Scalix smtpd logging

joaster · Postby **joaster** » Mon Mar 03, 2008 4:17 pm

Hi there,

I'm tring to get a feel of what my Scalix smtpd server is receiving and sending. To do so I figured that i have to services to watch: sendmail (localhost) and smtpd (NIC).

For sendmail I setup awstats, which shows me the messages sender and receiver addresses. Next to that I gives me information about how many emails are accepted and how many are not.

But for smtpd I have no idea. Can somebody tell me how to get the same information as I did from sendmail?

Regards,
Joost.

Valerion · Postby **Valerion** » Tue Mar 04, 2008 3:57 am

The SMTP relay sends nothing, it only receives. Outgoing email needs to be checked in sendmail.

As for incoming, the best place is the audit log. Look at the man pages for omshowaud and omconfaud, that should give you the information you want regarding received emails, it gives for each message a sender, recipients and a subject and size. Rejected messages are not counted, however.

If you follow the Spamassassin-integration notes, all incoming emails will pass through sendmail after being handled by the SMTP relay.

joaster · Postby **joaster** » Tue Mar 04, 2008 6:34 pm

Thanks Valerion,

With the command "grep -e time -e originator -e subject -e recipient /var/opt/scalix/s1/s/logs/audit" I get all the information I need.

So if I understand correctly, all the addresses I find in the SMTP relay and sendmail log are processed by the mailserver. The rest is bounched.

Regards,
Joost.

Valerion · Postby **Valerion** » Wed Mar 05, 2008 3:30 am

The Scalix SMTP Relay will accept all emails for the domain(s). Any undeliverable mail should be passed to sendmail and rejected there.

But in short, you are correct, yes.

joaster · Postby **joaster** » Wed Mar 05, 2008 5:44 pm

Does the SMTP relay reject all other (not for local domains) with the following standard smtpd.cfg file? And where are the log files for the "Log_Reject" lines, from there I should get information about bounced emails (in addition to the accepted email in the audit file).

RELAY accept 127.0.0.1
RELAY accept .mydomain1.com
RELAY accept .mydomain2.com
RELAY Log_Reject ALL
# extra rules added to prevent open relay usage
RECIPIENT Log_Reject *@*@*
RECIPIENT Log_Reject *%*
RECIPIENT Log_Reject *!*
RECIPIENT Log_Reject *#*@*

Do I have to tighten sendmail, to prevent beining an open relay (and how). It is only listening on 127.0.0.1, so in my opinion I only have to make sure the SMTP relay is setup correctly.

If I get the whole picture about which files on the system make sure the Scalix server does not become an open relay, I might add a new section to the security howto I once started.

Regards,
Joost.

Valerion · Postby **Valerion** » Thu Mar 06, 2008 4:11 am

The default configuration is not a open relay, usually. Since sendmail only listens on 127.0.0.1 there's no need to tighten it any further, as only the local machine can talk to it.

I would remove the

RELAY accept domain.com

and replace it with

RECIPIENT accept domain.com

But otherwise you should have an open relay.

joaster · Postby **joaster** » Thu Mar 06, 2008 7:14 pm

Indeed, after reading the comments in smtpd.cfg RECIPIENT seems to be the better choise. Weird thought that the default is RELAY, since I started out with Scalix 10 I did nog change this file by hand.

Thanks for the tips.

Scalix Forums

Scalix smtpd logging

Scalix smtpd logging

Who is online