Re: identifying _which_ milter rejects in private logs?

Thu, 11 Jun 2020 11:40:27 -0700 

On 6/11/20 11:24 AM, Wietse Venema wrote:
> PGNet Dev:
>> my postfix instance config currently includes my list of milters
>>
>>      -o 
>> smtpd_milters=unix:/run/opendkim/opendkim.sock,unix:/run/opendmarc/opendmarc.sock,unix:/run/milter-regex/milter-regex.sock,unix:/run/clamav/clamav-milter.sock,unix:/run/spamass-milter/spamass-milter.sock
>>
>> for a rejection by any given milter, i see in cleanup log
>>
>>      Jun 11 04:33:18 mx postfix/cleanup[18542]: 49jV46213qzy59: 
>> milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.1 Service 
>> unavailable; from=<[email protected]> to=<[email protected]> proto=ESMTP 
>> helo=<cloud3.deltareclame.nl>
>>
>> can postfix logging itself identify the specific milter that fails/rejects?
> 
> To find out WHY mail was rejected, the Milter needs to log what it
> is doing, or say something other than "Service unavailable". The
> IP address and port are poor substitutes for that.
> 
>> e.g., in this^ case, it's
>>
>>      unix:/run/spamass-milter/spamass-milter.sock
>>
>> i can configure reject messages in (some) milters to provide identifying 
>> detail, but that reply gets passed on to external connection.
>>
>> any way to log that detail only _privately_?
> 
> Postfix logs are private. They should be read by authorized personnel
> only.

if I add more detail to a milter's reject message,

a trigger spam sent to postfix triggers the spamass-milter

        Jun 11 11:27:58 mx postfix/cleanup[6865]: 49jXR23vMMzy68: 
milter-reject: END-OF-MESSAGE from localhost[127.0.0.1]: 5.7.1 Service 
unavailable; Message Content blocked using SA-Milter; from=<[email protected]> 
to=<[email protected]> proto=ESMTP helo=<mail-pg1-f196.google.com>

now 'identifying' the specific milter, 'privately', in logs

that's what I _do_ want

which passes the message to postscreen-internal

        Jun 11 11:27:58 mx postfix/postscreen-internal/smtpd[6858]: 
proxy-reject: END-OF-MESSAGE: 550 5.7.1 Service unavailable; Message Content 
blocked using SA-Milter; from=<[email protected]> to=<[email protected]> 
proto=ESMTP helo=<mail-pg1-f196.google.com>

and 'out', back to the sender; as received

        The response from the remote server was:
        550 5.7.1 Service unavailable; Message Content blocked using SA-Milter

that's what I do _not_ want; i.e., no milter-identifying message/data returned 
to the sender.

rather, JUST the reject

Reply via email to