Logging of SMTP Sessions
========================

Normally, qmail-smtpd doesn't log anything.

Within s/qmail, qmail-smtpd logs some accepted and some (important) rejected SMTP session attempts.

Format:	"qmail-smtpd: pid PID Action::Type::Condition: Information"

In order to track a complete SMTP transaction (including tcpserver/sslserver + rblsmtpd)
the log line includes now the PID.

Here's the glue:


  Action Type Condition 	Explanation
  -----------------------------------------

  Reject AUTH missing		AUTHentication missing
  Reject AUTH setup		AUTHentication impossible due to missing PAM
  Reject AUTH type		AUTHentication of 'type' rejected
  Reject Auth Meth		AUTHentication Method rejected
  Accept AUTH type		AUTHentication of 'type' accepted

  Reject DATA Invalid_Size 	DATA exceeds sizelimit
  Reject DATA Bad_MIME 		DATA includes BASE 64 MIME type listed in badmimetypes
  Reject DATA Bad_Loader 	DATA includes BASE64 loader type listed in badmimetypes
  Reject DATA Virus_Infected 	DATA includes virus infected message (<scanner> | 'AV scanner')
  Reject DATA Spam_Message  	DATA includes an identified Spam message.
  
  Reject ORIG Bad_Mailfrom 	ORIG is in badmailfrom
  Reject ORIG DNS_MF 		Domain part of ORIG has no DNS MX RR
  Reject ORIG Failed_Auth 	ORIG tried SMTP Authentication; but failed
  Reject ORIG Require_Auth 	SMTP Authentication required; but not granted
  Reject ORIG Invalid_Sender 	ORIG not allowed to send
  Reject ORIG Missing_Auth 	SMTP Authentication required, but not granted
  Reject ORIG SPF		ORIG was rejected due to failed SPF permissions
  Accept ORIG Local_Sender 	ORIG was identified as local sender address
  Accept ORIG Relay_Mailfrom	ORIG was accepted als Relaymailfrom
  
  Reject RCPT Bad_Rcptto 	RCPT is in badrcptto
  Reject RCPT Toomany_Rcptto 	Too many RCPTs
  Reject RCPT Failed_Rcptto 	RCPT could not acceptd as per recipients/cdb.
  Accept RCPT Recipients_Cdb    RCPT was accepted as per recipients/cdb.
  Accept RCPT Recipients_Pam    RCPT was accepted as per recipients/pam plug-in.
  Accept RCPT Recipients_Wild   RCPT was accepted as per recipients/wildlisting.
  Accept RCPT Rcpthosts_Rcptto 	RCPT was accepted as per rcpthosts/morercpthosts

  Reject SNDR Bad_Helo 		SNDR's HELO is in the badhelo
  Reject SNDR DNS_HELO 		SNDR's HELO has no DNS A RR
  Reject SNDR Invalid_Relay 	SNDR's tries relaying; but not allowd
  Accept SNDR Relay_Client 	SNDR was identified as relay client
  
  Reject TLS  missing		TLS connection could not be established 
  Reject TLS  required	TLS connection could not be established 

  Accept SPF  Recipients_Cdb    ORIG was authorized and RCPT accepted as per recipients/cdb.
  Accept SPF  Recipients_Pam    ORIG was authorized and RCPT accepted as per recipients/pam plug-in.
  Accept SPF  Recipients_Wild   ORIG was authorized and RCPT was accepted as per recipients/wildlisting.
  Accept SPF  Rcpthosts_Rcptto 	ORIG was authorized and RCPT was accepted as per rcpthosts/morercpthosts

  Reject SPF  Fail		ORIG authorization failed per SPF 

	Deferred	GREY	Grey_Listed	SNDR was temporarily greylisted 


SNDR (S) corresponds to the sending MTA.
ORIG (F) is the "MAIL From: <Return-Path>".
RCPT (T) is the "RCPT To: <Forwarding-Path>".
DATA is the Message.
GREY is triple of envelope data: SNDR+ORIG+RCPT.

Protocol 
--------
	SMTP						plain SMTP
	ESMTP						'enhanced' SMTP
	ESMTPA					ESMTP + authentication
	ESMPTS					TLS secured EMSTP
	ESMTPSA					TLS secured ESMTP + auth
	ESMTP[SA]UTF8 	ESMTP[SA] with UTF-8
	


The Information is typically constructed from the SMTP envelope like:

  S:IP:FQDN P:Protocol H:Helo F:Mailfrom T:Rcptto


This scheme is easy extendable to other successful/deferred SMTP sessions.

In addition for POP3 services this scheme is used; but now logging takes place on FD 5.

