> On Jun 12, 2019, at 3:40 PM, Stephen Satchell wrote:
>
> As has been suggested before, this is a perfect application for TCPDUMP
> with appropriate parameters on your edge server, and a script to
> interpret the data.
Many MTAs nowadays support STARTTLS, and a large fraction of MTA-to-MTA
SMTP
On 6/12/19 11:52 AM, Rafael Azevedo wrote:
> Its not the same result between the final client and the server.
>
> Its the communication between the servers.
>
> [client] >>> [server] >>> [final destination's server]
>
> So this is the part they want me to store:
>
> [server] > EHLO > MAIL FROM
> On Jun 12, 2019, at 3:20 PM, Rafael Azevedo wrote:
>
> We already have that log, but they're asking for additional confirmation.
Tell them that the "additional" confirmation is neither necessary
nor available. This is a waste of everyone's time.
The standard logs are quite sufficient.
--
Thank you Viktor,
We already have that log, but they're asking for additional confirmation.
Thanks in advance.
Em qua, 12 de jun de 2019 às 16:11, Viktor Dukhovni
escreveu:
>
> On Wed, Jun 12, 2019 at 03:52:10PM -0300, Rafael Azevedo wrote:
>
> > Its the communication between the servers.
> >
>
On Wed, Jun 12, 2019 at 03:52:10PM -0300, Rafael Azevedo wrote:
> Its the communication between the servers.
>
> [client] >>> [server] >>> [final destination's server]
>
> So this is the part they want me to store:
>
> [server] > EHLO > MAIL FROM > RCPT TO > DATA > RESULT (ACCEPTED OR
> REJECTE
Hi guys,
Its not the same result between the final client and the server.
Its the communication between the servers.
[client] >>> [server] >>> [final destination's server]
So this is the part they want me to store:
[server] > EHLO > MAIL FROM > RCPT TO > DATA > RESULT (ACCEPTED OR
REJECTED)
On Wed, Jun 12, 2019 at 09:51:45AM -0300, Rafael Azevedo wrote:
> We're being requested to give the detailed messages between the
> servers to validate the message delivery.
One can usually push back on what appear to be misguided requests
from auditors. I fail to see the point of this request.
Rafael Azevedo:
> What we need is a complete conversation between the servers.
>
> We're being requested to give the detailed messages between the
> servers to validate the message delivery.
>
> This would be an example of the log needs:
>
> 2019-06-12 12:44:47 SERVER -> CLIENT: 220 indus.server
On 6/12/19 8:51 AM, Rafael Azevedo wrote:
> We're being requested to give the detailed messages between the
> servers to validate the message delivery.
And it's allowable to have the MTA on one side do the data collection?
If I were your auditor, I'd know that it would be almost impossible for
you
What we need is a complete conversation between the servers.
We're being requested to give the detailed messages between the
servers to validate the message delivery.
This would be an example of the log needs:
2019-06-12 12:44:47 SERVER -> CLIENT: 220 indus.server.net ESMTP Postfix
2019-06-12 12
> On Jun 11, 2019, at 1:31 PM, Wietse Venema wrote:
>
> This is work that Viktor Dukhovni (also on this mailing list) did
> some 10+ years ago.
>
> The basic idea is a small "y" splitter that is configured as a
> content filter (using smtpd_proxy_filter or content_filter). This
> receives SMTP c
Wietse:
> If you need the entire SMTP session, your options are
>
> - A network-level sniffer (tcpdump -s 0 -w /file/name ...).
>
> - An SMTP-level splitter (configured using Postfix's smtpd_proxy_filter)
> that sends one copy of the SMTP stream to an archival server, and
> one copy to Postfix itse
Hi Wietse,
Could you please give me more details about option 2 (SMTP-level splitter) ?
Thanks in advance.
BR,
Em ter, 11 de jun de 2019 às 12:37, Wietse Venema
escreveu:
>
> Rafael Azevedo:
> > I need the full SMTP transaction, commands such as EHLO, MAIL FROM:,
> > RCPT TO:, and DATA...
>
>
Rafael Azevedo:
> I need the full SMTP transaction, commands such as EHLO, MAIL FROM:,
> RCPT TO:, and DATA...
Postfix can log SMTP commands and responses, but not the message
content because that would consume huge amounts of resources.
If you need the entire SMTP session, your options are
- A
I need the full SMTP transaction, commands such as EHLO, MAIL FROM:,
RCPT TO:, and DATA...
Em ter, 11 de jun de 2019 às 11:50, @lbutlr escreveu:
>
> On Jun 11, 2019, at 8:30 AM, @lbutlr wrote:
> > Maybe 'relay=.*\]:25’?
>
> Looking at my logs it looks like
>
> '\]:25:’ is enough.
>
> --
> ...but
On Jun 11, 2019, at 8:30 AM, @lbutlr wrote:
> Maybe 'relay=.*\]:25’?
Looking at my logs it looks like
'\]:25:’ is enough.
--
...but the senator, while insisting he was not intoxicated, could not
explain his nudity.
On Jun 11, 2019, at 7:55 AM, Rafael Azevedo wrote:
> Is there anyway to log the MTA to MTA transactions one per file?
You can use rsyslog to log based on the queueid? But queueid could not be a
single line.
With rsyslog the trick is to find something unique in the log lines you want.
Maybe 're
Hi guys,
We're in an audit process here and this is giving us a headech.
Is there anyway to log the MTA to MTA transactions one per file?
For example, client requests to send a message, the MTA says OK, sends
the message and keep a log of the MTA to MTA transaction.
Thanks in advance.
BR,
Raf
18 matches
Mail list logo
