Understanding zimbra.log And Postfix Log Events - MTA: Difference between revisions

(Created page with "{{WIP}}{{Article Infobox|{{admin}}|{{ZCS 8.6}}|{{ZCS 8.5}}|{{ZCS 8.0}}}} =Understanding /var/log/zimbra.log And Postfix Log Events= Ref: * http://www.onlamp.com/pub/a/onlam...")
 
mNo edit summary
Line 20: Line 20:
The process ID is in the square brackets.  
The process ID is in the square brackets.  


{{Postfix Queue ID vs. message-id - MTA}}
{{:Postfix Queue ID vs. message-id - MTA}}


{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0|04/16/2015}}
{{Article Footer|Zimbra Collaboration 8.6, 8.5, 8.0|04/16/2015}}
{{NeedSME|SME1|SME2|Copyeditor}}
{{NeedSME|SME1|SME2|Copyeditor}}
[[Category: Author:Ajcody]]
[[Category: Author:Ajcody]]

Revision as of 18:40, 24 April 2015

Admin Article

Article Information

This article applies to the following ZCS versions.

ZCS 8.6 Article ZCS 8.6 ZCS 8.5 Article ZCS 8.5 ZCS 8.0 Article ZCS 8.0


Understanding /var/log/zimbra.log And Postfix Log Events

Ref:

To see some of the basic warning:

$ egrep '(reject|warning|error|fatal|panic):' /var/log/zimbra.log

Log events follow this basic pattern:

Description 
     || Date & Time  || Hostname || Postfix component id || Message
Example     
      Dec 31 11:34:21  testserver    postfix/smtpd[1677]:   connect from mail.example.com[192.168.100.45]

The process ID is in the square brackets.

Postfix Queue ID vs. message-id

   KB 21880        Last updated on 2015-04-24  




0.00
(0 votes)


Purpose

Explain the difference between postfix queue ID and message-id.

Resolution

  • Note, postfix queue ID is NOT message-id.
  • For the examples below, the ZCS server being used has an ip address of 10.137.27.32 .

A message-id is assigned by the MUA or postfix if the message doesn't have one. The message-id is in the header of the email. The postfix queue ID is NOT in the header of the emails. An email header will also have the original emails message-id if it's an reply.

Date: Tue, 4 Jun 2013 06:43:55 -0700 (PDT)
From: Adam Cody 2 <ajcody2@zcs723.EXAMPLE.com>
To: Adam Cody <ajcody@zcs723.EXAMPLE.com>
###  COMMENT START - Below are the two message-id's
###  The message-id is noted the /var/log/zimbra.log log events
###  Example will be shown farther down
Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.EXAMPLE.com>
In-Reply-To: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
###  End Of COMMENT
Subject: Re: test email
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.16.XX.XX]
X-Mailer: Zimbra 7.2.3_GA_2872 (ZimbraWebClient - [unknown] (Win)/0.0)

reply back

----- Original Message -----
From: "Adam Cody" <ajcody@zcs723.EXAMPLE.com>
To: "Adam Cody 2" <ajcody2@zcs723.EXAMPLE.com>
Sent: Tuesday, June 4, 2013 9:32:13 AM
Subject: test email

When a message enters the Postfix system [incoming or outgoing] it is immediately assigned a queue ID. Postfix/ZCS will most likely have a message leave the postfix queue for other processing: amavis, filters, etc. This will cause the message to get a new queue ID's. This can also happen if you were to requeue your messages by doing something like: postsuper -r . You will need to note the message-id and ALL queue ID's to get the complete picture of what was happening for a particular email. For the example below, I first did a search for the message-id [found by looking at the header, ZWC > Sent box > View Original on email I sent] in /var/log/zimbra.log.

egrep "692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log

This output then gave me the associated postfix queue ID's, there were two unique ones. I then did another search using all three variables:

         QueueID      QueueID           MessageID
 egrep "59E261E78D1|C6CAA1E78D2|692082388.59.1370352733069.JavaMail.root" /var/log/zimbra.log

Below is the return to find the full log event in /var/log/zimbra.log for this one email.

Jun  4 06:32:14 zcs723 postfix/smtpd[16290]: 
  59E261E78D1: client=zcs723.EXAMPLE.com[10.137.27.32]
Jun  4 06:32:14 zcs723 postfix/cleanup[16293]: 
  59E261E78D1: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
Jun  4 06:32:14 zcs723 postfix/qmgr[7864]: 
  59E261E78D1: from=<ajcody@zcs723.EXAMPLE.com>, size=673, nrcpt=1 (queue active)
Jun  4 06:32:44 zcs723 postfix/smtpd[16310]: 
  C6CAA1E78D2: client=localhost[127.0.0.1]
Jun  4 06:32:44 zcs723 postfix/cleanup[16293]: 
  C6CAA1E78D2: message-id=<692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>
Jun  4 06:32:44 zcs723 postfix/qmgr[7864]: 
  C6CAA1E78D2: from=<ajcody@zcs723.EXAMPLE.com>, size=1361, nrcpt=1 (queue active)
Jun  4 06:32:44 zcs723 amavis[19662]: (19662-02) 
  FWD via SMTP: <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>,
  BODY=7BIT 250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2
Jun  4 06:32:45 zcs723 postfix/lmtp[16311]: C6CAA1E78D2: to=<ajcody2@zcs723.EXAMPLE.com>, 
  relay=zcs723.EXAMPLE.com[10.137.27.32]:7025, delay=0.85, delays=0.11/0.01/0.39/0.34, 
  dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Jun  4 06:32:45 zcs723 postfix/qmgr[7864]: C6CAA1E78D2: removed
Jun  4 06:32:46 zcs723 amavis[19662]: (19662-02) 
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32] 
  <ajcody@zcs723.EXAMPLE.com> -> <ajcody2@zcs723.EXAMPLE.com>, 
  Message-ID: <692082388.59.1370352733069.JavaMail.root@zcs723.EXAMPLE.com>, 
  mail_id: GGpaucYR0-4J, Hits: -1.106, size: 673, queued_as: C6CAA1E78D2, 28828 ms
Jun  4 06:32:46 zcs723 postfix/smtp[16294]: 59E261E78D1: to=<ajcody2@zcs723.EXAMPLE.com>, 
  relay=127.0.0.1[127.0.0.1]:10024, delay=32, delays=0.16/0.09/5.3/26, dsn=2.0.0, 
  status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as C6CAA1E78D2)
Jun  4 06:32:46 zcs723 postfix/qmgr[7864]: 59E261E78D1: removed

And the reply to the above message is shown below. [Note, both accounts are on the same ZCS system]:

Jun  4 06:43:56 zcs723 postfix/cleanup[20443]: 
  EFD1D1E78D1: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
Jun  4 06:44:28 zcs723 postfix/cleanup[20443]: 
  C0E171E78D2: message-id=<315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>
Jun  4 06:44:29 zcs723 amavis[19663]: (19663-02) 
  Passed CLEAN, MYNETS LOCAL [10.137.27.32] [10.137.27.32] 
  <ajcody2@zcs723.us.zimbralab.com> -> <ajcody@zcs723.us.zimbralab.com>, 
  Message-ID: <315186059.60.1370353435012.JavaMail.root@zcs723.us.zimbralab.com>, 
  mail_id: 0XbLSIeuewz3, Hits: -1.106, size: 969, queued_as: C0E171E78D2, 31775 ms

When using any of the postfix commands to view/manipulate messages, they will be using the queueID that the message currently has. For example, mailq output looks like this:

 [root@zcs723 ~]# /opt/zimbra/postfix/sbin/mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
C12E6246BC      514 Tue Mar 26 08:00:35  root
                                         zimbra

C7F00246A8      517 Tue Mar 26 07:00:24  root
                                         zimbra

9A2D124693      530 Mon Apr 15 19:04:20  root
                                         zimbra

To view a message that is still in the postfix queues/spool, you can use the postcat command with the -q option [-q (access queue)].

postcat -q C12E6246BC | more

Additional Content


Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0 Date Created: 04/16/2015
Article ID: https://wiki.zimbra.com/index.php?title=Understanding_zimbra.log_And_Postfix_Log_Events_-_MTA Date Modified: 2015-04-24



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by SME1 SME2 Copyeditor Last edit by Ajcody
Verified Against: Zimbra Collaboration 8.6, 8.5, 8.0 Date Created: 04/16/2015
Article ID: https://wiki.zimbra.com/index.php?title=Understanding_zimbra.log_And_Postfix_Log_Events_-_MTA Date Modified: 2015-04-24



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Wiki/KB reviewed by SME1 SME2 Copyeditor Last edit by Ajcody
Jump to: navigation, search