Logging of SMTP Sessions
========================

Normally, qmail-smtpd doesn't log anything.

Within s/qmail, qmail-smtpd logs some accepted and some (important) rejected SMTP session attempts.

Format:	"qmail-smtpd: pid PID Action::Type::Condition: Information"

In order to track a complete SMTP transaction (including tcpserver/sslserver + rblsmtpd)
the log line includes now the PID.

Here's the glue:


  Action Type Condition 	Explanation
  -----------------------------------------

  Reject AUTH missing		AUTHentication missing
  Reject AUTH type		AUTHentication of 'type' rejected
  Reject Auth Meth		AUTHentication Method rejected
  Accept AUTH type		AUTHentication of 'type' accepted

  Reject DATA Invalid_Size 	DATA exceeds sizelimit
  Reject DATA Bad_MIME 		DATA includes BASE 64 MIME type listed in badmimetypes
  Reject DATA Bad_Loader 	DATA includes BASE64 loader type listed in badmimetypes
  Reject DATA Virus_Infected 	DATA includes virus infected message (<scanner> | 'AV scanner')
  Reject DATA Spam_Message  	DATA includes an identified Spam message.
  
  Reject ORIG Bad_Mailfrom 	ORIG is in badmailfrom
  Reject ORIG DNS_MF 		Domain part of ORIG has no DNS MX RR
  Reject ORIG Failed_Auth 	ORIG tried SMTP Authentication; but failed
  Reject ORIG Require_Auth 	SMTP Authentication required; but not granted
  Reject ORIG Invalid_Sender 	ORIG not allowed to send
  Reject ORIG Missing_Auth 	SMTP Authentication required, but not granted
  Reject ORIG SPF		ORIG was rejected due to failed SPF permissions
  Accept ORIG Local_Sender 	ORIG was identified as local sender address
  Accept ORIG Relay_Mailfrom	ORIG was accepted als Relaymailfrom
  
  Reject RCPT Bad_Rcptto 	RCPT is in badrcptto
  Reject RCPT Toomany_Rcptto 	Too many RCPTs
  Reject RCPT Failed_Rcptto 	RCPT could not acceptd as per recipients/cdb.
  Accept RCPT Recipients_Cdb    RCPT was accepted as per recipients/cdb.
  Accept RCPT Recipients_Pam    RCPT was accepted as per recipients/pam plug-in.
  Accept RCPT Recipients_Wild   RCPT was accepted as per recipients/wildlisting.
  Accept RCPT Rcpthosts_Rcptto 	RCPT was accepted as per rcpthosts/morercpthosts

  Reject SNDR Bad_Helo 		SNDR's HELO is in the badhelo
  Reject SNDR DNS_HELO 		SNDR's HELO has no DNS A RR
  Reject SNDR Invalid_Relay 	SNDR's tries relaying; but not allowd
  Accept SNDR Relay_Client 	SNDR was identified as relay client
  
  Reject TLS  missing		TLS connection could not be established

  Accept SPF  Recipients_Cdb    ORIG was authorized and RCPT accepted as per recipients/cdb.
  Accept SPF  Recipients_Pam    ORIG was authorized and RCPT accepted as per recipients/pam plug-in.
  Accept SPF  Recipients_Wild   ORIG was authorized and RCPT was accepted as per recipients/wildlisting.
  Accept SPF  Rcpthosts_Rcptto 	ORIG was authorized and RCPT was accepted as per rcpthosts/morercpthosts

  Reject SPF  Fail		ORIG authorization failed per SPF 


SNDR (S) corresponds to the sending MTA.
ORIG (F) is the "MAIL From: <Return-Path>".
RCPT (T) is the "RCPT To: <Forwarding-Path>".
DATA is the Message.

The Information is typically constructed from the SMTP envelope like:

  S:IP:FQDN P:Protocol H:Helo F:Mailfrom T:Rcptto


This scheme is easy extendable to other successful/deferred SMTP sessions.

In addition for POP3 services this scheme is used; but now logging takes place on FD 5.

