Logging of SMTP Sessions ======================== Normally, qmail-smtpd doesn't log anything. Within s/qmail, qmail-smtpd logs some accepted and some (important) rejected SMTP session attempts. Format: "qmail-smtpd: pid PID Action::Type::Condition: Information" In order to track a complete SMTP transaction (including tcpserver/sslserver + rblsmtpd) the log line includes now the PID. Here's the glue: Action Type Condition Explanation ----------------------------------------- Reject AUTH missing AUTHentication missing Reject AUTH setup AUTHentication impossible due to missing PAM Reject AUTH type AUTHentication of 'type' rejected Reject Auth Method AUTHentication Method rejected Accept AUTH type AUTHentication of 'type' accepted Reject DATA Invalid_Size DATA exceeds sizelimit Reject DATA Bad_MIME DATA includes BASE 64 MIME type listed in badmimetypes Reject DATA Bad_Loader DATA includes BASE64 loader type listed in badmimetypes Reject DATA Virus_Infected DATA includes virus infected message ( | 'AV scanner') Reject DATA Spam_Message DATA includes an identified Spam message. Reject ORIG Bad_Mailfrom ORIG is in badmailfrom Reject ORIG DNS_MF Domain part of ORIG has no DNS MX RR Reject ORIG Failed_Auth ORIG tried SMTP Authentication; but failed Reject ORIG Require_Auth SMTP Authentication required; but not granted Reject ORIG Invalid_Sender ORIG not allowed to send Reject ORIG Missing_Auth SMTP Authentication required, but not granted Reject ORIG SPF ORIG was rejected due to failed SPF permissions Accept ORIG Local_Sender ORIG was identified as local sender address Accept ORIG Relay_Mailfrom ORIG was accepted als Relaymailfrom Reject RCPT Bad_Rcptto RCPT is in badrcptto Reject RCPT Toomany_Rcptto Too many RCPTs Reject RCPT Failed_Rcptto RCPT could not acceptd as per recipients/cdb. Accept RCPT Recipients_Cdb RCPT was accepted as per recipients/cdb. Accept RCPT Recipients_Pam RCPT was accepted as per recipients/pam plug-in. Accept RCPT Recipients_Wild RCPT was accepted as per recipients/wildlisting. Accept RCPT Rcpthosts_Rcptto RCPT was accepted as per rcpthosts/morercpthosts Reject SNDR Bad_Helo SNDR's HELO is in the badhelo Reject SNDR DNS_HELO SNDR's HELO has no DNS A RR Reject SNDR Invalid_Relay SNDR's tries relaying; but not allowd Accept SNDR Relay_Client SNDR was identified as relay client Reject TLS missing TLS connection could not be established Reject TLS required TLS connection could not be established Accept SPF Recipients_Cdb ORIG was authorized and RCPT accepted as per recipients/cdb. Accept SPF Recipients_Pam ORIG was authorized and RCPT accepted as per recipients/pam plug-in. Accept SPF Recipients_Wild ORIG was authorized and RCPT was accepted as per recipients/wildlisting. Accept SPF Rcpthosts_Rcptto ORIG was authorized and RCPT was accepted as per rcpthosts/morercpthosts Reject SPF Fail ORIG authorization failed per SPF Deferred GREY Grey_Listed SNDR was temporarily greylisted Reject DKIM Signature DATA failed DKIM verification SNDR (S) corresponds to the sending MTA. ORIG (F) is the "MAIL From: ". RCPT (T) is the "RCPT To: ". DATA is the Message. GREY is triple of envelope data: SNDR+ORIG+RCPT. Protocol -------- SMTP plain SMTP ESMTP 'enhanced' SMTP ESMTPA ESMTP + authentication ESMPTS TLS secured EMSTP ESMTPSA TLS secured ESMTP + auth ESMTP[SA]UTF8 ESMTP[SA] with UTF-8 The Information is typically constructed from the SMTP envelope like: S:IP:FQDN P:Protocol H:Helo F:Mailfrom T:Rcptto This scheme is easy extendable to other successful/deferred SMTP sessions. In addition for POP3 services this scheme is used; but now logging takes place on FD 5.