Home / server / Questions / 803847
In Process
c33s
Asked: 2016-09-19 08:55:12 +0800 CST

How to log the whole SMTP session including DATA with postfix?

  • 772

I am running a Debian 8.5 with postifx 2.11.3-1 and i try to log the whole smtp session including DATA to mail.log.

it was possible to see a part of the data by increasing the verbosity by adding -vvv to the smtpd in the master.cf (see whole file below) but it wasn't possible for me to get the complete data, only the first 10 chars are being logged.

mail.log

--- snip ---
Sep 18 18:22:03 vagrant postfix/smtpd[9220]: rec_put: type T len 17 data 1474215723
Sep 18 18:22:03 vagrant postfix/smtpd[9220]: rec_put: type A len 18 data log_ident=
Sep 18 18:22:03 vagrant postfix/smtpd[9220]: rec_put: type A len 21 data rewrite_co
Sep 18 18:22:03 vagrant postfix/smtpd[9220]: rec_put: type S len 23 data foo@exampl
Sep 18 18:22:03 vagrant postfix/smtpd[9220]: rec_put: type A len 25 data log_client
--- snip ---

also by increasing the verbosity postfix really logs a lot. is there a better way rather then increasing verbosity level?

as far as i found out it is only possible to use tcpdump or whireshark to really only log the smtp session, do i see this correct?

example smtp session of what i want to log:

telnet www.sample.com 25

Server Response: 220 www.sample.com ESMTP Postfix
Client Sending : HELO domain.com
Server Response: 250 Hello domain.com
Client Sending : MAIL FROM: <[email protected]>
Server Response: 250 Ok
Client Sending : RCPT TO: <[email protected]>
Server Response: 250 Ok
Client Sending : DATA
Server Response: 354 End data with <CR><LF>.<CR><LF>
Client Sending : Subject: Example Message
Client Sending : From: [email protected]
Client Sending : To: [email protected]
Client Sending :
Client Sending : Yo,
Client Sending :
Client Sending :   Sending a test message.
Client Sending :
Client Sending :   Later,
Client Sending : Carl
Client Sending : .
Server Response: 250 Ok: queued as 45334
Client Sending : QUIT
Server Response: 221 Bye

master.cf

smtp      inet  n       -       -       -       -       smtpd -vvv

pickup    unix  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr

tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp

showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)

ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = localhost.at.dev
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = localhost.at.dev
mydestination = localhost.at.dev, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
debian postfix

1 Answers

  1. It is really hard to log at that level and have a usable log. I've only seen it in clients set to debug level. You might be able to do a log per message that is useful.

    Is there any reason you need a log at this level? You should be able to create a shadow copy of the message, but that would exclude the commands used.

    It is relatively easy to get the commands in exim4, but I don't think it as easy to get the responses. Data is another matter, but you should be able to capture the spool file that contains the data. I believe it is more difficult to get the commands in Postfix due to the way it is structured.

    • 0