blob: 6f07dc5801c7ea9b473a1e44185e151fe946ee91 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
Logging of SMTP Sessions
========================
Normally, qmail-smtpd doesn't log anything.
Within s/qmail, qmail-smtpd logs some accepted and some (important) rejected SMTP session attempts.
Format: "qmail-smtpd: pid PID Action::Type::Condition: Information"
In order to track a complete SMTP transaction (including tcpserver/sslserver + rblsmtpd)
the log line includes now the PID.
Here's the glue:
Action Type Condition Explanation
-----------------------------------------
Reject AUTH missing AUTHentication missing
Reject AUTH setup AUTHentication impossible due to missing PAM
Reject AUTH type AUTHentication of 'type' rejected
Reject Auth Method AUTHentication Method rejected
Accept AUTH type AUTHentication of 'type' accepted
Reject DATA Invalid_Size DATA exceeds sizelimit
Reject DATA Bad_MIME DATA includes BASE 64 MIME type listed in badmimetypes
Reject DATA Bad_Loader DATA includes BASE64 loader type listed in badmimetypes
Reject DATA Virus_Infected DATA includes virus infected message (<scanner> | 'AV scanner')
Reject DATA Spam_Message DATA includes an identified Spam message.
Reject ORIG Bad_Mailfrom ORIG is in badmailfrom
Reject ORIG DNS_MF Domain part of ORIG has no DNS MX RR
Reject ORIG Failed_Auth ORIG tried SMTP Authentication; but failed
Reject ORIG Require_Auth SMTP Authentication required; but not granted
Reject ORIG Invalid_Sender ORIG not allowed to send
Reject ORIG Missing_Auth SMTP Authentication required, but not granted
Reject ORIG SPF ORIG was rejected due to failed SPF permissions
Accept ORIG Local_Sender ORIG was identified as local sender address
Accept ORIG Relay_Mailfrom ORIG was accepted als Relaymailfrom
Reject RCPT Bad_Rcptto RCPT is in badrcptto
Reject RCPT Toomany_Rcptto Too many RCPTs
Reject RCPT Failed_Rcptto RCPT could not acceptd as per recipients/cdb.
Accept RCPT Recipients_Cdb RCPT was accepted as per recipients/cdb.
Accept RCPT Recipients_Pam RCPT was accepted as per recipients/pam plug-in.
Accept RCPT Recipients_Wild RCPT was accepted as per recipients/wildlisting.
Accept RCPT Rcpthosts_Rcptto RCPT was accepted as per rcpthosts/morercpthosts
Reject SNDR Bad_Helo SNDR's HELO is in the badhelo
Reject SNDR DNS_HELO SNDR's HELO has no DNS A RR
Reject SNDR Invalid_Relay SNDR's tries relaying; but not allowd
Accept SNDR Relay_Client SNDR was identified as relay client
Reject TLS missing TLS connection could not be established
Reject TLS required TLS connection could not be established
Accept SPF Recipients_Cdb ORIG was authorized and RCPT accepted as per recipients/cdb.
Accept SPF Recipients_Pam ORIG was authorized and RCPT accepted as per recipients/pam plug-in.
Accept SPF Recipients_Wild ORIG was authorized and RCPT was accepted as per recipients/wildlisting.
Accept SPF Rcpthosts_Rcptto ORIG was authorized and RCPT was accepted as per rcpthosts/morercpthosts
Reject SPF Fail ORIG authorization failed per SPF
Deferred GREY Grey_Listed SNDR was temporarily greylisted
Reject DKIM Signature DATA failed DKIM verification
SNDR (S) corresponds to the sending MTA.
ORIG (F) is the "MAIL From: <Return-Path>".
RCPT (T) is the "RCPT To: <Forwarding-Path>".
DATA is the Message.
GREY is triple of envelope data: SNDR+ORIG+RCPT.
Protocol
--------
SMTP plain SMTP
ESMTP 'enhanced' SMTP
ESMTPA ESMTP + authentication
ESMPTS TLS secured EMSTP
ESMTPSA TLS secured ESMTP + auth
ESMTP[SA]UTF8 ESMTP[SA] with UTF-8
The Information is typically constructed from the SMTP envelope like:
S:IP:FQDN P:Protocol H:Helo F:Mailfrom T:Rcptto
This scheme is easy extendable to other successful/deferred SMTP sessions.
In addition for POP3 services this scheme is used; but now logging takes place on FD 5.
|
