On Mon, Apr 24, 2023 at 05:39:01PM +0000, Jitendra Chaudhari via Postfix-users wrote:
> Mail flow is as follows. > > IceWarp (email Server)---------------> > postfix-----------------------> > cisco(ironport email gateway)---------------> > Internet > > I found some strange messages for qmgr process as follows What looked strange to you? > Can anyone please help me how to interpret this log entry? > > Apr 20 14:04:09 fsmta1 postfix/smtpd[169407]: 36421809DB5: > client=localhost[127.0.0.1], orig_client=unknown[192.168.234.51] This message is likely downstream of a content_filter, that forwarded it with "xforward" enabled, to record the original client IP address. That IP address is an RFC1918 (192.168.0.0/16) non-public IP address, so the message is purportedly from a client inside your network. > Apr 20 14:04:09 fsmta1 postfix/cleanup[173827]: 36421809DB5: > message-id=295c0a7e4f14d016618afa55b5e5472f-1452568706@192.168.234.51<mailto:295c0a7e4f14d016618afa55b5e5472f-1452568706@192.168.234.51> To see the log entries recording the original mesasge coming in, look for other log entries that contain either "36421809DB5" or the above message-id. Then find all entries for *that* queue-id. > Apr 20 14:04:09 fsmta1 postfix/qmgr[2205]: 36421809DB5: > from=no-reply=19=tjsb....@xxxx.co.in, size=2169, nrcpt=1 (queue active) Nothing interesting here. Unless you suspect that this message should not have been accepted in the first place. > Apr 20 14:04:09 fsmta1 postfix/smtp[167717]: 36421809DB5: to=x...@xxxxx.com, > relay=xxxxxxx:366, delay=0.05, delays=0/0.01/0.02/0.02, dsn=2.0.0, > status=sent (250 ok: Message 14326499 accepted) > Apr 20 14:04:09 fsmta1 postfix/qmgr[2205]: 36421809DB5: removed The message was then delivered to some SMTP server on port 366 (or did you also obfuscate the port number)? -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
