LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-24-2014, 10:20 AM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 536

Rep: Reputation: Disabled
Understanding postfix log


I just sent an email using PHPMailer, and set setFrom, addReplyTo, and addAddress to michael@comcast.net (note that this question has nothing to do with PHPMailer, I just included this info on the rare case it will help). I have installed postfix.i686 2:2.6.6-6.el6_5 on Centos 6.5. I am trying to understand the /var/log/maillog log.

For instance, the first line "vps sendmail". I take it this is my server "vps" using command "sendmail". I thought I was using postfix, and not sendmail? Also, what is with the Authentication-Warning.

I also see that sendmail, postfix/smtpd, postfix/cleanup, postfix/qmgr are all being used. How are these related? (If this is two long of a question, please disregard)

Later I see a couple "Network is unreachable" lines. What is with these?

Thank you

Code:
May 24 08:56:18 vps sendmail[3797]: s4ODuIpF003797: Authentication-Warning: vps.tapmeister.com: apache set sender to michael@comcast.net using -f
May 24 08:56:19 vps sendmail[3797]: s4ODuIpF003797: from=michael@comcast.net, size=12546, class=0, nrcpts=1, msgid=<2865fdf622f61f18d801c97c64f5f1ea@example.com>, relay=apache@localhost
May 24 08:56:21 vps postfix/smtpd[3952]: connect from localhost[127.0.0.1]
May 24 08:56:21 vps postfix/smtpd[3952]: 2423E3350019: client=localhost[127.0.0.1]
May 24 08:56:21 vps postfix/cleanup[3955]: 2423E3350019: message-id=<2865fdf622f61f18d801c97c64f5f1ea@example.com>
May 24 08:56:22 vps postfix/qmgr[1982]: 2423E3350019: from=<michael@comcast.net>, size=13172, nrcpt=1 (queue active)
May 24 08:56:22 vps sendmail[3797]: s4ODuIpF003797: to=John Doe <michael@comcast.net>, ctladdr=michael@comcast.net (48/48), delay=00:00:04, xdelay=00:00:01, mailer=relay, pri=42546, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (Ok: queued as 2423E3350019)
May 24 08:56:22 vps postfix/smtp[4035]: connect to mx2.comcast.net[2001:558:fe2d:70::22]:25: Network is unreachable
May 24 08:56:22 vps postfix/smtp[4035]: connect to mx1.comcast.net[2001:558:fe14:70::22]:25: Network is unreachable
May 24 08:56:22 vps postfix/smtp[4035]: 2423E3350019: to=<michael@comcast.net>, relay=mx1.comcast.net[12.34.56.789]:25, delay=1.7, delays=1/0.01/0.42/0.21, dsn=2.0.0, status=sent (250 2.0.0 5pwR1o00o1yV1880KpwRLq mail accepted for delivery)
May 24 08:56:22 vps postfix/qmgr[1982]: 2423E3350019: removed
May 24 08:56:24 vps postfix/smtpd[3952]: disconnect from localhost[127.0.0.1]
 
Old 05-24-2014, 11:13 AM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,275

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Regardless of whether sendmail, postfix, exim4, or some other MTA is used, the command to send mail on *nix is usually called sendmail for historical reasons. It does not mean that you're using sendmail as your MTA; you're using postfix as you thought.

System log messages tend to take a standard form: "timestamp hostname application/process-name-or-PID message". Why is the hostname included, you ask. It's because machines can send syslog messages to other machines for aggregation, and it's really helpful in that case to know which machine actually generated a log message.

I am not a Postfix wizard, so I don't know the specifics of how it works, but most MTAs usually have several daemons. Probably, smtpd is what actually listens for incoming port 25 connections annd services them while qmgr and cleanup actually manage the machine's internal mail queue. For example, if there's a transient delivery failure, the message will sit in an internal queue and something has to be responsible for attempting a redelivery or deleting it (and sending an error back to the user) if the system decides it can't be delivered.

As for the "network is unreachable" lines, it looks like your machine first attempts to use IPv6 to talk to the comcast mail servers (2001:558:fe2d:70::22 looks like an IPv6 address to me). Since your machine is probably not set up to use IPv6, this fails. It then switches back to using IPv4 (connecting to 12.34.56.789, which I'm assuming you've obfuscated because it's not a valid address), and that succeeds.
 
1 members found this post helpful.
Old 05-24-2014, 10:36 PM   #3
Doug G
Member
 
Registered: Jul 2013
Posts: 593

Rep: Reputation: Disabled
Also you might grab an analyzer utility like pflogsumm (which I use to email me a daily mail server summary report). You can look at the report and then back at the maillog to gain some more insight how the report entries were generated from log entries.
 
Old 05-24-2014, 10:44 PM   #4
GaWdLy
Member
 
Registered: Feb 2013
Location: San Jose, CA
Distribution: RHEL/CentOS/Fedora
Posts: 457

Rep: Reputation: Disabled
'sendmail' is generally aliased, even in postfix systems.

I think btmiller might be right about the logs.

This article explains your auth warning: http://dev.kafol.net/2013/01/sendmai...ning-user.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables log understanding help Azrael84 Linux - Security 10 07-08-2013 06:48 AM
understanding auth.log mrmnemo Linux - Newbie 3 04-28-2010 07:42 PM
Need help understanding log entries rbees Linux - Newbie 4 12-14-2008 02:32 PM
Understanding Postfix hazmatt20 Linux - General 2 07-25-2006 04:02 PM
Using postfix MTA and need help understanding some entries Stratholm Linux - Software 2 12-28-2005 01:37 PM


All times are GMT -5. The time now is 06:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration