Greetings, recently I stumbled across a log line like this:
Oct 25 10:34:59 hostname postfix/smtpd[12345]: NOQUEUE: reject: RCPT from client.example[1.2.3.4]: 554 5.7.1 <[email protected]; [email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]; [email protected]> proto=ESMTP helo=<client.example> The important part is the "to=<[email protected]; [email protected]>". Parsing this to find out which part is the local-part and which is the domain isn't exactly trivial, both for me as a human or for a machine automatically parsing the log. As it turns out, the original address was "[email protected]; c"@d.com, but it could have been "[email protected]; [email protected]" (i.e. local-part only, without a domain) just as well. There is no way to know for sure from the log alone. There are more obscure examples like this: Aug 29 12:52:50 hostname postfix/smtpd[12345] NOQUEUE: reject: RCPT from client.example[1.2.3.4]: 554 5.7.1 <host>: Helo command rejected: Access denied; from=<[email protected]> to=<[email protected]> from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<host> In this case it is not possible to say with certainty, what the envelope addresses actually are. It can be either of these: to: "[email protected]> from=<[email protected]> to=<[email protected]" (local-part only, without domain) from: [email protected] or to: [email protected] from: "[email protected]> to=<[email protected]> from=<[email protected]" (local-part only, without domain) At this point I definitely see no way of exactly knowing, what the actual email looked like. Is there some way to configure postfix to log this in a way that is unambiguously understandable? Otherwise this kinda seems like a bug to me or at least something I consider worthy of a feature request. Regards Sven
signature.asc
Description: OpenPGP digital signature
