search

drlight17 / mta-log-parser

A fast Python log parser for the most popular mail transfer agent's log files, with a simple WebUI for analyzing the logs
Other
20 stars 3 forks source link

Rejected mails are not shown #13

Closed chronic414z closed 6 months ago

chronic414z commented 6 months ago

We have a pre-queue-filter which rejects mails before they go to the queue and therefore the mails don't have a queue id. Is there a way to show these entries in mlp? The log lines are something like this:

postfix/smtpd[18433]: NOQUEUE: reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=sender@external.com to=recipient@internal.com proto=ESMTP helo=

drlight17 commented 6 months ago

We have a pre-queue-filter which rejects mails before they go to the queue and therefore the mails don't have a queue id. Is there a way to show these entries in mlp? The log lines are something like this:

postfix/smtpd[18433]: NOQUEUE: reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=sender@external.com to=recipient@internal.com proto=ESMTP helo=

Hi. Interesting. You have no parsed messages with 'NOQUEUE' queue id? Also, your 'from' and 'to' values contains no '<>'. Why? MLP relies on the regexp containing '<>', like for the 'from': .*from=<([a-zA-Z0-9-+_.=]+@[a-zA-Z0-9-+_.]+)>

chronic414z commented 6 months ago

Hi, sorry that was my fault while replacing the data. There are '<>' at the from and to values. Here is the corrected log line.

postfix/smtpd[18433]: NOQUEUE: reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.example.com>

I'm using Debian 12 with docker.io 20.10.24 and docker-compose 1.29.2 from the Debian Repo and MLP 1.7.1

I did some further testing and found the rejected mails in MLP. But they are all summarized in one entry which has the status "Multiple". All NOQUEUE mails are in this entry, even when I sent mails from another sender address or domain or to another recipient. Here is the MLP entry.

Timestamp   16:35:35, 14.05.2024
Queue ID    NOQUEUE
Message ID  
Connection status   non-secure connection
Sender  sender@external.com
Recipient(s)    
1. recipient@internal.com
2. test@internal.com
Subject 
Size(Kb)    0
Full status Status: Multiple
Message:
multiple, see log lines below
Client  Host:
IP:
Relay (Dest. SMTP server)   Host:
IP: (port )
Related Log Lines

    Tue, 14 May 2024 16:35:35 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Tue, 14 May 2024 16:36:48 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Wed, 15 May 2024 16:44:10 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Wed, 15 May 2024 16:47:16 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Fri, 17 May 2024 09:57:25 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Fri, 17 May 2024 10:04:43 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Fri, 17 May 2024 10:05:13 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@other.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Fri, 17 May 2024 10:09:10 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@test.external.com> to=<recipient@internal.com> proto=ESMTP helo=<mail.external.com>
    Fri, 17 May 2024 10:11:32 GMT NOQUEUE reject: RCPT from unknown[1.2.3.4]: 450 4.7.25 Client host rejected: cannot find your hostname, [1.2.3.4]; from=<sender@external.com> to=<test@internal.com> proto=ESMTP helo=<mail.external.com>
drlight17 commented 6 months ago

Ok, I'll try to fix this in newer version. Thanks for testing!

drlight17 commented 6 months ago

I believe this issue is fixed by 1.8. New parsed logs will have generated unique queue id instead of NOQUEUE. Old data remains the same however and it cannot be fixed.