On 7/14/2014 10:21 AM, Wietse Venema wrote:
>
> Note that the "/" appears only when there is an anomaly. Here, the
> number of "good" auth commands (0) differs from the total number
> of auth commands (10).
>
> In a logfile analyzer, anomalies would match 'disconnect.*=\d+/\d+'
> (perl or pcre sy
> A "normal" ESMTP session with vrfy:
>
> ehlo=1/1 vrfy=1/1 quit=1/1
>
> An "abnormal" session that drops after 10 rejected AUTH commands:
>
> ehlo=1/1 auth=0/10
>
> The logging shows only counters for commands that were actually
> issued. To save space we could replace "n/n" (two ident
On 7/14/2014 8:25 AM, Wietse Venema wrote:
> In response to Noel's followup, here is a proposal that can make
> Postfix trouble shooting / anomaly detection easier. This would
> reveal information that is currently available only by turning on
> verbose logging.
>
> Proposal:
>
> The Postfix SMT
On 7/14/2014 9:40 AM, Andreas Schulze wrote:
> Wietse Venema:
>> Since the stats would be logged at the end of a session, they can
>> be logged in the "disconnect" record.
>
> Hello Wietse,
>
> the proposal sounds good. Such intormation could be helpful.
>
> Do you think it should be logged alwa
Wietse Venema:
> Since the stats would be logged at the end of a session, they can
> be logged in the "disconnect" record.
Hello Wietse,
the proposal sounds good. Such intormation could be helpful.
Do you think it should be logged always or only while debugging?
I use to "postconf -e "debug_peer
In response to Noel's followup, here is a proposal that can make
Postfix trouble shooting / anomaly detection easier. This would
reveal information that is currently available only by turning on
verbose logging.
Proposal:
The Postfix SMTP server maintains two counters for each known
command: one
