amavis-user March 2012 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: Logging question

Re: Logging question

From: Mark Martinec <Mark.Martinec+amavis_at_nospam>
Date: Thu Mar 29 2012 - 11:21:22 GMT
To: amavis-users@amavis.org

Ralf,

> (16916-16) Passed CLEAN {RelayedOutbound},
> LOCAL [141.42.206.36]:37952 [85.179.68.181]
>
> [141.42.206.36]:37952 is my mailserver, but what is 85.179.68.181?
>
> Under which circumstance does amavis log 2 IPs in [] and what info is
> being logged there?

See your log template (or its default). In a recent version it is::

[?%#D|#|Passed #
...
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s -> [%D|,]#

According to README.customize:

  client_addr original SMTP session client source IP address, same as %a
     as obtained through XFORWARD or from a 'client_address' AM.PDP attribute,
     or by parsing the topmost Received header field with a valid IP address
     if XFORWARD ADDR or the AM.PDP attribute are not available;

  a is a synonym for client_addr

  client_port original SMTP session client source TCP port number
     as obtained through XFORWARD or from a 'client_port' AM.PDP attribute;

  client_addr_port combines addr and port, similar to: \[%a\]:[:client_port]

  e best guess of the originator IP address collected from the Received trace

So the first address is the IP address of a SMTP client which connected
to your MTA. The second address is the bottom-most public IP address
as obtained from parsing Received header fields (trace records, RFC5321).

  Mark