$ zmcontrol -v
Release 8.0.6_GA_5922.RHEL6_64_20131203103705 RHEL6_64 FOSS edition.
Recently I upgraded from 8.0.0 to 8.0.6 and it was unremarkable, which is good. I notice a huge difference in my daily mail report titled "Daily mail report for <date>", which leads me to the realization that I don't really know what this report is telling me, or I'd have suspected a problem and upgraded long ago. Where can I find the key to this report? It is not self-explanatory, or at least I don't completely understand it. As a consequence, I'm not entirely sure I know what this machine is doing. It appears to be doing what I want it to do, but it looks like it might be free-lancing as well, and I need to know how to discover this and stop it.
I could also benefit from a description of how to interpret the log entries. I picked one message, that appears in a few places on the report and I followed it through the log. There appear to be three separate processing cycles involved. 1) The external system contacts me, authenticates or not and gives me a message for delivery. 2) I look at the message and decide what to do with it. 3) deliver it to a local user, relay it where applicable, and bounce it where not. So, I have the log entries:
I have some questions:
- Mar 3 03:15:46 cahoots postfix/smtpd: warning: hostname 184.108.40.206.megaline.telecom.kz does not resolve to address 220.127.116.11: Name or service not known
- Mar 3 03:15:46 cahoots postfix/smtpd: connect from unknown[18.104.22.168]
- Mar 3 03:15:47 cahoots postfix/smtpd: NOQUEUE: filter: RCPT from unknown[22.214.171.124]: <firstname.lastname@example.org>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<126.96.36.199.megaline.telecom.kz>
- Mar 3 03:15:47 cahoots postfix/smtpd: NOQUEUE: filter: RCPT from unknown[188.8.131.52]: <email@example.com>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=<firstname.lastname@example.org> to=<email@example.com> proto=ESMTP helo=<184.108.40.206.megaline.telecom.kz>
- Mar 3 03:15:48 cahoots postfix/smtpd: 4E4AD120C37: client=unknown[220.127.116.11]
- Mar 3 03:15:49 cahoots postfix/cleanup: 4E4AD120C37: message-id=<9072976932.P70VB72P076864@whdwpfteulkpls.xaxrrohyrxjn.va>
- Mar 3 03:15:49 cahoots postfix/qmgr: 4E4AD120C37: from=<firstname.lastname@example.org>, size=14812, nrcpt=1 (queue active)
- Mar 3 03:15:49 cahoots postfix/smtpd: disconnect from unknown[18.104.22.168]
- Mar 3 03:15:50 cahoots postfix/smtp: 4E4AD120C37: to=<email@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.9, delays=2.1/0.02 /0.01/0.82, dsn=2.5.0, status=sent (250 2.5.0 Ok, id=21723-02, BOUNCE)
- Mar 3 03:15:50 cahoots postfix/qmgr: 4E4AD120C37: removed
- Mar 3 03:15:52 cahoots postfix/smtp: 30C61120CA1: to=<firstname.lastname@example.org>, relay=mail.crbb.ru[22.214.171.124]:25, delay=2.8, delays=0.08/0.01/1.8/0.92, dsn=2.0.0, status=sent (250 OK id=1WKQqd-0006cn-TU)
- I would like to reject this message based on line 1, DNS does not map back. How do I configure for this rejection?
- Is line 2 simply a restatement of line 1 or does it tell me something else?
- Why are lines 3 and 4 duplicate? What does "NOQUEUE" in these lines mean?
- I think line 5 is assigning an internal message ID. Am I right? How would I find this message, based on this ID?
- Line 6 records this: "... message-id=<907...>" What is this message-id? How is it used?
- Line 10 records the decision to bounce this message. How was this decision made?
- Line 13 looks like a message was sent. Is this the original message, meaning it was successfully relayed through my server (bad news) or is this the bounce notification backscatter?
How do I suppress all backscatter?
That's a lot of discussion but I'm beginning to realize that a mail server is like a teenager -- it's going to do what it wants.
Thanks for the help,