what does these log lines mean?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

what does these log lines mean?

Poliman - Serwis

I have in mail.log file lines like below:
Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from dedicated-aip61.rev.nazwa.pl[77.55.223.61]: <[hidden email]>: Sender address triggers FILTER amavis:[127.0.0.1]:10024; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<dedicated-aip61.rev.nazwa.pl>
Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: reject: RCPT from dedicated-aip61.rev.nazwa.pl[77.55.223.61]: 454 4.7.1 <[hidden email]>: Relay access denied; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<dedicated-aip61.rev.nazwa.pl> Nov 5 10:14:31 s1 postfix/smtpd[27320]: disconnect from dedicated-aip61.rev.nazwa.pl[77.55.223.61] ehlo=2 starttls=1 mail=4 rcpt=0/4 rset=3 quit=1 commands=11/15
Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from dedicated-aip61.rev.nazwa.pl[77.55.223.61]: <[hidden email]>: Sender address triggers FILTER amavis:[127.0.0.1]:10026; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<dedicated-aip61.rev.nazwa.pl>

What do they mean?


--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: what does these log lines mean?

Noel Jones-2
On 11/5/2018 3:18 AM, Poliman - Serwis wrote:
>
> I have in mail.log file lines like below:

(the http markup you posted screws up the log lines. plain text only
next time please.)

>
> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61]:
> <[hidden email]>: Sender address triggers FILTER
> amavis:[127.0.0.1]:10024; from=<[hidden email]>
> to=<[hidden email] <mailto:[hidden email]>> proto=ESMTP
> helo=<dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>>

There's a check_sender_access map that results in a FILTER
statement.  After the mail is accepted, it will be filtered through
amavisd.

> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: reject: RCPT from
> dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61]: 454 4.7.1
> <[hidden email] <mailto:[hidden email]>>: Relay access
> denied; from=<[hidden email]> to=<[hidden email]
> <mailto:[hidden email]>> proto=ESMTP
> helo=<dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>>

Message is rejected with "Relay access denied".  This means your
postfix is not configured to accept mail for skpkrakow.pl and the
client is not authenticated/authorized to relay.

The 454 reject code indicates this is a temporary reject and the
sender is free to retry.

This could be due to default settings in smtpd_relay_restrictions
that you haven't set up yet.

> Nov 5 10:14:31 s1
> postfix/smtpd[27320]: disconnect from dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61] ehlo=2
> starttls=1 mail=4 rcpt=0/4 rset=3 quit=1 commands=11/15

The client disconnected after sending the number of commands listed.
 The rcpt=0/4 indicates the client sent 4 RCPT commands, 0 were
accepted.  The commands=11/15 indicates the client sent 15 total
commands, 11 were accepted.


> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61]:
> <[hidden email]>: Sender address triggers FILTER
> amavis:[127.0.0.1]:10026; from=<[hidden email]>
> to=<[hidden email] <mailto:[hidden email]>> proto=ESMTP
> helo=<dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>>

Another check_sender_access table with a FILTER result.


If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail



>
> What do they mean?
>
>
>
> --
> /Pozdrawiam / Best Regards
> /
> /Piotr Bracha/




   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: what does these log lines mean?

Poliman - Serwis


2018-11-05 17:07 GMT+01:00 Noel Jones <[hidden email]>:
On 11/5/2018 3:18 AM, Poliman - Serwis wrote:
>
> I have in mail.log file lines like below:

(the http markup you posted screws up the log lines. plain text only
next time please.)

>
> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61]:
> <[hidden email]>: Sender address triggers FILTER
> amavis:[127.0.0.1]:10024; from=<[hidden email]>
> to=<[hidden email] <mailto:[hidden email]>> proto=ESMTP
> helo=<dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>>

There's a check_sender_access map that results in a FILTER
statement.  After the mail is accepted, it will be filtered through
amavisd.

> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: reject: RCPT from
> dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61]: 454 4.7.1
> <[hidden email] <mailto:[hidden email]>>: Relay access
> denied; from=<[hidden email]> to=<[hidden email]
> <mailto:[hidden email]>> proto=ESMTP
> helo=<dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>>

Message is rejected with "Relay access denied".  This means your
postfix is not configured to accept mail for skpkrakow.pl and the
client is not authenticated/authorized to relay.

The 454 reject code indicates this is a temporary reject and the
sender is free to retry.

This could be due to default settings in smtpd_relay_restrictions
that you haven't set up yet.

> Nov 5 10:14:31 s1
> postfix/smtpd[27320]: disconnect from dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61] ehlo=2
> starttls=1 mail=4 rcpt=0/4 rset=3 quit=1 commands=11/15

The client disconnected after sending the number of commands listed.
 The rcpt=0/4 indicates the client sent 4 RCPT commands, 0 were
accepted.  The commands=11/15 indicates the client sent 15 total
commands, 11 were accepted.


> Nov 5 10:14:31 s1 postfix/smtpd[27320]: NOQUEUE: filter: RCPT from
> dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>[77.55.223.61]:
> <[hidden email]>: Sender address triggers FILTER
> amavis:[127.0.0.1]:10026; from=<[hidden email]>
> to=<[hidden email] <mailto:[hidden email]>> proto=ESMTP
> helo=<dedicated-aip61.rev.nazwa.pl
> <http://dedicated-aip61.rev.nazwa.pl>>

Another check_sender_access table with a FILTER result.


If you need more help, please see
http://www.postfix.org/DEBUG_README.html#mail



>
> What do they mean?
>
>
>
> --
> /Pozdrawiam / Best Regards
> /
> /Piotr Bracha/




   -- Noel Jones

Sorry for http markup, I got knowledge for the future. Thank you for brief answer. Does each email is filtered by amavisd or only some kind of suspicious?

--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: what does these log lines mean?

B. Reino
On Tue, 6 Nov 2018, Poliman - Serwis wrote:

> Sorry for http markup, I got knowledge for the future. Thank you for brief
> answer. Does each email is filtered by amavisd or only some kind of
> suspicious?

You're the only one who can answer that question. Did you configure such
filtering?

You could post your $(postconf -n)

Cheers.

Reply | Threaded
Open this post in threaded view
|

Re: what does these log lines mean?

Poliman - Serwis
Thank you for answer. I attach .txt file with output of postconf -n.

2018-11-06 8:05 GMT+01:00 B. Reino <[hidden email]>:
On Tue, 6 Nov 2018, Poliman - Serwis wrote:

Sorry for http markup, I got knowledge for the future. Thank you for brief
answer. Does each email is filtered by amavisd or only some kind of
suspicious?

You're the only one who can answer that question. Did you configure such filtering?

You could post your $(postconf -n)

Cheers.




--
Pozdrawiam / Best Regards
Piotr Bracha

postconf -n.txt (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: what does these log lines mean?

B. Reino
On Tue, 6 Nov 2018, Poliman - Serwis wrote:

> Thank you for answer. I attach .txt file with output of postconf -n.

Your original message showed amavis filtering on ports 10024 and 10026.
Your postfix configuration shows only amavis on port 10024.

I think your logs don't come from the postfix with the configuration you
posted.

In any case, what do you need to know?
Have YOU configured the postfix server, or are you trying to understand
why something happens (your log lines) on a server which you DO NOT
administer?

I don't think anybody here has time for puzzles.

Reply | Threaded
Open this post in threaded view
|

Re: what does these log lines mean?

Poliman - Serwis
Both are from one server. I am not cheating. Now I am confused, it's really strange that these logs are diff. Your earlier message was enough for me.

2018-11-06 12:48 GMT+01:00 B. Reino <[hidden email]>:
On Tue, 6 Nov 2018, Poliman - Serwis wrote:

Thank you for answer. I attach .txt file with output of postconf -n.

Your original message showed amavis filtering on ports 10024 and 10026.
Your postfix configuration shows only amavis on port 10024.

I think your logs don't come from the postfix with the configuration you
posted.

In any case, what do you need to know?
Have YOU configured the postfix server, or are you trying to understand why something happens (your log lines) on a server which you DO NOT administer?

I don't think anybody here has time for puzzles.




--
Pozdrawiam / Best Regards
Piotr Bracha