search

glenpp / cacti-uloganalyser

Cacti Templates, data collection with Universal Loganalyser and plugins via SNMP
GNU General Public License v2.0
5 stars 4 forks source link

Unrecognized postfix log entires #1

Closed EmTeedee closed 7 years ago

EmTeedee commented 8 years ago

No idea what is happening here: /etc/snmp/uloganalyser-plugin/postfix.pm 20160718:237 /var/log/mail.log:9412 unknown: Aug 17 15:17:45 mailhost postfix/smtpd[4935]: NOQUEUE: client=domain.example[123.123.123.123]

Message passed through local proxy (smtpd): /etc/snmp/uloganalyser-plugin/postfix.pm 20160718:298 /var/log/mail.log:9419 unknown: Aug 17 15:17:46 mailhost postfix/smtpd[4935]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as C13124A33421; from=user@example.com to=user@mailhost.net proto=ESMTP helo=

Message to local mailman: /etc/snmp/uloganalyser-plugin/postfix.pm 20160718:598 /var/log/mail.log:8991 unknown: Aug 17 14:21:09 mailhost postfix/pipe[18901]: CEA503A4170A: to=list@mailhost.net, relay=mailman, delay=0.16, delays=0.08/0/0/0.08, dsn=2.0.0, status=sent (delivered via mailman service)

TLS connection that is verified with local tls_policy: /etc/snmp/uloganalyser-plugin/postfix.pm 20160718:567 /var/log/mail.log:7635 unknown: Aug 17 13:00:09 mailhost postfix/smtp[25627]: Verified TLS connection established to sever.net[123.123.123.123]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

glenpp commented 8 years ago

Thanks for the info.

1 - appears to be a message being rejected, but no reason given, so we can't classify it

2 - this is a config I'm unfamiliar with. Can you clarify how this fits into the mail delivery chain and how it would be best represented in the graphs. Currently logs matching "postfix/smtpd[pid]: XXXXXXX: client=...." are considered smtpd accepts/Queued. How does this line relate to those?

3 & 4 - I've updated my development version so these should be handled in the next push. They require updating templates which is a bit messy with Cacti.

EmTeedee commented 8 years ago

1 - don't know how it would fit either, but I get warnings about it not matching anything, so it would be nice if it was just ignored.

2 - we use a SpamPD instance to filter incoming messages with the "smtpd_proxy_filter" option. As far as I can tell this is the message that smtpd emits if the proxy hands the message through. So it fits in the accepts/queued category.

jonathan00 commented 7 years ago

to 2: a log locks like

May 10 22:55:45 mailhost postfix/smtpd[10095]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 Ok: queued as 8E4601200BB; from=user@example.com to=user@mailhost.net proto=ESMTP helo= May 10 22:55:45 mailhost dovecot: lmtp(10101): Connect from local May 10 22:55:45 mailhost postfix/smtpd[10095]: disconnect from mail.host.com[5.xxx.xxx.4] May 10 22:55:45 mailhost dovecot: lmtp(10101, user@mailhost.net): ttThKFF+xxxx1JwAAuw31PQ: sieve: msgid=xxx@example.com>: stored mail into mailbox 'INBOX' May 10 22:55:45 mailhost postfix/lmtp[10100]: 8E4601200BB: to=user@mailhost.net, relay=mail.mailhost.de[private/dovecot-lmtp], delay=4.2, delays=4.1/0/0/0.09, dsn=2.0.0, status=sent (250 2.0.0 user@mailhost.net ttThKFF+xxxx1JwAAuw31PQ Saved) May 10 22:55:45 mailhost dovecot: lmtp(10101): Disconnect from local: Successful quit May 10 22:55:45 mailhost postfix/qmgr[22791]: 8E4601200BB: removed

so i added to line 122: if ( $line =~ /^proxy-(accept|reject)\s*/ ) { return; } to ignore these lines