qmail-logmsg logging patch
This patch adds extensive logging to
qmail-smtpd for netqmail-1.06. Initial connection through to message acceptance or rejection / disconnection is logged, with all log entries showing the process id and remote IP address to enable identification of individual SMTP sessions. Accepted messages are logged with the number of recipients. You can view an annotated sample log here.
awk script is also provided to summarise logs; this collates information for each session onto a single line and adds the session duration. The
awk script assumes log entries of the form produced by
multilog (part of daemontools).
This patch was previously called
qmail-errmsg but was renamed to
qmail-logmsg to more accurately reflect its purpose.
It is based on some code John Levine was using, alas the original author is unknown. The error logging from that code has been enhanced and extended with assistance from John.
Proceed as follows:
- Unpack the patch if you've downloaded a compressed version.
- Patch your qmail source: Enter your
netqmail-1.06source directory and type,
patch < path_to_the_patch/netqmail-1.06.logmsg-v1.3.patch
which should apply the patch. If you're basing your installation on a Life with qmail style setup, you'd use this patch command just before you compile/build netqmail (
make setup check) in section 2.5.5.
- You can now compile qmail and install as normal.
Status / Warranty
No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.
The patch applies cleanly to netqmail-1.05 and netqmail-1.06. It does not apply cleanly to qmail-1.03. Other versions of qmail have not been tested. The
awk script (if you use it) assumes logging with mulitlog.
Compatibility with common patches: This patch may conflict with other patches to netqmail/qmail; I've not explored this. If you're comfortable with 'manual' patching where conflicts arise you should be fine: The purpose of this patch is pretty clear and easy to follow when patching.
If you're not comfortable with 'manual' patching you may like to engage a qmail consultant such as the author.
The patch contains fairly obvious code, with bits from each author in turn: I and John Levine are happy for our contributions to this code to be freely available; with the original author being unknown I can't speak for him/her, but I believe they provided the original code without restrictions on its use, so there shouldn't be any problem there.
Some variables in
qmail-smtpd.c have been moved to enable their use in log messages.
Some code has been separated out into separate files (errbits.c, .h) for use in other qmail components and add-ons.
- From version 1.2 to version 1.3:
- Essentially cosmetic changes: The patch is now called
qmail-logmsgto more accurately describe what it does (it was previously called
errbits.chave been enhanced to add the
eoutulong()function - this is to make it consistent with the errbits.h, errbits.c components of the ofmipd-plus patch;
qmail-smtpd.chas been slightly altered to take advantage of this new function. There's also a couple of other minor cosmetic code changes.
- From version 1.1 to version 1.2:
err_syntax()to just give length of address causing syntax error, rather than repeat the address in the log, since this could provide a route for a DoS attack (an attacker could have written large log files like this).
- From version 1.0 to version 1.1:
- Remote IP address included with every log entry to make it easier to read, and to collate
esetfd()added to enable output file descriptor to be changed easily from the default of stderr
- Logged sender and recipient addresses enclosed by < and > symbols
- All commands cause log entries (even NOOP)
- Remotely supplied data (sender, recipient, HELO/EHLO string) are sanitised prior to being logged
- Trailing full-stops (periods) are no longer used on log entries; in particular this avoids any confusion after HELO/EHLO strings and sender/recipient addresses as to what the remote end sent
- stderrbits.[ch] renamed to errbits.[ch] since FD 2 (stderr) is no longer necessarily used for logging with the addition of esetfd().
awkscript added to collate log; this also calculates session duration from the TAI timestamps to millisecond precision
Here are the previous versions of this patch:
- version 1.2 in plaintext or gzipped (.gz).
- version 1.1 in plaintext or gzipped (.gz).
- version 1.0 in plaintext or gzipped (.gz).
This page last updated: AR, 17th May 2020.