qmail-logmsg logging patch

On this page: • Introduction   • Download   • Installation   • Status/Warranty   • Compatibility   • License   • Programming Notes • Changelog • Archives

Introduction

This patch adds extensive logging to qmail-smtpd for netqmail-1.06. Initial connection through to message acceptance or rejection / disconnection is logged, with all log entries showing the process id and remote IP address to enable identification of individual SMTP sessions. Accepted messages are logged with the number of recipients. You can view an annotated sample log here.

A simple awk script is also provided to summarise logs; this collates information for each session onto a single line and adds the session duration. The awk script assumes log entries of the form produced by multilog (part of daemontools).

This patch was previously called qmail-errmsg but was renamed to qmail-logmsg to more accurately reflect its purpose.

It is based on some code John Levine was using, alas the original author is unknown. The error logging from that code has been enhanced and extended with assistance from John.

If you use 'sister' packages of netqmail you may also be interested in my related logging patches for rblsmtpd and serialmail, found here, also ofmipd-plus for email submission.

Download

The current release, version 1.3 is available in plaintext or gzipped (.gz).

Installation

Proceed as follows:

• Unpack the patch if you've downloaded a compressed version.
• Patch your qmail source: Enter your netqmail-1.06 source directory and type,

  patch < path_to_the_patch/netqmail-1.06.logmsg-v1.3.patch

  which should apply the patch. If you're basing your installation on a Life with qmail style setup, you'd use this patch command just before you compile/build netqmail (make setup check) in section 2.5.5.

• You can now compile qmail and install as normal.

If you wish to summarise the logged data you can use scripts such as this one, to generate a summary like this.

Status / Warranty

No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.

Compatibility

The patch applies cleanly to netqmail-1.05 and netqmail-1.06. It does not apply cleanly to qmail-1.03. Other versions of qmail have not been tested. The awk script (if you use it) assumes logging with mulitlog.

Compatibility with common patches: This patch may conflict with other patches to netqmail/qmail; I've not explored this. If you're comfortable with 'manual' patching where conflicts arise you should be fine: The purpose of this patch is pretty clear and easy to follow when patching.

If you're not comfortable with 'manual' patching you may like to engage a qmail consultant such as the author.

License

The patch contains fairly obvious code, with bits from each author in turn: I and John Levine are happy for our contributions to this code to be freely available; with the original author being unknown I can't speak for him/her, but I believe they provided the original code without restrictions on its use, so there shouldn't be any problem there.

Programming Notes

Some variables in qmail-smtpd.c have been moved to enable their use in log messages.

Some code has been separated out into separate files (errbits.c, .h) for use in other qmail components and add-ons.

Changelog

• From version 1.2 to version 1.3:
• Essentially cosmetic changes: The patch is now called qmail-logmsg to more accurately describe what it does (it was previously called qmail-errmsg). errbits.h, errbits.c have been enhanced to add the eoutulong() function - this is to make it consistent with the errbits.h, errbits.c components of the ofmipd-plus patch; qmail-smtpd.c has been slightly altered to take advantage of this new function. There's also a couple of other minor cosmetic code changes.
• From version 1.1 to version 1.2:
• Altered err_syntax() to just give length of address causing syntax error, rather than repeat the address in the log, since this could provide a route for a DoS attack (an attacker could have written large log files like this).
• From version 1.0 to version 1.1:
• Remote IP address included with every log entry to make it easier to read, and to collate
• esetfd() added to enable output file descriptor to be changed easily from the default of stderr
• Logged sender and recipient addresses enclosed by < and > symbols
• All commands cause log entries (even NOOP)
• Remotely supplied data (sender, recipient, HELO/EHLO string) are sanitised prior to being logged
• Trailing full-stops (periods) are no longer used on log entries; in particular this avoids any confusion after HELO/EHLO strings and sender/recipient addresses as to what the remote end sent
• stderrbits.[ch] renamed to errbits.[ch] since FD 2 (stderr) is no longer necessarily used for logging with the addition of esetfd().
• Example awk script added to collate log; this also calculates session duration from the TAI timestamps to millisecond precision

Archives

Here are the previous versions of this patch:

• version 1.2 in plaintext or gzipped (.gz).
• version 1.1 in plaintext or gzipped (.gz).
• version 1.0 in plaintext or gzipped (.gz).

This page last updated: AR, 17th May 2020.