-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 18-09-14 17:28, Wietse Venema wrote:
> Tom Hendrikx:
>>>> However, it seems that the error message is only sent in the
>>>> smtp dialog (554 5.4.0 Error: too many hops), postfix logging
>>>> does not show anything. All I get in non-verbose logging is:
>>>> 
>>>> Sep 18 12:38:58 test postfix-inbound/smtpd[29852]: connect
>>>> from localhost[127.0.0.1] Sep 18 12:39:05 test
>>>> postfix-inbound/smtpd[29852]: 3hzHmT118bz317f: 
>>>> client=localhost[127.0.0.1] Sep 18 12:39:17 test
>>>> postfix-inbound/smtpd[29852]: disconnect from 
>>>> localhost[127.0.0.1]
>>>> 
>>>> Is there a way to detect a 'too many hops' issue from the
>>>> logging, preferably without changing postfix verbosity?
>>> 
>>> Does the SMTP client log the rejected command (like Postfix
>>> does)? If not, which program should be changed?
> 
> Asking this, because the client runs on the same machine
> (connecting from localhost[127.0.0.1]), so you might have the
> information already.

The logging was generated from a test suite. Real life situations
wouldn't use localhost.

> 
>> This works great for f.i. dnsbl rejects, but for some scenarios,
>> there is no suitable message in postfix logging to work with.
>> This basically means that we have to tell customers 'we don't
>> know for sure, but try and ask <third party> who might have sent
>> it', which sucks for obvious reasons.
>> 
>> We also had similar issues with exceeding message_size_limit in
>> MAIL FROM command, which does not log the sender e-mail address,
>> making it hard to actually find the relevant log entries when
>> questions are asked: there is only a timestamp + sender ip to
>> work with.
>> 
>> But from your remark about 'which program should be changed', I
>> may conclude that this is not possible?
> 
> There are tons of 5XX server responses without logging.  To begin 
> with, Postfix generally does not log SMTP command name or command 
> parameter errors because that could easily be mis-used to jam up 
> the logfile with garbage.
> 
> However, the cleanup daemon should probably log when it sets the 
> "hop-count" error flag, just like it logs when it sets the "write 
> error" flag.
> 
> Wietse
> 
> --- /var/tmp/postfix-2.12-20140907/src/cleanup/cleanup_message.c
> 2013-11-12 12:53:03.000000000 -0500 +++ ./cleanup_message.c
> 2014-09-18 11:10:32.000000000 -0400 @@ -580,8 +580,11 @@ if
> (hdr_opts->type == HDR_RESENT_MESSAGE_ID) msg_info("%s:
> resent-message-id=%s", state->queue_id, hdrval); if (hdr_opts->type
> == HDR_RECEIVED) -        if (++state->hop_count >=
> var_hopcount_limit) +     if (++state->hop_count >=
> var_hopcount_limit) { +               msg_warn("%s: message rejected: hopcount
> exceeded", +                   state->queue_id); state->errs |=
> CLEANUP_STAT_HOPS; +      } if (CLEANUP_OUT_OK(state)) { if
> (hdr_opts->flags & HDR_OPT_RR) state->resent = "Resent-";
> 

That looks promising. Thanks :)

Kind regards,
        Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUHBKQAAoJEJPfMZ19VO/15FoP/0if+36VvgIx/2GVDepmwu+z
ivvehqTHROhmXr5Q2KiOmEnAGqzi5lU6l9uhEL3qy+ZWsWBN+F1UgEiX9CexH2Kr
L7zJWdceIN9tEhZ6hU24NXSO8ex16TjFBcZ6GNR9uYPeiyM1VvFOM/ju1DtadFxe
vfIE+uhxhVcpuKYnHJCXYiDcGH8DLLgCBgPNirGPxVPadwcBt4mW2s8EsRF9+Xea
rItqUFdbDw7n9MauBb0J8itjaYkNI0Layjr1Fny3cnYhulZbAqCqBK5yg4vrXF6L
NIJSszFXDekylrzRAyXqSSPscg0ZdZgVjBezlR2nj2qWbfT3e4Rp973LdMAPamDU
pWjWXN0k7xos7015i8Z2Yoyqw3M6Kbfl/Gex3X2TFhu/QpJU/b+7t+9IHsbMNUEG
+GkgvoeQdusJlN0F/KSg06E/hMgs/8YrC0uxQgAY9CWjo9e+rWIP+eLv8X6myOry
tyJ1WnUs8ZVbYzIF9bZbX2PuutIZyzYXUyBtFwamdYtWixhRb2bychna6f6GXDSY
UMoZDt/1lZa5CVlvOPsfbrW0GcX85oMta77se6XY+8G8BL4T5Y00lA4yaA6Xlhkj
y3bEbHQOieEGdjQjtkLI/jalQiuB0mqklH94ANfKSuuN8LRjgd+Ww5DNAJ8qhgMC
GOu9StnbBki74c+w6YBR
=iwpq
-----END PGP SIGNATURE-----

Reply via email to