Finding reason for smtpd rejections

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Finding reason for smtpd rejections

Rich Shepard
Today's pflogsumm report includes this rejection:

     Recipient address rejected: Please see http (total: 2)
            2   [hidden email]

Since this is my address I'm curious why two incoming messages were rejected
when many more were passed. I'd appreciate advice on how I can identify
these two messages in /var/log/maillog.1 among all the logged incoming
messages to this address.

TIA,

Rich

Reply | Threaded
Open this post in threaded view
|

Re: Finding reason for smtpd rejections

Noel Jones-2
On 12/6/2018 9:59 AM, Rich Shepard wrote:

> Today's pflogsumm report includes this rejection:
>
>     Recipient address rejected: Please see http (total: 2)
>            2   [hidden email]
>
> Since this is my address I'm curious why two incoming messages were
> rejected
> when many more were passed. I'd appreciate advice on how I can identify
> these two messages in /var/log/maillog.1 among all the logged incoming
> messages to this address.
>
> TIA,
>
> Rich
>


To see just the logged rejection (which is often enough):

grep reject: /var/log/maillog.1 | grep [hidden email]



To see more context of the connection that was rejected, open the
file with your favorite text editor and search for
   /reject: .*rshepard@appl-ecosys


Wild guess:  some spammer used your own address as sender, and the
connection was rejected by some of your spam controls, probably an rbl.




  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Finding reason for smtpd rejections

Wietse Venema
In reply to this post by Rich Shepard
Rich Shepard:
> Today's pflogsumm report includes this rejection:
>
>      Recipient address rejected: Please see http (total: 2)
>             2   [hidden email]
>
> Since this is my address I'm curious why two incoming messages were rejected
> when many more were passed. I'd appreciate advice on how I can identify
> these two messages in /var/log/maillog.1 among all the logged incoming
> messages to this address.

pflogsumm *summarizes* a detailed logfile.

You look at the *detailed* log messages that produced the above result.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Finding reason for smtpd rejections

Rich Shepard
In reply to this post by Noel Jones-2
On Thu, 6 Dec 2018, Noel Jones wrote:

> Wild guess:  some spammer used your own address as sender, and the
> connection was rejected by some of your spam controls, probably an rbl.

Noel,

   There are certainly many rejected by a couple of rbls as well as by other
postfix UCE checks. Why these two were listed separately by pflogsumm is not
obvious when I look at the list grep returned.

Thanks,

Rich
Reply | Threaded
Open this post in threaded view
|

Re: Finding reason for smtpd rejections

Noel Jones-2
On 12/6/2018 10:46 AM, Rich Shepard wrote:

> On Thu, 6 Dec 2018, Noel Jones wrote:
>
>> Wild guess:  some spammer used your own address as sender, and the
>> connection was rejected by some of your spam controls, probably an
>> rbl.
>
> Noel,
>
>   There are certainly many rejected by a couple of rbls as well as
> by other
> postfix UCE checks. Why these two were listed separately by
> pflogsumm is not
> obvious when I look at the list grep returned.
>
> Thanks,
>
> Rich


Possibly there are more clues in pflogsumm's output, such as the
heading or something else.  Depending on how compact you've set the
output, it might be hard to identify with the existing information.
 The heading may give the clue about which rule or control rejected
these.

Maybe re-running pflogsumm with increasing detail will give hints
about which two rejections it's referring to.



  -- Noel Jones