Logging IP address in error logs

Martin Schmid scm at aps-systems.ch
Thu Jan 19 17:19:08 CET 2017

Dusan, This may be true for some messages of a normal sequence.
I currently have log_level=5 and I cannot directly extract the ip from 
the error line, eg 'ESMTP: notice: client broke the connection without a 
QUIT ()'.
The ip may be there somewhere else but this is not suitable for fail2ban.
Of course, I can write my own version of fail2ban ...!?

Am 19.01.2017 um 17:04 schrieb Dusan Obradovic:
>> On Jan 19, 2017, at 16:55, Martin Schmid <scm at aps-systems.ch 
>> <mailto:scm at aps-systems.ch>> wrote:
>> I accidently didn't reply to the list before, so here's a little summary:
>> In general, my setup is working flawlessly with amavis as frontend 
>> and xmail as backend server.
>> Since amavis behaves as a kind of proxy, it also sends the error 
>> status codes from the real SMTP server to the client while connected.
>> There may be disadvantages exposing amavis but I'm pretty satified so 
>> far.
>> My goal would be to use fail2ban to automatically lock out ip 
>> adresses that cause some errors such ass dropping sessions without quit.
>> To accomplish this I would need to find the offending IP in the log. 
>> That's all I'm after.
>> It seems that there is no option covering this. It seems that I have 
>> to patch the script.
> Martin, the option you are looking for is $log_level, you need to 
> increase amavisd verbosity to log all the information during the SMTP 
> transaction.
> At $log_level = 2, amavisd would log the connected smtp client ip address.

Martin Schmid
APS systems AG, Neumatt 4, CH-4626 Niederbuchsiten
Tel direkt: +41 62 389 8891, Fax: +41 62 389 8880, Tel: +41 62 389 8888

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20170119/e1d34df1/attachment.html>

More information about the amavis-users mailing list