Greetings, recently I stumbled across a log line like this:
Oct 25 10:34:59 hostname postfix/smtpd[12345]: NOQUEUE: reject: RCPT from client.example[1.2.3.4]: 554 5.7.1 <a...@b.com; c...@d.com>: Relay access denied; from=<f...@example.com> to=<a...@b.com; c...@d.com> proto=ESMTP helo=<client.example> The important part is the "to=<a...@b.com; c...@d.com>". Parsing this to find out which part is the local-part and which is the domain isn't exactly trivial, both for me as a human or for a machine automatically parsing the log. As it turns out, the original address was "a...@b.com; c"@d.com, but it could have been "a...@b.com; c...@d.com" (i.e. local-part only, without a domain) just as well. There is no way to know for sure from the log alone. There are more obscure examples like this: Aug 29 12:52:50 hostname postfix/smtpd[12345] NOQUEUE: reject: RCPT from client.example[1.2.3.4]: 554 5.7.1 <host>: Helo command rejected: Access denied; from=<a@b.c> to=<x@y.z> from=<a@b.c> to=<x@y.z> proto=ESMTP helo=<host> In this case it is not possible to say with certainty, what the envelope addresses actually are. It can be either of these: to: "x@y.z> from=<a@b.c> to=<x@y.z" (local-part only, without domain) from: a@b.c or to: x@y.z from: "a@b.c> to=<x@y.z> from=<a@b.c" (local-part only, without domain) At this point I definitely see no way of exactly knowing, what the actual email looked like. Is there some way to configure postfix to log this in a way that is unambiguously understandable? Otherwise this kinda seems like a bug to me or at least something I consider worthy of a feature request. Regards Sven
signature.asc
Description: OpenPGP digital signature
