On Wed, 2022-07-06 at 08:39 +0200, Harald Dunkel wrote:
> Hi folks
>
> I see quite a number of EMails mentioned in /var/log/maillog with a
> string "from=<>", e.g.
>
> Jul 6 08:08:24 mailgate smtpd[84448]: 90d0e01d76abce9c mta delivery
> evpid=e62074ed220d58f9 from=<> to= rcpt=<->
> source="10.0.96.7" relay="10.0.96.11 (mailhost.mydomain.com)" delay=0s
> result="Ok" stat="250 2.0.0 26668Kn61587355 Message accepted for delivery"
>
> Its pretty unlikely that an EMail pop ups from nowhere, so what does
> this "from=<>" actually mean?
>From RFC5321 section 4.5.5:
There are several types of notification messages that are required by
existing and proposed Standards to be sent with a null reverse-path,
namely non-delivery notifications as discussed in Section 3.7, other
kinds of Delivery Status Notifications (DSNs, RFC 3461 [32]), and
Message Disposition Notifications (MDNs, RFC 3798 [37]). All of
these kinds of messages are notifications about a previous message,
and they are sent to the reverse-path of the previous mail message.
(If the delivery of such a notification message fails, that usually
indicates a problem with the mail system of the host to which the
notification message is addressed. For this reason, at some hosts
the MTA is set up to forward such failed notification messages to
someone who is able to fix problems with the mail system, e.g., via
the postmaster alias.)
So most likely something like a delivery failure message, assuming
valid messages.
>
> Would it be possible to add some more useful information to this line?
Without parsing the actual message (at this point I wouldn't even know
what to look for exactly) I don't see what what additional information
can be placed there.
>
>
> Regards
>
> Harri
>
