-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 18-09-14 17:28, Wietse Venema wrote:
> Tom Hendrikx:
>>>> However, it seems that the error message is only sent in the
>>>> smtp dialog (554 5.4.0 Error: too many hops), postfix logging
>>>> does not show anything. All I get in non-verbose logging is:
>>>>
>>>> Sep 18 12:38:58 test postfix-inbound/smtpd[29852]: connect
>>>> from localhost[127.0.0.1] Sep 18 12:39:05 test
>>>> postfix-inbound/smtpd[29852]: 3hzHmT118bz317f:
>>>> client=localhost[127.0.0.1] Sep 18 12:39:17 test
>>>> postfix-inbound/smtpd[29852]: disconnect from
>>>> localhost[127.0.0.1]
>>>>
>>>> Is there a way to detect a 'too many hops' issue from the
>>>> logging, preferably without changing postfix verbosity?
>>>
>>> Does the SMTP client log the rejected command (like Postfix
>>> does)? If not, which program should be changed?
>
> Asking this, because the client runs on the same machine
> (connecting from localhost[127.0.0.1]), so you might have the
> information already.
The logging was generated from a test suite. Real life situations
wouldn't use localhost.
>
>> This works great for f.i. dnsbl rejects, but for some scenarios,
>> there is no suitable message in postfix logging to work with.
>> This basically means that we have to tell customers 'we don't
>> know for sure, but try and ask <third party> who might have sent
>> it', which sucks for obvious reasons.
>>
>> We also had similar issues with exceeding message_size_limit in
>> MAIL FROM command, which does not log the sender e-mail address,
>> making it hard to actually find the relevant log entries when
>> questions are asked: there is only a timestamp + sender ip to
>> work with.
>>
>> But from your remark about 'which program should be changed', I
>> may conclude that this is not possible?
>
> There are tons of 5XX server responses without logging. To begin
> with, Postfix generally does not log SMTP command name or command
> parameter errors because that could easily be mis-used to jam up
> the logfile with garbage.
>
> However, the cleanup daemon should probably log when it sets the
> "hop-count" error flag, just like it logs when it sets the "write
> error" flag.
>
> Wietse
>
> --- /var/tmp/postfix-2.12-20140907/src/cleanup/cleanup_message.c
> 2013-11-12 12:53:03.000000000 -0500 +++ ./cleanup_message.c
> 2014-09-18 11:10:32.000000000 -0400 @@ -580,8 +580,11 @@ if
> (hdr_opts->type == HDR_RESENT_MESSAGE_ID) msg_info("%s:
> resent-message-id=%s", state->queue_id, hdrval); if (hdr_opts->type
> == HDR_RECEIVED) - if (++state->hop_count >=
> var_hopcount_limit) + if (++state->hop_count >=
> var_hopcount_limit) { + msg_warn("%s: message rejected: hopcount
> exceeded", + state->queue_id); state->errs |=
> CLEANUP_STAT_HOPS; + } if (CLEANUP_OUT_OK(state)) { if
> (hdr_opts->flags & HDR_OPT_RR) state->resent = "Resent-";
>
That looks promising. Thanks :)
Kind regards,
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUHBKQAAoJEJPfMZ19VO/15FoP/0if+36VvgIx/2GVDepmwu+z
ivvehqTHROhmXr5Q2KiOmEnAGqzi5lU6l9uhEL3qy+ZWsWBN+F1UgEiX9CexH2Kr
L7zJWdceIN9tEhZ6hU24NXSO8ex16TjFBcZ6GNR9uYPeiyM1VvFOM/ju1DtadFxe
vfIE+uhxhVcpuKYnHJCXYiDcGH8DLLgCBgPNirGPxVPadwcBt4mW2s8EsRF9+Xea
rItqUFdbDw7n9MauBb0J8itjaYkNI0Layjr1Fny3cnYhulZbAqCqBK5yg4vrXF6L
NIJSszFXDekylrzRAyXqSSPscg0ZdZgVjBezlR2nj2qWbfT3e4Rp973LdMAPamDU
pWjWXN0k7xos7015i8Z2Yoyqw3M6Kbfl/Gex3X2TFhu/QpJU/b+7t+9IHsbMNUEG
+GkgvoeQdusJlN0F/KSg06E/hMgs/8YrC0uxQgAY9CWjo9e+rWIP+eLv8X6myOry
tyJ1WnUs8ZVbYzIF9bZbX2PuutIZyzYXUyBtFwamdYtWixhRb2bychna6f6GXDSY
UMoZDt/1lZa5CVlvOPsfbrW0GcX85oMta77se6XY+8G8BL4T5Y00lA4yaA6Xlhkj
y3bEbHQOieEGdjQjtkLI/jalQiuB0mqklH94ANfKSuuN8LRjgd+Ww5DNAJ8qhgMC
GOu9StnbBki74c+w6YBR
=iwpq
-----END PGP SIGNATURE-----
