smtpd.c Tue Aug 10 16:42:36 2010
> @@ -1916,13 +1916,16 @@
> #define PRINT2_OR_NULL(cond, name, value) \
> PRINT_OR_NULL((cond), (name)), PRINT_OR_NULL((cond),
> (value))
>
> - msg_info("%s: client=%s%s%s%s%s",
> + msg_info("%s: client=%s%s%s%s%s%s%s%s%s",
> (state->queue_id ? state->queue_id : "NOQUEUE"),
> state->namaddr,
> PRINT2_OR_NULL(HAVE_FORWARDED_IDENT(state),
> ", orig_queue_id=",
> FORWARD_IDENT(state)),
> PRINT2_OR_NULL(HAVE_FORWARDED_CLIENT_ATTR(state),
> - ", orig_client=",
> FORWARD_NAMADDR(state)));
> + ", orig_client=",
> FORWARD_NAMADDR(state)),
> + ", helo=", state->helo_name ? state->helo_name : "",
> + PRINT2_OR_NULL(HAVE_FORWARDED_CLIENT_ATTR(state),
> + ", orig_helo=", FORWARD_HELO(state)
> ? FORWARD_HELO(state) : ""));
> return (0);
> }
>
> --- /usr/local/src/postfix-2.8-20100728/src/smtpd/smtpd_sasl_proto.c
> Mon Jul 26 18:40:14 2010
> +++ src/smtpd/smtpd_sasl_proto.c Tue Aug 10 17:56:42 2010
> @@ -243,7 +243,7 @@
> #define PRINT2_OR_NULL(cond, name, value) \
> PRINT_OR_NULL((cond), (name)), PRINT_OR_NULL((cond),
> (value))
>
> - msg_info("%s: client=%s%s%s%s%s%s%s%s%s%s%s",
> + msg_info("%s: client=%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
> (state->queue_id ? state->queue_id : "NOQUEUE"),
> state->namaddr,
> PRINT2_OR_NULL(state->sasl_method,
> @@ -255,7 +255,10 @@
> PRINT2_OR_NULL(HAVE_FORWARDED_IDENT(state),
> ", orig_queue_id=", FORWARD_IDENT(state)),
> PRINT2_OR_NULL(HAVE_FORWARDED_CLIENT_ATTR(state),
> - ", orig_client=", FORWARD_NAMADDR(state)));
> + ", orig_client=", FORWARD_NAMADDR(state)),
> + ", helo=", state->helo_name ? state->helo_name : "",
> + PRINT2_OR_NULL(HAVE_FORWARDED_CLIENT_ATTR(state),
> + ", orig_helo=", FORWARD_HELO(state) ?
> FORWARD_HELO(state) : ""));
> }
>
> /* smtpd_sasl_mail_reset - SASL-specific MAIL FROM cleanup */
>
>
>
>
>
>
> -- Noel Jones
