Logging question

[Mark Martinec]

Ralf,

> (16916-16) Passed CLEAN {RelayedOutbound},
>   LOCAL [141.42.206.36]:37952 [85.179.68.181]
> 
> [141.42.206.36]:37952 is my mailserver, but what is 85.179.68.181?
> 
> Under which circumstance does amavis log 2 IPs in [] and what info is
> being logged there?

See your log template (or its default). In a recent version it is::

[?%#D|#|Passed #
...
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s -> [%D|,]#

According to README.customize:

  client_addr  original SMTP session client source IP address, same as %a
     as obtained through XFORWARD or from a 'client_address' AM.PDP attribute,
     or by parsing the topmost Received header field with a valid IP address
     if XFORWARD ADDR or the AM.PDP attribute are not available;

  a  is a synonym for client_addr

  client_port  original SMTP session client source TCP port number
     as obtained through XFORWARD or from a 'client_port' AM.PDP attribute;

  client_addr_port  combines addr and port, similar to: \[%a\]:[:client_port]

  e  best guess of the originator IP address collected from the Received trace


So the first address is the IP address of a SMTP client which connected
to your MTA. The second address is the bottom-most public IP address
as obtained from parsing Received header fields (trace records, RFC5321).

  Mark