Mail logs

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

jedwards

Mail logs

Postby jedwards » Tue Feb 27, 2007 7:39 pm

Is Scalix 11 it's own smtp daemon? If so, we don't need sendmail any longer, correct? The maillog that sendmail used to use has Scalix entries that show mail coming from localhost. Here's an example which I formatted to be easier viewed:

Message : l1QDZrwA003883
1.81 scalix date Feb 26 08:35:58
1.81 scalix from <jobifieds.com@hondamini.com>
1.81 scalix relay localhost.localdomain [127.0.0.1]
1.82 scalix date Feb 26 08:35:59
1.82 scalix to <34687@networkdesigning.com>
1.82 scalix relay networkdesigning.com. [xxx.xxx.xxx.xxx]
1.82 scalix stat User unknown
1.83 scalix date Feb 26 08:36:02
1.83 scalix notes l1QDa2wA003889: DSN: User unknown

I don't really think localhost sent this message. I can't trace the sending IP like this.

Thank you.

kanderson

Postby kanderson » Wed Feb 28, 2007 11:37 am

Scalix has it's own smtp server to recieve inbound email. If you telnet to port 25 on your server (from a different machine) you will see Scalix answer.

For sending outbound email, Scalix passes the message to sendmail. You can see that if you telnet localhost 25 on the scalix server.

So the short answer is, yes, you need both Scalix smtp and Sendmail running.

The relay options I think you're looking for will be in /var/opt/scalix/??/s/sys/smtpd.cfg. It's well documented within the file.

Kev.

jedwards

Postby jedwards » Sun Mar 11, 2007 2:59 pm

Well, your answer was too simple. I've been to the smtpd.cfg before. I missed something.

It's plain that Scalix is now the listener for port 25 on the address bound to the interface.

It's also clear that Sendmail listens to 127.0.0.1.

The example log I posted shows that the sender was from another domain. The process which wrote the log entry is Scalix. The log claims it relayed from localhost, which isn't consistent with the hondamini.com claimed to be the sender.

The user the mail claims to be sent to does not exist. Perhaps Scalix received the mail, didn't find the user and relayed it back through Sendmail? If this were the case, shouldn't the address now be to the original sender?

Here's where my confusion comes in. If what I suggest is true, I'm lost as to why I cannot find the original entry in the maillog. Scalix is writing to the same log as Sendmail, no? If so, I should be able to find the log entry for the first time the mail from hondamini.com came in, should I not?

Sorry if I'm making this more complicated than it has to be.

kanderson

Postby kanderson » Mon Mar 12, 2007 2:32 pm

Hmmm, I don't think I exactly know what you're after, but I'll make an educated guess.

If you type "omconfaud unix 13 sr 13 ld 13" this will turn on auditing which will allow you to trace email as it goes through Scalix. Scalix does not log to the same location as Sendmail, this audit log will be created at /var/opt/scalix/??s/logs/audit.

Does that get you what you're after?

Kev.

jedwards

Postby jedwards » Thu Mar 22, 2007 4:45 pm

Sorry for the delay, I was away.

The /var/log/maillog which sendmail uses on RH systems stamps the owner of the process writing to it. Actually it's syslog stamping it. So syslog at least thinks scalix is writing to that log. That's why I showed it.

I should reverse the question and ask where does scalix write its maillogs to? And is it binary or text?

Again, I apologize, especially if I'm just being dumb here.

TRACKS
Posts: 106
Joined: Mon Feb 19, 2007 4:56 pm

Postby TRACKS » Fri Mar 23, 2007 10:42 am

I too have interest in seeing where Scalix logs inbound requests.
TRACKS
4000+ users

jedwards-locked-out

Postby jedwards-locked-out » Mon Mar 26, 2007 9:57 pm

And there it dies. They don't know where Scalix is writing logs. Look in the same place sendmail writes its logs. In Linux, it's /var/log/maillog

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Tue Mar 27, 2007 3:12 am

Tracks, I believe Kevin has tried to answer the question - by default there is no inbound logging but you can turn it on using the auditing feature.

The maillog entries that j is referring to are all outbound messages, handed over by a process running under user id scalix to sendmail.

The only situation in which inbound messages would make their way there is well is when you use the SMTPFILTER feature (used for SpamAssassin integration, described elsewhere) as in that case inbound messages are also routed through sendmail.

The audit records are generally useful for providing an auditable record of message transport into and inside the system are are also great debugging tools. As with all growing logfiles, disk space is a concern, so we leave it off by default, but the admin guide or instructions in this thread or this forum will certainly help to turn them on and configure them to your liking.

Hope this helps,
Florian.
Florian von Kurnatowski, Die Harder!

Clark

Can't read the audit log file

Postby Clark » Wed Apr 04, 2007 9:54 pm

Hi, I installed the Scalix Community Edition recently and have been trying to work out how to troubleshoot mail that is not reaching a particular addressee.

I have been reading through the forum, documentation and Knowledge base over the last few days and have managed to solve the first problem (550 Denied due to spam list).

The sendmail log is now telling me that the message was sent but the recipient is still not getting it, I'm not getting an NDR - I also didn't get one before I fixed the 550 problem by adding the server IP to the smtpd.cfg file.

I have checked the Sendmail log and also been trying to view the Saclix audit log file using standard text tools but the content does not display (appears like binary). Also the filename differs from the documentation. I have the following files in: var/opt/scalix/me/s/logs/

audit 0 bytes 24/3/2007 rw-rw----
log.0 232,235 bytes 5/4/2007 rw-rw---
log.1 0 bytes 24/3/2007 rw-rw----
log.2 0 bytes 24/3/2007 rw-rw----

The documentation and config file audit.cfg state that the logs are written to ~/logs/audit but as you can see from the above the file is 0 bytes and has not been modified since the installation date.

I have even tried changing this value for the Service Router settings to the full path /var/opt/scalix/me/s/logs/audit but it is still log.0 that is modified (and I can't read)

Is there something I am missing when trying to open the log file and why is it writing to log.0 instead of audit?

Thanks in advance
Clark.

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Thu Apr 05, 2007 1:52 am

The Admin guide should have a chapter on how to setup logging.

In general, there is error and event logging. This is controlled by the omconflvl command and the log records are written as binary records to the log.* files. They can be looked at using omshowlog.

The audit log is controlled by omconfaud. This also serves some diagnostic purposes, however, it's mostly useful for statistical and tracking.

Both types require the restart of the service that you are changing logging for. See omoff/omon for details.

Loglevel can also be controlled and services restarted from the Scalix Admin Console. Auditing can't at this point.

Having said all this, if an outbound message has left Scalix and is visible in sendmails log, there is nothing you can do inside the Scalix system to track it. This investigation will have to go on on the other side or intermediary gateways.

One possible cause is that the recipient mailserver cannot reverse-resolve the IP address of your scalix server (that's a DNS issue then) and treats the message as spam because of that.

Florian.
Florian von Kurnatowski, Die Harder!

Clark

Postby Clark » Thu Apr 05, 2007 5:33 am

HI Florian,

Thanks for the information and quick response.

I did try to read as much as possible and try and work things out myself, I read the section on audit logging but hadn't realized that error and event logging were separate.

I will look for the info on setting up logging. The audit.cfg file I think I understand but the fact that the resulting file is empty would suggest that audit logging is not on by default - is this correct? I will check the man pages for omconfaud.

I tried the omshowlog command without parameters and got a lot of warnings:

WARNING Administration(omcnvinst ) 24.03.07 01:31:08
[OM 15502]
Missing '~/nls/ENGLISH/diratt.loc' file: creating new version.
File Name: /var/opt/scalix/me/s/nls/ENGLISH/diratt.loc

The above is just the ENGLISH but there were also warnings for most other languages, is this normal or have I missed something in my config or is this to do with what is being written to the log.* file.

On the subject of the mail not arriving the reverse lookup does resolve to my mailserver IP, it may not be arriving due to some spam filtering at the recipients end (it is a BT account so anything is possible) I was mainly wondering why I wasn't getting NDRs.

My background is MS Exchange and MDaemon so I am more used to admin and configuration via GUIs. Using MDaemon I can watch the messages as they come in, in real-time by protocol, open a log file in the reporting tool and sort by sender, recipient etc.

Are there any plans for this type of on the fly analysis and troubleshooting with Scalix? Unless I am working with command line tools all the time I tend to forget after a few months and need to keep referring back to manuals and documentation, especially when the commands are quite criptic.


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 3 guests

cron