服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 如何解释Ubuntu上的后缀日志
Intereting Posts
(完全)随机化PCAP文件中的IP地址 debian mysql错误运行/var/log/mysql.log共享postrotate脚本 ISP级代理 JBoss在启动时抛出错误,查找本地地址 多个Tomcat实例 如何在SQL Server实例上configurationSSL以允许专用用户远程访问它? Lighttpd和FastCGI在启动时不会创build/tmp/fcgi.sock? 在lsof -i中发现未知的ssh连接有我的服务器被入侵? 有没有办法在没有红帽授权的RHEL 5.7上安装pip和zlib-devel? 无法从networking访问Linux机器,从机器的networking是好的 热插拔脚本不能正常工作 S3比EC2 DIY解决scheme便宜(小文件) 关于SQL Servernetworking 如何使用命令行在IIS7 +中重新启动单个网站? 如何从Sun Java System Directory Server获取LDAP查询的服务器端计数?

如何解释Ubuntu上的后缀日志

我只是在运行Ubuntu 14.04.1 LTS的服务器上安装了postfix。 我有点困惑,我应该如何解释位于/var/log/mail.log后缀日志。

首先,我安装postfix的原因之一是,我的cron作业将能够发送给我一个包含任何错误或输出的电子邮件。 发生这种情况时,Gmail似乎阻止了该邮件,因为它认为这是未经请求的电子邮件。

为了testing这个,我设置了一个简单地回应单词test的cronjob。 这是我的cron文件: 

 [email protected] 44 13 * * * echo test

当这个运行时,这是我在后缀日志中看到的: 

 Feb 7 13:44:01 prod postfix/pickup[22580]: AE4271627DB: uid=0 from=<root> Feb 7 13:44:01 prod postfix/cleanup[23434]: AE4271627DB: message-id=<[email protected]> Feb 7 13:44:01 prod postfix/qmgr[3539]: AE4271627DB: from=<[email protected]>, size=565, nrcpt=1 (queue active) Feb 7 13:44:01 prod postfix/smtp[23436]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c03::1b]:25: Network is unreachable Feb 7 13:44:02 prod postfix/smtp[23436]: AE4271627DB: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.171.27]:25, delay=1.2, delays=0.02/0.01/0.56/0.65, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[64.233.171.27] said: 550-5.7.1 [104.236.71.114 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. a3si7533488qas.19 - gsmtp (in reply to end of DATA command)) Feb 7 13:44:02 prod postfix/cleanup[23434]: E62521627DC: message-id=<[email protected]> Feb 7 13:44:02 prod postfix/qmgr[3539]: E62521627DC: from=<>, size=3228, nrcpt=1 (queue active) Feb 7 13:44:02 prod postfix/bounce[23437]: AE4271627DB: sender non-delivery notification: E62521627DC Feb 7 13:44:02 prod postfix/qmgr[3539]: AE4271627DB: removed Feb 7 13:44:02 prod postfix/local[23439]: E62521627DC: to=<[email protected]>, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox) Feb 7 13:44:02 prod postfix/qmgr[3539]: E62521627DC: removed

发生这种情况后,我没有收到我的Gmail帐户中的电子邮件,并且在我的服务器上的/var/mail/root看到一封新的电子邮件: 

 From MAILER-DAEMON Sat Feb 7 13:44:02 2015 Return-Path: <> X-Original-To: [email protected] Delivered-To: [email protected] Received: by server.hostname.01 (Postfix) id E62521627DC; Sat, 7 Feb 2015 13:44:02 -0500 (EST) Date: Sat, 7 Feb 2015 13:44:02 -0500 (EST) From: [email protected] (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: [email protected] Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="AE4271627DB.1423334642/server.hostname.01" Message-Id: <[email protected]> This is a MIME-encapsulated message. --AE4271627DB.1423334642/server.hostname.01 Content-Description: Notification Content-Type: text/plain; charset=us-ascii This is the mail system at host server.hostname.01. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <[email protected]>: host gmail-smtp-in.l.google.com[64.233.171.27] said: 550-5.7.1 [104.236.71.114 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. a3si7533488qas.19 - gsmtp (in reply to end of DATA command) --AE4271627DB.1423334642/server.hostname.01 Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; server.hostname.01 X-Postfix-Queue-ID: AE4271627DB X-Postfix-Sender: rfc822; [email protected] Arrival-Date: Sat, 7 Feb 2015 13:44:01 -0500 (EST) Final-Recipient: rfc822; [email protected] Action: failed Status: 5.7.1 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.1 [104.236.71.114 12] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for 550 5.7.1 more information. a3si7533488qas.19 - gsmtp --AE4271627DB.1423334642/server.hostname.01 Content-Description: Undelivered Message Content-Type: message/rfc822 Return-Path: <[email protected]> Received: by server.hostname.01 (Postfix, from userid 0) id AE4271627DB; Sat, 7 Feb 2015 13:44:01 -0500 (EST) From: [email protected] (Cron Daemon) To: [email protected] Subject: Cron <root@server> echo test Content-Type: text/plain; charset=ANSI_X3.4-1968 X-Cron-Env: <[email protected]> X-Cron-Env: <SHELL=/bin/sh> X-Cron-Env: <HOME=/root> X-Cron-Env: <PATH=/usr/bin:/bin> X-Cron-Env: <LOGNAME=root> Message-Id: <[email protected]> Date: Sat, 7 Feb 2015 13:44:01 -0500 (EST) test --AE4271627DB.1423334642/server.hostname.01--

我也在服务器上安装了fail2ban。 当fail2ban阻止和IP地址尝试login到我的服务器,它给我一个电子邮件,让我知道。 这些是电子邮件的一些标题: 

 Received: by server.hostname.01 (Postfix, from userid 0) From: Fail2Ban <[email protected]> To: [email protected] Message-Id: <[email protected]>

当我在邮件日志中search该消息ID时,我看到以下内容: 

 Feb 7 11:05:36 server postfix/cleanup[22079]: 6BBAB1627DB: message-id=<[email protected]> Feb 7 11:05:36 server postfix/qmgr[3539]: 6BBAB1627DB: from=<[email protected]>, size=1951, nrcpt=1 (queue active) Feb 7 11:05:36 server postfix/smtp[22081]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c03::1b]:25: Network is unreachable Feb 7 11:05:37 server postfix/smtp[22081]: 6BBAB1627DB: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.171.26]:25, delay=1.7, delays=0.2/0/0.55/0.95, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[64.233.171.26] said: 550-5.7.1 [104.236.71.114 11] Our system has detected that this message is 550-5.7.1 not RFC 2822 compliant. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please review 550 5.7.1 RFC 2822 specifications for more information. z1si7039105qar.33 - gsmtp (in reply to end of DATA command)) Feb 7 11:05:37 server postfix/cleanup[22079]: EC2971627DC: message-id=<[email protected]> Feb 7 11:05:37 server postfix/qmgr[3539]: EC2971627DC: from=<>, size=4514, nrcpt=1 (queue active) Feb 7 11:05:37 server postfix/bounce[22082]: 6BBAB1627DB: sender non-delivery notification: EC2971627DC Feb 7 11:05:37 server postfix/qmgr[3539]: 6BBAB1627DB: removed Feb 7 11:05:37 server postfix/local[22084]: EC2971627DC: to=<[email protected]>, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=5.1.1, status=bounced (unknown user: "fail2ban") Feb 7 11:05:37 server postfix/qmgr[3539]: EC2971627DC: removed

这似乎暗示邮件被阻止,就像cron作业发送的邮件一样,但是,此邮件确实显示在我的Gmail收件箱中。

我希望有人能解释为什么fail2ban能够成功地发送电子邮件到Gmail,但是我的cron作业不是。 我也希望有人能帮我理解这个日志输出的含义,以便我更好地理解发生了什么。 也许我有一些configuration错误的后缀?

UPDATE

根据评论,这是来自其中一个fail2ban邮件的完整邮件标题,它将其显示在我的收件箱中,但显示为在logging的后缀中被阻止。 这与本问题前面部分讨论的不一样,但是它显示了完全相同的行为: 

 Delivered-To: [email protected] Received: by 10.25.23.137 with SMTP id 9csp1267799lfx; Sun, 8 Feb 2015 16:18:32 -0800 (PST) X-Received: by 10.224.96.196 with SMTP id i4mr22411932qan.44.1423441111367; Sun, 08 Feb 2015 16:18:31 -0800 (PST) Return-Path: <[email protected]> Received: from prod.spirecollective.01 ([104.236.71.114]) by mx.google.com with ESMTP id 33si12196322qgi.19.2015.02.08.16.18.30 for <[email protected]>; Sun, 08 Feb 2015 16:18:31 -0800 (PST) Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=104.236.71.114; Authentication-Results: mx.google.com; spf=none (google.com: [email protected] does not designate permitted sender hosts) [email protected] Received: by prod.spirecollective.01 (Postfix, from userid 0) id 103C01627EF; Sun, 8 Feb 2015 19:18:30 -0500 (EST) Subject: [Fail2Ban] ssh: banned 124.205.135.225 from prod.spirecollective.01 Date: Mon, 09 Feb 2015 00:18:29 +0000 From: Fail2Ban <[email protected]> To: [email protected] Message-Id: <[email protected]>

这是来自后缀日志的条目,用于相同的消息: 

 Feb 8 19:18:30 prod postfix/pickup[2360]: 103C01627EF: uid=0 from=<fail2ban> Feb 8 19:18:30 prod postfix/cleanup[3152]: 103C01627EF: message-id=<[email protected]> Feb 8 19:18:30 prod postfix/qmgr[3539]: 103C01627EF: from=<[email protected]>, size=2156, nrcpt=1 (queue active) Feb 8 19:18:31 prod postfix/smtp[3154]: 103C01627EF: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[64.233.171.26]:25, delay=1.5, delays=0.16/0/0.55/0.77, dsn=5.7.1, status=bounced (host gmail-smtp-in.l.google.com[64.233.171.26] said: 550-5.7.1 [104.236.71.114 11] Our system has detected that this message is 550-5.7.1 not RFC 2822 compliant. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please review 550 5.7.1 RFC 2822 specifications for more information. 33si12196322qgi.19 - gsmtp (in reply to end of DATA command)) Feb 8 19:18:31 prod postfix/bounce[3155]: 103C01627EF: sender non-delivery notification: 633B4162817 Feb 8 19:18:31 prod postfix/qmgr[3539]: 103C01627EF: removed

感谢收到带有队列ID 103C01627EF及其相关邮件的电子邮件的完整标题。

这个日志告诉我们,Gmail拒绝了电子邮件。 理论上,你的Gmail收件箱中不会显示任何内容。 但实际上,gmail 可能会接受邮件并将其发送到您的邮箱。 certificate是上面的完整标题。

我想说的是,有时邮件服务器是行为不端(由于错误,丢弃策略或其他因素)。

  • 他们可能在数据阶段后拒绝你,但实际上接受电子邮件并将其交付给适当的收件人。 你的情况就是这样的例子。
  • 他们可能会先接受电子邮件。 用防病毒后台程序扫描后发现电子邮件中含有病毒。 所以,他们放弃它。

现在,真正的问题是为什么Gmail拒绝你的电子邮件。 看起来像发件人地址[email protected]不正确的FQDN格式。 所以,Gmail会拒绝您的电子邮件是正常的。