Hi Viktor, Thanks for the interpretation of the log entry.
The strange thing that is observed in the log is no-reply=19=tjsb....@xxx.co.in The user email id at the email server is tjsb....@xxx.co.in so my worry is what is the " no-reply=19=" string getting appended before the user email id "tjsb....@xxx.co.in" Is this a postfix qmgr process that is adding this string? And I can see many such entries in /var/maillog particularly for postfix/qmgr process with the random number getting appended as "no-reply=XX="user email address Thanks & Regards, Jitendra Chaudhari -----Original Message----- From: Viktor Dukhovni via Postfix-users <postfix-users@postfix.org> Sent: Tuesday, April 25, 2023 12:59 AM To: postfix-users@postfix.org Subject: [pfx] Re: postfix mail server qmgr log entry query On Mon, Apr 24, 2023 at 05:39:01PM +0000, Jitendra Chaudhari via Postfix-users wrote: > Mail flow is as follows. > > IceWarp (email Server)---------------> > postfix-----------------------> > cisco(ironport email gateway)---------------> > Internet > > I found some strange messages for qmgr process as follows What looked strange to you? > Can anyone please help me how to interpret this log entry? > > Apr 20 14:04:09 fsmta1 postfix/smtpd[169407]: 36421809DB5: > client=localhost[127.0.0.1], orig_client=unknown[192.168.234.51] This message is likely downstream of a content_filter, that forwarded it with "xforward" enabled, to record the original client IP address. That IP address is an RFC1918 (192.168.0.0/16) non-public IP address, so the message is purportedly from a client inside your network. > Apr 20 14:04:09 fsmta1 postfix/cleanup[173827]: 36421809DB5: > message-id=295c0a7e4f14d016618afa55b5e5472f-1452568706@192.168.234.51< > mailto:295c0a7e4f14d016618afa55b5e5472f-1452568706@192.168.234.51> To see the log entries recording the original mesasge coming in, look for other log entries that contain either "36421809DB5" or the above message-id. Then find all entries for *that* queue-id. > Apr 20 14:04:09 fsmta1 postfix/qmgr[2205]: 36421809DB5: > from=no-reply=19=tjsb....@xxxx.co.in, size=2169, nrcpt=1 (queue > active) Nothing interesting here. Unless you suspect that this message should not have been accepted in the first place. > Apr 20 14:04:09 fsmta1 postfix/smtp[167717]: 36421809DB5: > to=x...@xxxxx.com, relay=xxxxxxx:366, delay=0.05, > delays=0/0.01/0.02/0.02, dsn=2.0.0, status=sent (250 ok: Message > 14326499 accepted) Apr 20 14:04:09 fsmta1 postfix/qmgr[2205]: > 36421809DB5: removed The message was then delivered to some SMTP server on port 366 (or did you also obfuscate the port number)? -- Viktor. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
