search

KumoCorp / kumomta

The first Open-Source high-performance MTA developed from the ground-up for high-volume email sending environments.
https://kumomta.com
Apache License 2.0
231 stars 33 forks source link

Add logging for Source IP #40

Closed tommairs closed 2 months ago

tommairs commented 1 year ago

We should report on the IP address of the egress source. Currently can report on the name only.

Logging currently includes egress_source. We should be able to report egress_source.name and egress_source.ip

wez commented 1 year ago

The source address is an optional parameter, and when we add HAProxy support the actual address is controlled by the external proxy and may even map to several addresses.

Does it make sense to log something that may not be there?

MHillyer commented 1 year ago

Even when the source address is optional, an address will still be used. And can our HAProxy support theoretically query the proxy to find out what IP was used?

This is also potentially something we can look at again when we have external IP detection support. Reporting the actual external IP used.

wez commented 1 year ago

We know which IP we want to connect to; that is already logged as the peer_address. For the source address: that information is optional and may not be knowable. I'm not sure if HAProxy returns the source address; the protocol looked a bit like SOCKS5 and I don't recall that being able to return configuration information from the proxy to the client.

wez commented 1 year ago

My opinion on this is: the operator should name the source something meaningful to the log processing pipeline. The name could include the IP address if desired.

MHillyer commented 1 year ago

So in commercial MTAs that can be an issue because of the challenge in semantic naming, since many admins named their binding/vmta after a client and then had no idea which actual IP address was the problem when viewing logs.

Given that we can assign tenants separate from egress sources it may be fine. I say let's wait to see if there's user-side demand for this instead of anticipating the request.

edgarsendernet commented 3 months ago

We know which IP we want to connect to; that is already logged as the peer_address. For the source address: that information is optional and may not be knowable. I'm not sure if HAProxy returns the source address; the protocol looked a bit like SOCKS5 and I don't recall that being able to return configuration information from the proxy to the client.

If HAProxy is being used, we can assume that ha_proxy_source_address is the egress IP. HAProxy will return an error if you try to use an egress IP it can't bind to.

edgarsendernet commented 3 months ago

The source address is an optional parameter, and when we add HAProxy support the actual address is controlled by the external proxy and may even map to several addresses.

Does it make sense to log something that may not be there?

The system already logs stuff that's not there, for example bounce_classification fields in Delivery records :)