-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 18-09-14 17:28, Wietse Venema wrote: > Tom Hendrikx: >>>> However, it seems that the error message is only sent in the >>>> smtp dialog (554 5.4.0 Error: too many hops), postfix logging >>>> does not show anything. All I get in non-verbose logging is: >>>> >>>> Sep 18 12:38:58 test postfix-inbound/smtpd[29852]: connect >>>> from localhost[127.0.0.1] Sep 18 12:39:05 test >>>> postfix-inbound/smtpd[29852]: 3hzHmT118bz317f: >>>> client=localhost[127.0.0.1] Sep 18 12:39:17 test >>>> postfix-inbound/smtpd[29852]: disconnect from >>>> localhost[127.0.0.1] >>>> >>>> Is there a way to detect a 'too many hops' issue from the >>>> logging, preferably without changing postfix verbosity? >>> >>> Does the SMTP client log the rejected command (like Postfix >>> does)? If not, which program should be changed? > > Asking this, because the client runs on the same machine > (connecting from localhost[127.0.0.1]), so you might have the > information already.
The logging was generated from a test suite. Real life situations wouldn't use localhost. > >> This works great for f.i. dnsbl rejects, but for some scenarios, >> there is no suitable message in postfix logging to work with. >> This basically means that we have to tell customers 'we don't >> know for sure, but try and ask <third party> who might have sent >> it', which sucks for obvious reasons. >> >> We also had similar issues with exceeding message_size_limit in >> MAIL FROM command, which does not log the sender e-mail address, >> making it hard to actually find the relevant log entries when >> questions are asked: there is only a timestamp + sender ip to >> work with. >> >> But from your remark about 'which program should be changed', I >> may conclude that this is not possible? > > There are tons of 5XX server responses without logging. To begin > with, Postfix generally does not log SMTP command name or command > parameter errors because that could easily be mis-used to jam up > the logfile with garbage. > > However, the cleanup daemon should probably log when it sets the > "hop-count" error flag, just like it logs when it sets the "write > error" flag. > > Wietse > > --- /var/tmp/postfix-2.12-20140907/src/cleanup/cleanup_message.c > 2013-11-12 12:53:03.000000000 -0500 +++ ./cleanup_message.c > 2014-09-18 11:10:32.000000000 -0400 @@ -580,8 +580,11 @@ if > (hdr_opts->type == HDR_RESENT_MESSAGE_ID) msg_info("%s: > resent-message-id=%s", state->queue_id, hdrval); if (hdr_opts->type > == HDR_RECEIVED) - if (++state->hop_count >= > var_hopcount_limit) + if (++state->hop_count >= > var_hopcount_limit) { + msg_warn("%s: message rejected: hopcount > exceeded", + state->queue_id); state->errs |= > CLEANUP_STAT_HOPS; + } if (CLEANUP_OUT_OK(state)) { if > (hdr_opts->flags & HDR_OPT_RR) state->resent = "Resent-"; > That looks promising. Thanks :) Kind regards, Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUHBKQAAoJEJPfMZ19VO/15FoP/0if+36VvgIx/2GVDepmwu+z ivvehqTHROhmXr5Q2KiOmEnAGqzi5lU6l9uhEL3qy+ZWsWBN+F1UgEiX9CexH2Kr L7zJWdceIN9tEhZ6hU24NXSO8ex16TjFBcZ6GNR9uYPeiyM1VvFOM/ju1DtadFxe vfIE+uhxhVcpuKYnHJCXYiDcGH8DLLgCBgPNirGPxVPadwcBt4mW2s8EsRF9+Xea rItqUFdbDw7n9MauBb0J8itjaYkNI0Layjr1Fny3cnYhulZbAqCqBK5yg4vrXF6L NIJSszFXDekylrzRAyXqSSPscg0ZdZgVjBezlR2nj2qWbfT3e4Rp973LdMAPamDU pWjWXN0k7xos7015i8Z2Yoyqw3M6Kbfl/Gex3X2TFhu/QpJU/b+7t+9IHsbMNUEG +GkgvoeQdusJlN0F/KSg06E/hMgs/8YrC0uxQgAY9CWjo9e+rWIP+eLv8X6myOry tyJ1WnUs8ZVbYzIF9bZbX2PuutIZyzYXUyBtFwamdYtWixhRb2bychna6f6GXDSY UMoZDt/1lZa5CVlvOPsfbrW0GcX85oMta77se6XY+8G8BL4T5Y00lA4yaA6Xlhkj y3bEbHQOieEGdjQjtkLI/jalQiuB0mqklH94ANfKSuuN8LRjgd+Ww5DNAJ8qhgMC GOu9StnbBki74c+w6YBR =iwpq -----END PGP SIGNATURE-----