manu19:
> Can someone tell me how I can get the meaning of these variables
> (ehlo..commands) in the postfix log?
> i.e:
> 1) disconnect from xxxx.xxxx.xx [99.99.999.99] ehlo= 2 starttls= 1 mail=1
> rcpt=1 data=1 quit=1 commands=7
> 2) disconnect from xxxx.xxxx.xx [99.99.999.99] ehlo=2 starttls=1 mail=1
> rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
foo=x/y means that the client sent the 'foo' command 'y' times, and
that Postfix accepted 'x' of those conmmands. When 'x' and 'y' are
the same, Postfix shows only one.
These statistics make problems easy to diagnose. The command
$ grep auth=./ /var/log/maillog
will show spambots attempts to log in. Here is a typical result:
Aug 1 11:24:35 spike postfix/smtpd[26284]: disconnect from
unknown[122.246.158.54] ehlo=1 auth=0/1 commands=1/2
Wietse
