Can someone tell me how I can get the meaning of these variables (ehlo..commands) in the postfix log? i.e: 1) disconnect from xxxx.xxxx.xx [99.99.999.99] ehlo= 2 starttls= 1 mail=1 rcpt=1 data=1 quit=1 commands=7 2) disconnect from xxxx.xxxx.xx [99.99.999.99] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8 Thank you very much!!
In the postfix user's list Wietse Venema recommend the following that I would like to share in this forum: foo=x/y means that the client sent the 'foo' command 'y' times, and that Postfix accepted 'x' of those conmmands. When 'x' and 'y' are the same, Postfix shows only one. These statistics make problems easy to diagnose. The command $ grep auth=./ /var/log/maillog will show spambots attempts to log in. Here is a typical result: Aug 1 11:24:35 spike postfix/smtpd[26284]: disconnect from unknown[122.246.158.54] ehlo=1 auth=0/1 commands=1/2 Wietse
