Sun Java System Messaging Server 6 2005Q4 Administration Guide

Managing MTA Message and Connection Logs

The MTA provides facilities for logging each message as it is enqueued and dequeued. It also provides dispatcher error and debugging output.

You can control logging on a per-channel basis or you can specify that message activity on all channels be logged. In the initial configuration, logging is disabled on all channels.

See Enabling MTA Logging for more information.

Enabling logging causes the MTA to write an entry to the msg_svr_base/data/log/mail* file each time a message passes through an MTA channel. Such log entries can be useful for gathering statistics on how many messages are passing through the MTA (or through particular channels). You can also use these log entries to investigate other issues, such as whether and when a message was sent or delivered.

The message return job, which runs every night around midnight, appends any existing mail.log_yesterday to the cumulative log file, mail.log, renames the current mail.log_current file to mail.log_yesterday, and then begins a new mail.log_current file. The message return job also performs the analogous operations for any connection.log* files.

While the MTA performs automatic rollovers to maintain the current file, you must manage the cumulative mail.log file by determining policies for tasks such as backing up the file, truncating the file, deleting the file, and so on.

When considering how to manage the log files, note that the MTA periodic return job will execute a site-supplied msg_svr_base/bin/daily_cleanup procedure, if one exists. Thus some sites might choose to supply their own cleanup procedure that, for instance, renames the old mail.log file once a week (or once a month), and so on.


Note –

With logging is enabled, the mail.log file steadily grows and, if left unchecked, consumes all available disk space. Monitor the size of this file and periodically delete unnecessary contents. You can also delete the entire file as another version will be created as needed.


Understanding the MTA Log Entry Format

The MTA log file is written as ASCII text. By default, each log file entry contains eight or nine fields as shown in the example below.

19-Jan-1998 19:16:57.64 l tcp_local E 1 adam@sesta.com rfc822;marlowe@siroe.com marlowe@siroe.com

The log entry shows:

  1. The date and time the entry was made (in the example, 19-Jan-1998 19:16:57.64).

  2. The channel name for the source channel (in the example, l).

  3. The channel name for the destination channel (in the example, tcp_local). (For SMTP channels, when LOG_CONNECTION is enabled, a plus (+) indicates inbound to the SMTP server; a minus (-) indicates outbound via the SMTP client.)

  4. The type of entry (in the example, E); see Table 21–2.

  5. The size of the message (in the example, 1). This is expressed in kilobytes by default, although this default can be changed by using the BLOCK_SIZE keyword in the MTA option file.

  6. The envelope From: address (in the example, adam@sesta.com). Note that for messages with an empty envelope From: address, such as notification messages, this field is blank.

  7. The original form of the envelope To: address (in the example, marlowe@siroe.com).

  8. The active (current) form of the envelope To: address (in the example, marlowe@siroe.com).

  9. The delivery status (SMTP channels only).

The following table describes the logging entry codes.

Table 21–2 Logging Entry Codes

Entry 

Description 

Bad command sent to the SMTP server. The recipient address field will contain the command that was rejected while the diagnostic field will contain the response the SMTP server gave. MTA channel option, MAX_B_ENTRIES, controls how many bad commands will be logged in a given session. Default is 10. 

BA 

Bad command after authentication successfully performed earlier in transaction. 

BS 

Bad command after TLS successfully started up. 

BSA 

Bad command with TLS and AUTH. 

Successful dequeue 

DA 

Successful dequeue with SASL (authentication) 

DS 

Successful dequeue with TLS (security) 

DSA 

Successful dequeue with TLS and SASL (security and authentication) 

Enqueue 

EA 

Successful enqueue with SASL (authentication) 

ES 

Successful enqueue with TLS (security) 

ESA 

Successful enqueue with TLS and SASL (security and authentication) 

Rejection of attempted enqueue (rejection by slave channel program) 

Recipient message rejected. If the sender requests NOTIFY=NEVER DSN flag set or if the message times out or if the message is manually returned (for example: imsimta qm “delete” command always generates a “K” record for each recipient, while a qm “return” command will generate a “K” record rather than an “R” record). This indicates that there was no notification sent to the sender per the sender’s own request.

This can be compared with “R” records, which are the same sort of rejection/time-out, but where a new notification message (back to the original sender) is also generated regarding this failed message. 

Temporary failure to dequeue 

Recipient address rejected on attempted dequeue (rejection by master channel program), or generation of a failure/bounce message 

Warning message that will appear whenever a transaction is abnormally aborted. There will be one "V" record per enqueued recipient address. 

Warning message sent to notify original sender that the message has not been delivered yet, but it is still in the queue being retried. 

Some successful recipients, but this recipient was temporarily unsuccessful; the original message file of all recipients was dequeued, and in its place a new message file for this and other unsuccessful recipients will be immediately enqueued 

SMTP channels' LOG_CONNECTION + or - entries  

Connection closed. A diagnostic field will follow. Written to connection.log_current (or mail.log_current if a single log file is being used). Used to record the reason why the connection was closed. In particular, if the connection was closed due to some session disconnect limit being reached, that fact will show up in the diagnostics field. 

Connection opened 

Logs SMTP authentication successes and failures. Format is the same as other O and C entries. In particular, the same application and transport information fields appear in same order. The username will be logged in the username field if it is known. Bit 7 (value 128) of the LOG_CONNECTION MTA option controls this. 

Connection rejected 

Connection attempt failed before being established 

ETRN command received 

With LOG_CONNECTION, LOG_FILENAME, LOG_MESSAGE_ID, LOG_NOTARY, LOG_PROCESS, and LOG_USERNAME all enabled in the MTA Option file, the format becomes as shown in the example below. (The sample log entry line has been wrapped for typographic reasons; the actual log entry would appear on one physical line.)


19-Jan-1998 13:13:27.10 HOSTA   2e2d.2.1 tcp_local   l
 E 1 service@siroe.com rfc822;adam@sesta.com
 adam 276 /imta/queue/l/ZZ01IWFY9ELGWM00094D.00
 <01IWFVYLGTS499EC9Y@siroe.com> inetmail
 siroe.com (siroe.com [192.160.253.66])
                  

Where the additional fields, beyond those already discussed above, are:

  1. The name of the node on which the channel process is running (in the example, HOSTA).

  2. The process ID (expressed in hexadecimal), followed by a period (dot) character and a count. If this had been a multithreaded channel entry (that is, a tcp_* channel entry), there would also be a thread ID present between the process ID and the count. In the example, the process ID is 2e2d.2.1.

  3. The NOTARY (delivery receipt request) flags for the message, expressed as an integer (in the example, 276).

  4. The file name in the MTA queue area (in the example, /imta/queue/l/ZZ01IWFY9ELGWM00094D.00).

  5. The message ID (in the example, <01IWFVYLGTS499EC9Y@siroe.com>).

  6. The name of the executing process (in the example, inetmail). On UNIX, for dispatcher processes such as the SMTP server, this will usually be inetmail (unless SASL was used).

  7. The connection information (in the example, siroe.com (siroe.com [192.160.253.66]). The connection information consists of the sending system or channel name, such as the name presented by the sending system on the HELO/EHLO line (for incoming SMTP messages), or the enqueuing channel's official host name (for other sorts of channels). In the case of TCP/IP channels, the sending system's “real” name, that is, the symbolic name as reported by a DNS reverse lookup and/or the IP address, can also be reported within parentheses as controlled by the ident* channel keywords; see IDENT Lookups instance us of the default identnone keyword, that selects display of both the name found from the DNS and IP address.

Enabling MTA Logging

To gather statistics for just a few particular MTA channels, enable the logging channel keyword on just those MTA channels of interest. Many sites prefer to enable logging on all MTA channels. In particular, if you are trying to track down problems, the first step in diagnosing some problems is to notice that messages are not going to the channel you expected or intended, and having logging enabled for all channels can help you investigate such problems.

ProcedureTo Enable MTA Logging on a Specific Channel

Steps
  1. Edit the imta.cnf file.

    The file is located in the /opt/SUNWmsgsr/config directory.

  2. To enable logging for a particular channel, add the logging keyword to the channel definition. For example:


    channel-name keyword1 keyword2 logging
    

    In addition, you can also set a number of configuration parameters such as directory path for log files, log levels, an so on. See Managing Message Store, Admin, and Default Service Logs

ProcedureTo Enable MTA Logging on All Channels

Steps
  1. Edit the imta.cnf file.

    The file is located in the /opt/SUNWmsgsr/config directory.

  2. Add the logging keyword to your defaults channel (see Configuring Channel Defaults configuration file. For example:


    defaults logging notices 1 2 4 7 copywarnpost copysendpost postheadonly 
    noswitchchannel immnonurgent maxjobs 7 defaulthost siroe.com
    
    l defragment charset7 us-ascii charset8 iso-8859-01
    siroe.com

Specifying Additional MTA Logging Options

In addition to the basic information always provided when logging is enabled, you can specify that additional, optional information fields be included by setting various LOG_* MTA options in the MTA Option file. The file specified with the IMTA_OPTION_FILE option in the IMTA tailor file (msg_svr_base/config/imta_tailor) specifies the MTA Option file. By default, this is the msg_svr_base/config/option.dat file.

For complete details about the MTA Option file, see the Option File in Sun Java System Messaging Server 6 2005Q4 Administration Reference.

ProcedureTo Send MTA Logs to syslog

Steps
  1. Edit the MTA Option file.

  2. Set the LOG_MESSAGES_SYSLOG option to 1.

    A value of 0 is the default and indicates that syslog (event log) logging is not performed.

ProcedureTo Correlate Log Message Entries

Steps
  1. Edit the MTA Option file.

  2. Set the LOG_MESSAGE_ID option to 1.

    A value of 0 is the default and indicates that message IDs are not saved in the mail.log file.

ProcedureTo Identify Message Delivery Retries

Steps
  1. Edit the MTA Option file.

  2. Set the LOG_FILENAME option to 1.

    This option makes it easier to immediately spot how many times the delivery of a particular message file has been retried. This option can also be useful in understanding when the MTA does or does not split a message to multiple recipients into separate message file copies on disk.

ProcedureTo Log TCP/IP Connections

Steps
  1. Edit the MTA Option file.

  2. Set the LOG_CONNECTION option.

    This option causes the MTA to log TCP/IP connections, as well as message traffic. The connection log entries are written to the mail.log* files by default. Optionally, the connection log entries can be written to connection.log* files. See the SEPARATE_CONNECTION_LOG option for more information.

ProcedureTo Write Entries to the connection.log File

Steps
  1. Edit the MTA Option file.

  2. Set the SEPARATE_CONNECTION_LOG option to 1.

    Use this option to specify that connection log entries instead be written to connection.log files. The default value of 0 causes the connection logging to be stored in the MTA log files.

ProcedureTo Correlate Log Messages by Process ID

Steps
  1. Edit the MTA Option file.

  2. Set the LOG_PROCESS option.

    When used in conjunction with LOG_CONNECTION, this option enables correlation by process ID of which connection entries correspond to which message entries.

ProcedureTo Save User Names Associated with a Process That Enqueues Mail to the mail.log File

Steps
  1. Edit the MTA Option file.

  2. Set the LOG_USERNAME option.

    This option controls whether or not the user name associated with a process that enqueues mail is saved in the mail.log file. For SMTP submissions where SASL (SMTP AUTH) is used, the user name field will be the authenticated user name (prefixed with an asterisk character).

MTA Message Logging Examples

The exact field format and list of fields logged in the MTA message files vary according to the logging options set. This section shows a few examples of interpreting typical sorts of log entries. For a description of additional, optional fields, see Specifying Additional MTA Logging Options.


Note –

For typographic reasons, log file entries will be shown folded onto multiple lines—actual log file entries are one line per entry.


When reviewing a log file, keep in mind that on a typical system many messages are being handled at once. Typically, the entries relating to a particular message will be interspersed among entries relating to other messages being processed during that same time. The basic logging information is suitable for gathering a sense of the overall numbers of messages moving through the MTA.

If you wish to correlate particular entries relating to the same message to the same recipient(s), enable LOG_MESSAGE_ID. To correlate particular messages with particular files in the MTA queue area, or to see from the entries how many times a particular not-yet-successfully-dequeued message has had delivery attempted, enable LOG_FILENAME. For SMTP messages (handled via a TCP/IP channel), if you want to correlate TCP connections to and from remote systems with the messages sent, enable LOG_PROCESS and some level of LOG_CONNECTION.

MTA Logging Example: User Sends an Outgoing Message

The example below shows a fairly basic example of the sorts of log entries one might see if a local user sends a message out an outgoing TCP/IP channel, for example, to the Internet. In this example, LOG_CONNECTION is enabled. The lines marked with (1) and (2) are one entry—they would appear on one physical line in an actual log file. Similarly, the lines marked with (3) - (7) are one entry and would appear on one physical line.


Example 21–1 MTA Logging: A Local User Sends An Outgoing Message


19-Jan-1998 19:16:57.64 l            tcp_local    E 1         (1)
 adam@sesta.com rfc822;marlowe@siroe.com marlowe@siroe.com     (2)
 
 19-Jan-1998 19:17:01.16 tcp_local                  D 1        (3)
 adam@sesta.com rfc822;marlowe@siroe.com marlowe@siroe.com     (4)
 dns;thor.siroe.com
 (TCP|206.184.139.12|2788|192.160.253.66|25)                   (5)
 (THOR.SIROE.COM -- Server ESMTP [iMS V5.0 #8694])             (6)
 smtp;250 2.1.5 marlowe@siroe.com and options OK.              (7)
  1. This line shows the date and time of an enqueue (E) from the l channel to the tcp_local channel of a one (1) block message.

  2. This is part of the same physical line of the log file as (1), presented here as a separate line for typographical convenience. It shows the envelope From: address, in this case adam@sesta.com, and the original version and current version of the envelope To: address, in this case marlowe@siroe.com.

  3. This shows the date and time of a dequeue (D) from the tcp_local channel of a one (1) block message—that is, a successful send by the tcp_local channel to some remote SMTP server.

  4. This shows the envelope From: address, the original envelope To: address, and the current form of the envelope To: address.

  5. This shows that the actual system to which the connection was made is named thor.siroe.com in the DNS, that the local sending system has IP address 206.184.139.12 and is sending from port 2788, that the remote destination system has IP address 192.160.253.66 and the connection port on the remote destination system is port 25.

  6. This shows the SMTP banner line of the remote SMTP server.

  7. This shows the SMTP status code returned for this address; 250 is the basic SMTP success code and in addition, this remote SMTP server responds with extended SMTP status codes and some additional text.


MTA Logging Example: Including Optional Logging Fields

This example shows a logging entry similar to that shown in Example 21–3 and LOG_MESSAGE_ID=1 showing the file name and message ID; see (1) and (2). The message ID in particular can be used to correlate which entries relate to which message.


Example 21–2 MTA Logging – Including Optional Logging Fields


19-Jan-1998 19:16:57.64 l            tcp_local    E 1
  adam@sesta.com rfc822;marlowe@siroe.com marlowe@siroe.com
  /imta/queue/tcp_local/ZZ01ISKLSKLZLI90N15M.00
   <01ISKLSKC2QC90N15M@sesta.com>    (1)
                  
 19-Jan-1998 19:17:01.16 tcp_local                  D 1
  adam@sesta.com rfc822;marlowe@siroe.com marlowe@siroe.com
  /imta/queue/tcp_local/Z01ISKLSKLZLI90N15M.00
    <01ISKLSKC2QC90N15M@sesta.com>   (2)
  dns;thor.siroe.com (TCP|206.184.139.12|2788|192.160.253.66|25)
  (THOR.SIROE.COM -- Server ESMTP [iMS V5.0 #8694])
  smtp;250 2.1.5 marlowe@siroe.com and options OK.

MTA Logging Example – Sending to a List

This example illustrates sending to multiple recipients with LOG_FILENAME=1, LOG_MESSAGE_ID=1, and LOG_CONNECTION=1 enabled. Here user adam@sesta.com has sent to the MTA mailing list test-list@sesta.com, which expanded to bob@sesta.com, carol@varrius.com, and david@varrius.com. Note that the original envelope To: address is test-list@sesta.com for each recipient, though the current envelope To: address is each respective address. Note how the message ID is the same throughout, though two separate files (one for the l channel and one going out the tcp_local channel) are involved.


Example 21–3 MTA Logging – Sending to a List


19-Jan-1998 20:01:44.10 l    l                    E 1
  adam@sesta.com rfc822;test-list@sesta.com bob
  imta/queue/l/ZZ01ISKND3DE1K90N15M.00
  <01ISKND2H8MS90N15M@sesta.com>
 
 19-Jan-1998 20:01:44.81 l            tcp_local    E 1
  adam@sesta.com rfc822;test-list@sesta.com carol@varrius.com
  imta/queue/tcp_local/ZZ01ISKND2WS1I90N15M.00 
  <01ISKND2H8MS90N15M@sesta.com>
 
 19-Jan-1998 20:01:44.81 l            tcp_local    E 1
  adam@sesta.com rfc822;test-list@sesta.com david@varrius.com
  imta/queue/tcp_local/ZZ01ISKND2WS1I90N15M.00
 <01ISKND2H8MS90N15M@sesta.com>
 
 19-Jan-1998 20:01:50.69 l                         D 1
  adam@sesta.com rfc822;test-list@sesta.com bob
  imta/queue/l/ZZ01ISKND3DE1K90N15M.00
  <01ISKND2H8MS90N15M@sesta.com>
 
 19-Jan-1998 20:01:57.36 tcp_local                  D 1
  adam@sesta.com rfc822;test-list@sesta.com carol@varrius.com
  imta/queue/tcp_local/ZZ01ISKND2WS1I90N15M.00
  <01ISKND2H8MS90N15M@sesta.com>
  dns;gw.varrius.com (TCP|206.184.139.12|2788|192.160.253.66|25)
  (gw.varrius.com -- SMTP Sendmail)
  smtp;250 OK.
 
 19-Jan-1998 20:02:06.14 tcp_local                  D 1
  adam@sesta.com rfc822;test-list@sesta.com david@varrius.com
  imta/queue/tcp_local/ZZ01ISKND2WS1I90N15M.00
  <01ISKND2H8MS90N15M@sesta.com>
  dns;gw.varrius.com (TCP|206.184.139.12|2788|192.160.253.66|25)
  (gw.varrius.com -- SMTP Sendmail)
  smtp;250 OK.

MTA Logging – Sending to a Nonexistent Domain

This example illustrates an attempt to send to a nonexistent domain (here very.bogus.com); that is, sending to a domain name that is not noticed as nonexistent by the MTA's rewrite rules and that the MTA matches to an outgoing TCP/IP channel. This example assumes the MTA option settings of LOG_FILENAME=1 and LOG_MESSAGE_ID=1.

When the TCP/IP channel runs and checks for the domain name in the DNS, the DNS returns an error that no such name exists. Note the “rejection” entry (R), as seen in (5), with the DNS returning an error that this is not a legal domain name, as seen in (6).

Because the address is rejected after the message has been submitted, the MTA generates a bounce message to the original sender. The MTA enqueues the new rejection message to the original sender (1), and sends a copy to the postmaster (4) before deleting the original outbound message (the R entry shown in (5)).

Notification messages, such as bounce messages, have an empty envelope From: address—as seen, for instance, in (2) and (8)—in which the envelope From: field is shown as an empty space. The initial enqueue of a bounce message generated by the MTA shows the message ID for the new notification message followed by the message ID for the original message (3). (Such information is not always available to the MTA, but when it is available to be logged, it allows correlation of the log entries corresponding to the outbound failed message with the log entries corresponding to the resulting notification message.) Such notification messages are enqueued to the process channel, which in turn enqueues them to an appropriate destination channel (7).


Example 21–4 MTA Logging – Sending to a Nonexistent Domain


19-JAN-1998 20:49:04 l            tcp_local    E 1
  adam@sesta.com rfc822;user@very.bogus.com user@very.bogus.com
  imta/queue/tcp_local/ZZ01ISKP0S0LVQ94DU0K.00
 <01ISKP0RYMAS94DU0K@SESTA.COM>
 
19-JAN-1998 20:49:33 tcp_local    process      E 1                (1)
 rfc822;adam@sesta.com adam@sesta.com                             (2)
 imta/queue/process/ZZ01ISKP0S0LVQ94DTZB.00
 <01ISKP22MW8894DTAS@SESTA.COM>,<01ISKP0RYMAS94DU0K@SESTA.COM>    (3)

19-JAN-1998 20:49:33 tcp_local    process      E 1                (4)
 rfc822;postmaster@sesta.com postmaster@sesta.com
 imta/queue/process/ZZ01ISKP0S0LVQ94DTZB.00
 <01ISKP22MW8894DTAS@SESTA.COM>,<01ISKP0RYMAS94DU0K@SESTA.COM>
 
19-JAN-1998 20:50:07 tcp_local                  R 1               (5)
 adam@sesta.com rfc822;user@very.bogus.com user@very.bogus.com
 imta/queue/tcp_local/ZZ01ISKP0S0LVQ94DU0K.00
 <01ISKP0RYMAS94DU0K@SESTA.COM>
 Illegal host/domain name found                                   (6)

19-JAN-1998 20:50:08 process      l            E 3                (7)
 rfc822;adam@sesta.com adam                                       (8)
 imta/queue/l/ZZ01ISKP23BUQS94DTYL.00
 <01ISKP22MW8894DTAS@SESTA.COM>
 
19-JAN-1998 20:50:08 process      l            E 3
  rfc822;postmaster@sesta.com postmaster
  imta/queue/l/ZZ01ISKP23BUQS94DTYL.00
 <01ISKP22MW8894DTAS@SESTA.COM>
 
19-JAN-1998 20:50:12 l                         D 3
  rfc822;adam@sesta.com adam
  imta/queue/l/ZZ01ISKP23BUQS94DTYL.00
  <01ISKP22MW8894DTAS@SESTA.COM>
 
19-JAN-1998 20:50:12 l                         D 3
  rfc822;postmaster@sesta.com postmaster
  imta/queue/l/ZZ01ISKP23BUQS94DTYL.00
  <01ISKP22MW8894DTAS@SIROE.COM>

MTA Logging Example – Sending to a Nonexistent Remote User

This example illustrates an attempt to send to a bad address on a remote system. This example assumes MTA option settings of LOG_FILENAME=1 and LOG_MESSAGE_ID=1, and channel option settings of LOG_BANNER=1 and LOG_TRANSPORTINFO=1. Note the rejection entry (R), seen in (1). But in contrast to the rejection entry in Example 21–4, note that the rejection entry here shows that a connection to a remote system was made, and shows the SMTP error code issued by the remote SMTP server, (2) and (3). The inclusion of the information shown in (2) is due to setting the channel options LOG_BANNER=1 and LOG_TRANSPORTINFO=1.


Example 21–5 MTA Logging – Sending to a Nonexistent Remote User


20-JAN-1998 13:11:05 l            tcp_local    E 1
  adam@sesta.com rfc822;nonesuch@siroe.com nonesuch@siroe.com
  imta/queue/tcp_local/ZZ01ISLNBB1JOE94DUWH.00
  <01ISLNBAWV3094DUWH@sesta.com>
 
20-JAN-1998 13:11:08 tcp_local    process      E 1
  rfc822;adam@sesta.com adam@sesta.com
  imta/queue/process/ZZ01ISLNBB1JOE94DSGB.00
  <01ISLNBFKIDS94DUJ8@sesta.com>,<01ISLNBAWV3094DUWH@sesta.com>
 
 20-JAN-1998 13:11:08 tcp_local    process      E 1
  rfc822;postmaster@sesta.com postmaster@sesta.com
  imta/queue/process/ZZ01ISLNBB1JOE94DSGB.00
  <01ISLNBFKIDS94DUJ8@sesta.com>,<01ISLNBAWV3094DUWH@sesta.com>
 
20-JAN-1998 13:11:11 tcp_local                  R 1       (1)
  adam@sesta.com rfc822;nonesuch@siroe.com nonesuch@siroe.com
  imta/queue/tcp_local/ZZ01ISLNBB1JOE94DUWH.00 
  <01ISLNBAWV3094DUWH@sesta.com>
  dns;thor.siroe.com
  (TCP|206.184.139.12|2788|192.160.253.66|25)             (2)
  (THOR.SIROE.COM -- Server ESMTP [iMS V5.0 #8694])
  smtp; 553 unknown or illegal user: nonesuch@siroe.com   (3)
 
20-JAN-1998 13:11:12 process      l            E 3
  rfc822;adam@sesta.com adam
  imta/queue/l/ZZ01ISLNBGND1094DQDP.00
  <01ISLNBFKIDS94DUJ8@sesta.com>
 
20-JAN-1998 13:11:12 process      l            E 3
  rfc822;postmaster@sesta.com postmaster
  imta/queue/l/ZZ01ISLNBGND1094DQDP.00
  <01ISLNBFKIDS94DUJ8@sesta.com>
 
20-JAN-1998 13:11:13 l                         D 3
  rfc822;adam@sesta.com adam@sesta.com
  imta/queue/l/ZZ01ISLNBGND1094DQDP.00
  <01ISLNBFKIDS94DUJ8@sesta.com>
 
20-JAN-1998 13:11:13 l                         D 3
  rfc822;postmaster@sesta.com postmaster@sesta.com
  imta/queue/l/ZZ01ISLNBGND1094DQDP.00
  <01ISLNBFKIDS94DUJ8@sesta.com>

MTA Logging Example – Rejecting a Remote Side's Attempt to Submit a Message

This example illustrates the sort of log file entry resulting when the MTA rejects a remote side’s attempt to submit a message. (This example assumes that no optional LOG_* options are enabled, so only the basic fields are logged in the entry. Note that enabling the LOG_CONNECTION option, in particular, would result in additional informative fields in such J entries.) In this case, the example is for an MTA that has set up SMTP relay blocking (see Configuring SMTP Relay Blocking) with an ORIG_SEND_ACCESS mapping, including:

ORIG_SEND_ACCESS

! ...numerous entries omitted...
!
   tcp_local|*|tcp_local|*   $NRelaying$ not$ permitted

and where alan@very.bogus.com is not an internal address. Hence the attempt of the remote user harold@varrius.com to relay through the MTA system to the remote user alan@very.bogus.com is rejected.


Example 21–6 MTA Logging – Rejecting a Remote Side's Attempt to Submit a Message


28-May-1998 12:02:23 tcp_local            J 0               (1)
 harold@varrius.com rfc822; alan@very.bogus.com             (2)
 550 5.7.1 Relaying not permitted: alan@very.bogus.com      (3)
  1. This log shows the date and time the MTA rejects a remote side’s attempt to submit a message. The rejection is indicated by a J record. (Cases where an MTA channel is attempting to send a message which is rejected is indicated by R records, as shown in Example 21–4 and Example 21–5).


    Note –

    The last J record written to the log will have an indication stating that it is the last for a given session. Also, the current version of Messaging Server does not place a limit on the number of J records.


  2. The attempted envelope From: and To: addresses are shown. In this case, no original envelope To: information was available so that field is empty.

  3. The entry includes the SMTP error message the MTA issued to the remote (attempted sender) side.


MTA Logging Example – Multiple Delivery Attempts

This example illustrates the sort of log file entries resulting when a message cannot be delivered upon the first attempt, so the MTA attempts to send the message several times. This example assumes option settings of LOG_FILENAME=1 and LOG_MESSAGE_ID=1.


Example 21–7 MTA Logging – Multiple Delivery Attempts


15-Jan-1998 10:31:05.18 tcp_internal   tcp_local   E 3          (1)
 adam@hosta.sesta.com rfc822;user@some.org user@some.org
 imta/queue/tcp_local/ZZ01IS3D2ZP7FQ9UN54R.00 
 <01IRUD7SVA3Q9UN2D4@sesta.com>
 
15-Jan-1998 10:31:10.37 tcp_local                  Q 3          (2)
 adam@hosta.sesta.com rfc822;user@some.org user@some.org
 imta/queue/tcp_local/ZZ01IS3D2ZP7FQ9UN54R.00                   (3)
 <01IRUD7SVA3Q9UN2D4@sesta.com>
 TCP active open: Failed connect()    Error: no route to host   (4)
 
     ...several hours worth of entries...

15-Jan-1998 12:45:39.48 tcp_local                  Q 3          (5)
  adam@hosta.sesta.com rfc822;user@some.org user@some.org
  imta/queue/tcp_local/ZY01IS3D2ZP7FQ9UN54R.00                  (6)
  <01IRUD7SVA3Q9UN2D4@sesta.com>
  TCP active open: Failed connect()    Error: no route to host
 
  ...several hours worth of entries...

 15-Jan-1998 16:45:24.72 tcp_local                  Q 3
  adam@hosta.sesta.com rfc822;user@some.org user@some.org
  imta/queue/tcp_local/ZX01IS67NY4RRK9UN7GP.00                  (7)
                   <01IRUD7SVA3Q9UN2D4@sesta.com>
  TCP active open: Failed connect() Error: connection refused   (8)

  ...several hours worth of entries...

 15-Jan-1998 20:45:51.55 tcp_local                  D 3         (9)
  adam@hosta.sesta.com rfc822;user@some.org user@some.org
  imta/queue/tcp_local/ZX01IS67NY4RRK9UN7GP.00
  <01IRUD7SVA3Q9UN2D4@sesta.com>
  dns;host.some.org (TCP|206.184.139.12|2788|192.1.1.1|25)
  (All set, fire away)
  smtp; 250 Ok
  1. The message comes in the tcp_internal channel—perhaps from a POP or IMAP client, or perhaps from another host within the organization using the MTA as an SMTP relay; the MTA enqueues it to the outgoing tcp_local channel.

  2. The first delivery attempt fails, as indicated by the Q entry.

  3. That this is a first delivery attempt can be seen from the ZZ* filename.

  4. This delivery attempt failed when the TCP/IP package could not find a route to the remote side. As opposed to Example 21–4, the DNS did not object to the destination domain name, some.org; rather, the “no route to host” error indicates that there is some network problem between the sending and receiving side.

  5. The next time the MTA periodic job runs it reattempts delivery, again unsuccessfully.

  6. The file name is now ZY*, indicating that this is a second attempt.

  7. The file name is ZX* for this third unsuccessful attempt.

  8. The next time the periodic job reattempts delivery the delivery fails, though this time the TCP/IP package is not complaining that it cannot get through to the remote SMTP server, but rather the remote SMTP server is not accepting connections. (Perhaps the remote side fixed their network problem, but has not yet brought their SMTP server back up—or their SMTP server is swamped handling other messages and hence was not accepting connections at the moment the MTA tried to connect.)

  9. Finally the message is dequeued.


MTA Logging – Incoming SMTP Message Routed Through the Conversion Channel

This example illustrates the case of a message routed through the conversion channel. The site is assumed to have a CONVERSIONS mapping table such as:

CONVERSIONS
  IN-CHAN=tcp_local;OUT-CHAN=l;CONVERT   Yes

This example assumes option settings of LOG_FILENAME=1 and LOG_MESSAGE_ID=1.


Example 21–8 MTA Logging – Incoming SMTP Message Routed Through the Conversion Channel


04-Feb-1998 00:06:26.72 tcp_local    conversion   E 9      (1)
  amy@siroe.edu rfc822;bert@sesta.com bert@sesta.com
  imta/queue/conversion/ZZ01IT5UAMZ4QW98518O.00
  <01IT5UALL14498518O@siroe.edu>
 
 04-Feb-1998 00:06:29.06 conversion   l            E 9     (2)
                   amy@siroe.edu rfc822;bert@sesta.com bert
  imta/queue/l/ZZ01IT5UAOXLDW98509E.00  <01IT5STUMUFO984Z8L@siroe.edu>
 
04-Feb-1998 00:06:29.31 conversion                D 9      (3)
 amy@siroe.edu rfc822;bert@sesta.com bert
 imta/queue/conversion/ZZ01IT5UAMZ4QW98518O.00
 <01IT5UALL14498518O@siroe.edu>
 
 04-Feb-1998 00:06:32.62 l                         D 9     (4)
  amy@siroe.edu rfc822;bert@siroe.com bert
  imta/queue/l/ZZ01IT5UAOXLDW98509E.00
  <01IT5STUMUFO984Z8L@siroe.edu>

               
  1. The message from external user amy@siroe.edu comes in addressed to the l channel recipient bert@sesta.com. The CONVERSIONS mapping entry, however, causes the message to be initially enqueued to the conversion channel (rather than directly to the l channel).

  2. The conversion channel runs and enqueues the message to the l channel.

  3. Then the conversion channel can dequeue the message (delete the old message file).

  4. And finally the l channel dequeues (delivers) the message.


MTA Logging Example: Outbound Connection Logging

This example illustrates log output for an outgoing message when connection logging is enabled, via LOG_CONNECTION=3. LOG_PROCESS=1, LOG_MESSAGE_ID=1 and LOG_FILENAME=1 are also assumed in this example. The example shows the case of user adam@sesta.com sending the same message (note that the message ID is the same for each message copy) to three recipients, bobby@hosta.sesta.com, carl@hosta.sesta.com, and dave@hostb.sesta.com. This example assumes that the message is going out a tcp_local channel marked (as such channels usually are) with the single_sys channel keyword. Therefore, a separate message file on disk will be created for each set of recipients to a separate host name, as seen in (1), (2), and (3), where the bobby@hosta.sesta.com and carl@hosta.sesta.com recipients are stored in the same message file, but the dave@hostb.sesta.com recipient is stored in a different message file.


Example 21–9 MTA Logging: Outbound Connection Logging


19-Feb-1998 10:52:05.41 1e488.0 l            tcp_local    E 1
 adam@sesta.com rfc822;bobby@hosta.sesta.com bobby@hosta.sesta.com
 imta/queue/tcp_local/ZZ01ITRF7BO388000FCN.00                    (1)
  <01ITRF7BDHS6000FCN@SESTA.COM>

19-Feb-1998 10:52:05.41 1e488.0 l            tcp_local    E 1
 adam@sesta.com rfc822;carl@hosta.sesta.com carl@hosta.sesta.com
 imta/queue/tcp_local/ZZ01ITRF7BO388000FCN.00                    (2)
   <01ITRF7BDHS6000FCN@SESTA.COM>

19-Feb-1998 10:52:05.74 1e488.1 l            tcp_local    E 1
 adam@sesta.com rfc822;dave@hostb.sesta.com dave@hostb.sesta.com
 imta/queue/tcp_local/ZZ01ITRF7C11FU000FCN.00                    (3)
   <01ITRF7BDHS6000FCN@SESTA.COM>

19-Feb-1998 10:52:10.79 1f625.2.0 tcp_local    -            O    (4)
 TCP|206.184.139.12|5900|206.184.139.66|25
 SMTP/hostb.sesta.com/mailhub.sesta.com                          (5)
 
19-Feb-1998 10:52:10.87 1f625.3.0 tcp_local    -            O    (6)
 TCP|206.184.139.12|5901|206.184.139.70|25
 SMTP/hosta.sesta.com/hosta.sesta.com                            (7)

19-Feb-1998 10:52:12.28 1f625.3.1 tcp_local                  D 1
 adam@sesta.com rfc822;bobby@hosta.sesta.com bobby@hosta.sesta.com
 imta/queue/tcp_local/ZZ01ITRF7BO388000FCN.00
  <01ITRF7BDHS6000FCN@SESTA.COM>
 hosta.sesta.com dns;hosta.sesta.com                            (8)
 (TCP|206.184.139.12|5901|206.184.139.70|25)
 (hosta.sesta.com -- Server ESMTP [iMS V5.0 #8790])
 (TCP|206.184.139.12|5901|206.184.139.70|25)
 smtp;250 2.1.5 bobby@hosta.sesta.com and options OK.

19-Feb-1998 10:52:12.28 1f625.3.1 tcp_local                  D 1
 adam@sesta.com rfc822;carl@hosta.sesta.com carl@hosta.sesta.com
 imta/queue/tcp_local/ZZ01ITRF7BO388000FCN.00
  <01ITRF7BDHS6000FCN@SESTA.COM>
 hosta.sesta.com dns;hosta.sesta.com
 (TCP|206.184.139.12|5901|206.184.139.70|25)
 (hosta.sesta.com -- Server ESMTP [iMS V5.0 #8790])
 (TCP|206.184.139.12|5901|206.184.139.70|25)
 smtp;250 2.1.5 carl@hosta.sesta.com and options OK.

19-Feb-1998 10:52:12.40 1f625.3.2 tcp_local      -            C  (9)
 TCP|206.184.139.12|5901|206.184.139.70|25
 SMTP/hosta.sesta.com/hosta.sesta.com

19-Feb-1998 10:52:13.01 1f625.2.1 tcp_local                  D 1
 adam@sesta.com rfc822;dave@hostb.sesta.com dave@hostb.sesta.com
 imta/queue/tcp_local/ZZ01ITRF7C11FU000FCN.00
  <01ITRF7BDHS6000FCN@SESTA.COM>
 mailhub.sesta.com dns;mailhub.sesta.com
 (TCP|206.184.139.12|5900|206.184.139.66|25)
 (MAILHUB.SESTA.COM -- Server ESMTP [iMS V5.0 #8694])
 (TCP|206.184.139.12|5900|206.184.139.66|25)
 smtp;250 2.1.5 dave@hostb.sesta.com and options OK.

19-Feb-1998 10:52:13.05 1f625.2.2 tcp_local      -            C  (10)
                  
 TCP|206.184.139.12|5900|206.184.139.66|25
 SMTP/hostb.sesta.com/mailhub.sesta.com

               
  1. The message is enqueued to the first recipient...

  2. ....and to the second recipient...

  3. ....and to the third recipient.

  4. Having LOG_CONNECTION=3 set causes the MTA to write this entry. The minus, -, indicates that this entry refers to an outgoing connection. The O means that this entry corresponds to the opening of the connection. Also note that the process ID here is the same, 1f625, since the same process is used for the multithreaded TCP/IP channel for these separate connection opens, though this open is being performed by thread 2 vs. thread 3.

  5. As there are two separate remote systems to which to connect, the multithreaded SMTP client in separate threads opens up a connection to each—the first in this entry, and the second shown in 7. This part of the entry shows the sending and destination IP numbers and port numbers, and shows both the initial host name, and the host name found by doing a DNS lookup. In the SMTP/initial-host/dns-host clauses, note the display of both the initial host name, and that used after performing a DNS MX record lookup on the initial host name: mailhub.sesta.com is apparently an MX server for hostb.sesta.com.

  6. The multithreaded SMTP client opens up a connection to the second system in a separate thread (though the same process).

  7. As there are two separate remote systems to which to connect, the multithreaded SMTP client in separate threads opens up a connection to each—the second in this entry, and the first shown above in 5. This part of the entry shows the sending and destination IP numbers and port numbers, and shows both the initial host name, and the host name found by doing a DNS lookup. In this example, the system hosta.sesta.com apparently receives mail directly itself.

  8. Besides resulting in specific connection entries, LOG_CONNECTION=3 also causes inclusion of connection related information in the regular message entries, as seen here for instance.

  9. Having LOG_CONNECTION=3 causes the MTA to write this entry. After any messages are dequeued, (the bobby and carl messages in this example), the connection is closed, as indicated by the C in this entry.


MTA Logging Example: Inbound Connection Logging

This example illustrates log output for an incoming SMTP message when connection logging is enabled, via LOG_CONNECTION=3.


Example 21–10 MTA Logging – Inbound Connection Logging


19-Feb-1998 17:02:08.70 tcp_local    +            O          (1)
 TCP|206.184.139.12|25|192.160.253.66|1244 SMTP              (2)

19-Feb-1998 17:02:26.65 tcp_local    l             E 1
 service@siroe.com rfc822;adam@sesta.com adam
 THOR.SIROE.COM (THOR.SIROE.COM [192.160.253.66])            (3)

 19-Feb-1998 17:02:27.05 tcp_local    +             C        (4)
                   TCP|206.184.139.12|25|192.160.253.66|1244 SMTP
 
19-Feb-1998 17:02:31.73 l                          D 1
  service@siroe.com rfc822;adam@sesta.com adam
  1. The remote system opens a connection. The O character indicates that this entry regards the opening of a connection; the + character indicates that this entry regards an incoming connection.

  2. The IP numbers and ports for the connection are shown. In this entry, the receiving system (the system making the log file entry) has IP address 206.184.139.12 and the connection is being made to port 25; the sending system has IP address 192.160.253.66 and is sending from port 1244.

  3. In the entry for the enqueue of the message from the incoming TCP/IP channel (tcp_local) to the l channel recipient, note that information beyond the default is included since LOG_CONNECTION=3 is enabled. Specifically, the name that the sending system claimed on its HELO or EHLO line, the sending system’s name as found by a DNS reverse lookup on the connection IP number, and the sending system’s IP address are all logged; see Chapter 12, Configuring Channel Definitions behavior.

  4. The inbound connection is closed. The C character indicates that this entry regards the closing of a connection; the + character indicates that this entry regards an incoming connection.


Enabling Dispatcher Debugging

Dispatcher error and debugging output (if enabled) are written to the file dispatcher.log in the MTA log directory. The dispatcher configuration information is specified in the msg_svr_base/imta/dispatcher.cnf file. A default configuration file is created at installation time and can be used without any changes made. However, if you want to modify the default configuration file for security or performance reasons, you can do so by editing the dispatcher.cnf file.

Table 21–3 Dispatcher Debugging Bits

Bit 

 

Hexadecimal value 

Decimal value 

Usage 

 

x 00001 

Basic Service Dispatcher main module debugging. 

x 00002 

Extra Service Dispatcher main module debugging. 

x 00004 

Service Dispatcher configuration file logging. 

x 00008 

Basic Service Dispatcher miscellaneous debugging. 

x 00010 

16 

Basic service debugging. 

x 00020 

32 

Extra service debugging. 

x 00040 

64 

Process related service debugging. 

x 00080 

128 

Not used. 

x 00100 

256 

Basic Service Dispatcher and process communication debugging. 

x 00200 

512 

Extra Service Dispatcher and process communication debugging. 

10 

x 00400 

1024 

Packet level communication debugging. 

11 

x 00800 

2048 

Not used. 

12 

x 01000 

4096 

Basic Worker Process debugging. 

13 

x 02000 

8192 

Extra Worker Process debugging. 

14 

x 04000 

16384 

Additional Worker Process debugging, particularly connection hand-offs. 

15 

x 08000 

32768 

Not used. 

16 

x 10000 

65536 

Basic Worker Process to Service Dispatcher I/O debugging. 

17 

x 20000 

131072 

Extra Worker Process to Service Dispatcher I/O debugging. 

20 

x 100000 

1048576 

Basic statistics debugging. 

21 

x 200000 

2097152 

Extra statistics debugging. 

24 

x 1000000 

16777216 

Log PORT_ACCESS denials to the dispatcher.log file. 

ProcedureTo Enable Dispatcher Error Debugging Output

Steps
  1. Edit the dispatcher.cnf file.

  2. Set the DEBUG option to -1.

    You can also set the logical or environmental variable IMTA_DISPATCHER_DEBUG (UNIX), which defines a 32-bit debug mask in hexadecimal, to the value FFFFFFFF. The table above describes the meaning of each bit.

ProcedureTo Set Dispatcher Parameters (Solaris)

The dispatcher services offered in the dispatcher configuration file affects requirements for various system parameters. The system’s heap size (datasize) must be enough to accommodate the dispatcher’s thread stack usage.

Steps
  1. To display the heap size (that is, default datasize), use one of the following:

    The csh command:


    # limit
    

    The ksh command


    # ulimit -a
    

    The Solaris utility


    # sysdef
    
  2. For each dispatcher service compute STACKSIZE*MAX_CONNS, and then add up the values computed for each service. The system’s heap size needs to be at least twice this number.