Re: Logging for 'too many hops' issue

Thu, 18 Sep 2014 07:41:50 -0700 

On 09/18/2014 03:22 PM, Wietse Venema wrote:
> Tom Hendrikx:
>> We're currently in the process of parsing postfix logs into something
>> that is suitable for end users. After covering lots of basic errors, we
>> are working through some edge cases. Since we use customer provided data
>> for relaying mail, there is a possibility that something gets
>> mis-configured and we get 'too many hops' and related issues.
>>
>> However, it seems that the error message is only sent in the smtp dialog
>> (554 5.4.0 Error: too many hops), postfix logging does not show
>> anything. All I get in non-verbose logging is:
>>
>> Sep 18 12:38:58 test postfix-inbound/smtpd[29852]: connect from
>> localhost[127.0.0.1]
>> Sep 18 12:39:05 test postfix-inbound/smtpd[29852]: 3hzHmT118bz317f:
>> client=localhost[127.0.0.1]
>> Sep 18 12:39:17 test postfix-inbound/smtpd[29852]: disconnect from
>> localhost[127.0.0.1]
>>
>> Is there a way to detect a 'too many hops' issue from the logging,
>> preferably without changing postfix verbosity?
> 
> Does the SMTP client log the rejected command (like Postfix does)?
> If not, which program should be changed?
> 
>       Wietse
> 

We provide an interface where the customer can lookup details about
their mail flow. The idea is that customers can use the interface to
find their mail delivery details, and more importantly, that it can also
tell them when a mail was rejected.

This works great for f.i. dnsbl rejects, but for some scenarios, there
is no suitable message in postfix logging to work with. This basically
means that we have to tell customers 'we don't know for sure, but try
and ask <third party> who might have sent it', which sucks for obvious
reasons.

We also had similar issues with exceeding message_size_limit in MAIL
FROM command, which does not log the sender e-mail address, making it
hard to actually find the relevant log entries when questions are asked:
there is only a timestamp + sender ip to work with.

But from your remark about 'which program should be changed', I may
conclude that this is not possible?

Kind regards,
        Tom

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to