This pro forma document may be used by any member of it to produce a controlled document

Yüklə 498,79 Kb.

səhifə	2/6
tarix	17.01.2019
ölçüsü	498,79 Kb.
	#99967

1 2 3 4 5 6

7Using the m4 Macro Builder

7.1.1General Caution: Version Upgrades

Make sure to keep your config.mc file safe when doing upgrades as it might get clobbered.

7.1.2After you have built you mc file

Go to the /cf/cf directory, place your config.mc file there and run:

m4 ${CFDIR}/m4/cf.m4 config.mc > config.cf

cp config.cf sendmail.cf

This is your new sendmail.cf file.

8Understanding Sendmail Logging

8.1.1Literature references

O'Reilly & Associates, Inc.

[2] David H. Crocker, Standard for the format of Internet text

messages, RFC822, Aug. 13, 1982.

[3] Eric Allman, Sendmail Installation and Operation Guide For Sendmail

Version 8.10, April 7, 2000.Log format for message logging

The sendmail log file format is described in [1, page 435], which is updated by [3, page 13]. This section describes sendmail message logging, exclusive Delivery Status Notifications (DSN's). Those, and other forms of sendmail logging are discussed in the next section.
Sendmail uses the syslog(3) facility to log its activities. The syslog facility used is "mail"; the syslog level varies with the message being logged. For each message to be logged, Sendmail checks whether the severity of the message is equal to or lower than its log level setting (lower = more serious); only then the message is logged. This setting is taken from the log level option in the sendmail configuration file. For a log level of zero, nothing is ever logged; for a low value only critical messages are logged, and for higher values also less serious messages are logged.
The log message contents depends on the sendmail version; [1] describes it for sendmail version 8.8.4; [3] for version 8.10 (8.10.2 is current at the time of writing). The general format of a sendmail message log line is:
sendmail[pid]: : =,
with meanings:

8.1.2Field Meaning

month, day and time that the line was logged (no year is present, which is a syslog peculiarity).

The name of the host that produced this information (may differ from the logging host).

sendmail Literal, even if sendmail is invoked as mailq or newaliases, 'sendmail' is printed here.

The process id of the sendmail invocation that produced this log line.

The queue id, a message identifier unique on the host producing the log lines.

= A comma-separated list of equates. Which equate appears in which line depends on whether the line documents the sender or the recipient and whether delivery succeeded, failed, or was deferred.

The possible = equates [1,3] are:

= Description Occurs in

Class The queue class: the numeric value defined in the sendmail configuration file for the keyword given in the Precedence: header of the processed message. Sender log records

Ctladdr The "controlling" user", that is, the name of the user whose credentials we use for delivery. Recipient log records

Delay The total message delay: the time difference between reception and final delivery or bounce). Format is delay=HH:MM::SS for a delay of less than one day and delay=days+HH:MM::SS otherwise. Recipient log records

From The envelope sender. Format is from=addr, with addr defined in [2] by the "address" keyword. This can be an actual person, or also be postmaster or the value of the $n macro in the case of a bounced message. Sender log records

Mailer The symbolic name (defined in the sendmail configuration file) for the program (known as delivery agent) that performed the message delivery. Recipient log records

Msgid A world-unique message identifier, defined in [2] as msgid= local-part (a) domain and the placeholders local-part and domain replaced by the respective keywords in [2]. The msgid= equate is omitted if it (incorrectly) is not defined in the configuration file. Sender log records

Nrcpts The number of recipients for the message, after all aliasing has taken place. Sender log records

pri The initial priority assigned to the message. The priority changes each time the queued message is tried, but this equate only shows the initial value. Sender log records

Proto The protocol that was used when the message was received; this is either SMTP, ESMTP, or internal, or assigned with the -p command-line switch. It is stored in $r. Sender log records

Relay Shows which user or system sent / received the message; the format is one of relay=user(a)domain [IP], relay=user(a)localhost, or relay=fqdn host. Sender and recipient log records

Size The size of the incoming message in bytes during the DATA phase, including end-of-line characters. For messages received via sendmails' standard input, it is the count of the bytes received, including the newline characters. Sender log records

Stat The delivery status of the message. For successful delivery, stat=Sent (text) is printed, where text is the actual text that the other host printed when it accepted the message, transmitted via SMTP. For local delivery, stat=Sent is printed. Other possibilities are stat=Deferred: reason, stat=queued, or stat=User unknown. [complete list of possible values to be made] Recipient log records

to Address of the final recipient, after all aliasing has taken place. The format is defined in [2] by the "address" keyword. Recipient log records

Xdelay The total time the message took to be transmitted during final delivery. This differs from the delay= equate, in that the xdelay= equate only counts the time in the actual final delivery. Recipient log records

8.1.3Message logging and sendmail dlf file contents

Example for a successful message sending

Two records are taken from the log file of the machine called thor.foo.com, running sendmail version 8.10.2 with the default log level 9. This log concerns data that was sent successfully.

Jul 15 17:11:21 thor.foo.com sendmail[22398]: e6FFBLP22398: from=, size=589, class=0, nrcpts=1, msgid=<200007151510.e6FFAC316448(a)odin.foo.com>, proto=ESMTP, daemon=MTA, relay=jan(a)odin.foo.com [192.168.1.1]
Jul 15 17:11:21 thor.foo.com sendmail[22400]: e6FFBLP22398: to=, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30589, relay=frigga.bar.com. [192.168.1.3], dsn=2.0.0, stat=Sent (e6FFAFv24566 Message accepted for delivery)
The meaningful information is put in the dlf-file format.
Time 963673881

LogRelay thor.foo.com

QueueId e6FFBLP22398

MessageId 200007151510.e6FFAC316448(a)odin.foo.com

FromUser jan

FromDomain foo.com

FromRelay jan(a)odin.foo.com_[192.168.1.1]

Size 589

Delay 00:00:00

XDelay 00:00:00

ToUser gerrit

ToDomain bar.com

ToRelay frigga.bar.com._[192.168.1.3]

Status Sent

XStatus e6FFAFv24566_Message_accepted_for_delivery

The "e6FFAFv24566" string as part of the XStatus field is the queue id of this message on the ToRelay. This information helps in tracking a message over multiple machines.

One line in the 'standard' file Sent Domain now becomes:
963673881 thor.foo.com e6FFBLP22398 200007151510.e6FFAC316448(a)odin.foo.com jan foo.com odin.foo.com_[192.168.1.1] 589 00:00:00 00:00:00 gerrit bar.com frigga.bar.com._[192.168.1.3] Sent e6FFAFv24566 Message accepted for delivery
Note: 963673881 is the number of seconds since Jan 1 1970 1:00 till Jul 15 2000 17:11:21. The sendmail log line does not show the year, which is a drawback of the syslog(3) facility.

8.1.4Example for an erroneous message sending

The Error Domain and the Error Relay types are also explained with an example. The same sendmail version and log level are used as before. The example is about a message that could not be sent because the destination host was unknown.
Jul 15 17:53:51 thor.foo.com sendmail[22493]: e6FFrpW22493: from=, size=551, class=0, nrcpts=1, msgid=<200007151552.e6FFqmD16573(a)odin.foo.com>, proto=ESMTP, daemon=MTA, relay=jan(a)odin.foo.com [192.168.1.1]

Jul 15 17:53:51 thor.foo.com sendmail[22495]: e6FFrpW22493: to=, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30551, relay=frigga.bar.com. [192.168.1.3], dsn=5.1.2, stat=Host unknown (Name server: magnum.bar.com.: host not found)

Time 963676431

LogRelay thor.foo.com

QueueId e6FFrpW22493

MessageId 200007151552.e6FFqmD16573(a)odin.foo.com

FromUser jan

FromDomain foo.com

FromRelay jan(a)odin.foo.com_[192.168.1.1]

Size 551

Delay 00:00:00

XDelay 00:00:00

ToUser joost

ToDomain magnum.bar.com

ToRelay frigga.bar.com_[192.168.1.3]

Status Host_unknown

XStatus Name_server:_magnum.bar.com.:_host_not_found

Note that the reason why the message could not be sent is put into the XStatus field. This information can be used to analyze what causes a message not to be sent.

8.1.5Miscellaneous sendmail loggings

Until now, only logging of message transfers was described. However, sendmail will log much more events than just those, it e.g. also logs connection rejections, alias database rebuilds and generation of DSN's (among which error messages).
A lot of things can go wrong in message transfers. Possible sources are local host problems, problems with incoming and outgoing connections and of course, problems with the message itself, e.g. its addressing.
A full list of what is logged up to log level 9, and the extra's above that value is given in [3, page 27]. Over here, these items are sorted per source category below. Not everything logged is an error event though.
Local host related logging

Events on the local host (mostly problems) are also logged by sendmail. Host and sendmail configuration errors cause lasting (non-transient) problems in message transfer, while resource shortages are usually temporary and so cause transient problems. Non-error events, such as alias database rebuilds, are also configuration-related and are logged too.

8.1.6For log level 9, the logged events per category are:

non-transient problems:

IP stack setup problems: has no hostname (daemon starts waiting)

resolver config problem (DNS, NIS, or whatever)

sendmail config errors (e.g. mismatch with DNS: local configuration error, out of date alias database

improper file and directory permissions, unsafe symlinks and hard links

out of date alias databases

transient problems:

lack of resources (disk space, memory, CPU)

non-problem events:

alias database rebuilds

Examples:

Jul 11 23:08:39 frigga sendmail[23693]: My unqualified host name (frigga) unknown; sleeping for retry

Jul 11 23:15:58 frigga.foo.com sendmail[23740]: e6BLFwY23738: to=jan(a)foo.com, ctladdr=jan (1002/1002), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=30026, relay=odin.foo.com, dsn=4.0.0, stat=Deferred: Name server: odin.foo.com: host name lookup failure

Jul 11 23:38:15 frigga.foo.com sendmail[23824]: e6BLc7u23822: to=root(a)blurp.foo.com, ctladdr=jan (1002/1002), delay=00:00:08, xdelay=00:00:00, mailer=esmtp, pri=30025, relay=blurp.foo.com., dsn=5.3.5, stat=Local configuration error

Jul 11 23:52:06 frigga.foo.com sendmail[23948]: NOQUEUE: SYSERR(root): hash map "Alias0": unsafe map file /etc/mail/aliases.db: Permission denied

Jul 11 23:52:06 frigga.foo.com sendmail[23948]: NOQUEUE: SYSERR(root): Cannot create database for alias file /etc/mail/aliases

Jul 11 23:49:24 frigga.foo.com sendmail[23905]: alias database /etc/mail/aliases.db out of date

Jul 7 19:23:29 frigga.foo.com sendmail[5803]: NOQUEUE: SYSERR(root): daemon: cannot fork: Not enough space

Jul 15 20:13:50 frigga.foo.com sendmail[16742]: alias database /etc/mail/aliases rebuilt by jan

Jul 15 20:13:50 frigga.foo.com sendmail[16742]: /etc/mail/aliases: 22 aliases, longest 24 bytes, 379 bytes total

8.1.7Connection related logging

Connections relate to both incoming and outgoing network connections from and to other hosts. Both on network level and on protocol level, error and non-error events are logged. Logging categories for log level 9 are:
(potential) security problems (e.g. spamming)

lost communications (network problems)

protocol failures

connection timeouts

connection rejections

VRFY and EXPN commands

Examples:
Jul 15 21:17:37 thor.foo.com sendmail[22751]: e6FJHbG22751: ruleset=check_mail, arg1=notorious(a)spammerhome.com, relay=jan(a)odin.foo.com [192.168.1.1], reject=553 5.3.0 notorious(a)spammerhome.com... Sorry, access for decent people only

Jul 15 21:17:37 thor.foo.com sendmail[22751]: e6FJHbG22751: from=notorious(a)spammerhome.com, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=jan(a)odin.foo.com [192.168.1.1]

Jul 15 22:43:25 odin.foo.com sendmail[17394]: WAA17394: lost input channel from nld116-54.bar.com [172.16.123.54]

Jul 15 22:43:25 odin.foo.com sendmail[17394]: WAA17394: from=jan(a)nld116-54.foo.com, size=0, class=0, pri=0, nrcpts=1, proto=ESMTP, relay=nld116-54.foo.com [172.16.123.54]

Jul 15 21:21:01 thor.foo.com sendmail[22752]: NOQUEUE: jan(a)odin.foo.com [192.168.1.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Jul 15 21:30:54 odin.foo.com sendmail[16971]: e6FJUq016969: to=jan(a)thor.foo.com, ctladdr=jan (1003/1003), delay=00:00:02, xdelay=00:00:00, mailer=esmtp, pri=30000, relay=thor.foo.com. [192.168.1.2], dsn=4.0.0, stat=Deferred: Connection refused by thor.foo.com.

Jul 15 21:40:30 thor.foo.com sendmail[22850]: e6FJeUB22850: ruleset=check_rcpt, arg1=, relay=jan(a)odin.foo.com [192.168.1.1], reject=550 5.7.1 ... Relaying denied

Jul 15 21:40:30 thor.foo.com sendmail[22850]: e6FJeUB22850: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=jan(a)odin.foo.com [192.168.1.1]

Jul 15 21:42:11 thor.foo.com sendmail[22852]: e6FJgBB22852: jan(a)odin.foo.com [192.168.1.1]: vrfy jan

Jul 15 21:42:35 thor.foo.com sendmail[22854]: e6FJgZB22854: jan(a)odin.foo.com [192.168.1.1]: expn postmaster

8.1.8Message related logging

Message logging was already discussed at the top. At log level 9, items logged apart from successful message transfers are:
malformed addresses

message collection statistics

creation of error messages

delivery failures (permanent errors)

messages being deferred (transient errors)

Examples:

- coming -

Jul 15 17:53:51 thor.foo.com sendmail[22495]: e6FFrpW22493: e6FFrpW22495: DSN: Host unknown (Name server: magnum.bar.com.: host not found)

Jul 15 21:40:30 thor.foo.com sendmail[22850]: e6FJeUB22850: ruleset=check_rcpt, arg1=, relay=jan(a)odin.foo.com [192.168.1.1], reject=550 5.7.1 ... Relaying denied

8.1.9Log control

Check if the following statement is in your sendmail.cf:
[/etc] edwin(a)p6> grep -i loglevel sendmail.cf O LogLevel=9In syslog.conf, check if the file is logged to:
[/etc] edwin(a)p6> grep -i mail syslog.conf

mail.info /var/log/mail.logCreate the file /var/log/mail.log (if it didn't exist yet), restart the syslog daemon and then the sendmail daemon.

Other Sendmail log-processors

Maillog Report Generation Utility by Jason Armstrong

Anteater of the Profzone Group

Yüklə 498,79 Kb.

Dostları ilə paylaş:

1 2 3 4 5 6