diff options
Diffstat (limited to 'doc/LOGGING')
| -rw-r--r-- | doc/LOGGING | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/doc/LOGGING b/doc/LOGGING new file mode 100644 index 0000000..6f07dc5 --- /dev/null +++ b/doc/LOGGING @@ -0,0 +1,94 @@ +Logging of SMTP Sessions +======================== + +Normally, qmail-smtpd doesn't log anything. + +Within s/qmail, qmail-smtpd logs some accepted and some (important) rejected SMTP session attempts. + +Format: "qmail-smtpd: pid PID Action::Type::Condition: Information" + +In order to track a complete SMTP transaction (including tcpserver/sslserver + rblsmtpd) +the log line includes now the PID. + +Here's the glue: + + + Action Type Condition Explanation + ----------------------------------------- + + Reject AUTH missing AUTHentication missing + Reject AUTH setup AUTHentication impossible due to missing PAM + Reject AUTH type AUTHentication of 'type' rejected + Reject Auth Method AUTHentication Method rejected + Accept AUTH type AUTHentication of 'type' accepted + + Reject DATA Invalid_Size DATA exceeds sizelimit + Reject DATA Bad_MIME DATA includes BASE 64 MIME type listed in badmimetypes + Reject DATA Bad_Loader DATA includes BASE64 loader type listed in badmimetypes + Reject DATA Virus_Infected DATA includes virus infected message (<scanner> | 'AV scanner') + Reject DATA Spam_Message DATA includes an identified Spam message. + + Reject ORIG Bad_Mailfrom ORIG is in badmailfrom + Reject ORIG DNS_MF Domain part of ORIG has no DNS MX RR + Reject ORIG Failed_Auth ORIG tried SMTP Authentication; but failed + Reject ORIG Require_Auth SMTP Authentication required; but not granted + Reject ORIG Invalid_Sender ORIG not allowed to send + Reject ORIG Missing_Auth SMTP Authentication required, but not granted + Reject ORIG SPF ORIG was rejected due to failed SPF permissions + Accept ORIG Local_Sender ORIG was identified as local sender address + Accept ORIG Relay_Mailfrom ORIG was accepted als Relaymailfrom + + Reject RCPT Bad_Rcptto RCPT is in badrcptto + Reject RCPT Toomany_Rcptto Too many RCPTs + Reject RCPT Failed_Rcptto RCPT could not acceptd as per recipients/cdb. + Accept RCPT Recipients_Cdb RCPT was accepted as per recipients/cdb. + Accept RCPT Recipients_Pam RCPT was accepted as per recipients/pam plug-in. + Accept RCPT Recipients_Wild RCPT was accepted as per recipients/wildlisting. + Accept RCPT Rcpthosts_Rcptto RCPT was accepted as per rcpthosts/morercpthosts + + Reject SNDR Bad_Helo SNDR's HELO is in the badhelo + Reject SNDR DNS_HELO SNDR's HELO has no DNS A RR + Reject SNDR Invalid_Relay SNDR's tries relaying; but not allowd + Accept SNDR Relay_Client SNDR was identified as relay client + + Reject TLS missing TLS connection could not be established + Reject TLS required TLS connection could not be established + + Accept SPF Recipients_Cdb ORIG was authorized and RCPT accepted as per recipients/cdb. + Accept SPF Recipients_Pam ORIG was authorized and RCPT accepted as per recipients/pam plug-in. + Accept SPF Recipients_Wild ORIG was authorized and RCPT was accepted as per recipients/wildlisting. + Accept SPF Rcpthosts_Rcptto ORIG was authorized and RCPT was accepted as per rcpthosts/morercpthosts + + Reject SPF Fail ORIG authorization failed per SPF + + Deferred GREY Grey_Listed SNDR was temporarily greylisted + + Reject DKIM Signature DATA failed DKIM verification + + +SNDR (S) corresponds to the sending MTA. +ORIG (F) is the "MAIL From: <Return-Path>". +RCPT (T) is the "RCPT To: <Forwarding-Path>". +DATA is the Message. +GREY is triple of envelope data: SNDR+ORIG+RCPT. + +Protocol +-------- + SMTP plain SMTP + ESMTP 'enhanced' SMTP + ESMTPA ESMTP + authentication + ESMPTS TLS secured EMSTP + ESMTPSA TLS secured ESMTP + auth + ESMTP[SA]UTF8 ESMTP[SA] with UTF-8 + + + +The Information is typically constructed from the SMTP envelope like: + + S:IP:FQDN P:Protocol H:Helo F:Mailfrom T:Rcptto + + +This scheme is easy extendable to other successful/deferred SMTP sessions. + +In addition for POP3 services this scheme is used; but now logging takes place on FD 5. + |