Logging SMTP Sessions in GreenArrow
This document explains how to log SMTP sessions for incoming connections and outgoing connections. SMTP logging may be necessary while troubleshooting SMTP injection or delivery problems.
- Table of Contents
- Logging SMTP Sessions on Incoming Connections
- Logging SMTP Sessions on Outgoing Connections
Logging SMTP Sessions on Incoming Connections
This can help identify issues during injection, or collect more information about injection problems.
The methods listed below apply to all SMTP services, but the example will be done on SMTP2, which is the service listening on port 587 (unless the default port for that service is changed).
Log SMTP Commands
SMTP command logging only logs the SMTP commands sent by the remote STMP client (the other party), and the responses sent by GreenArrow. It does not include the contents of the DATA request. This is usually enough to capture details about the session to identify problems while being less verbose than logging the full SMTP session.
To enable SMTP command logging, add the following line to /var/hvmail/control/smtp2 file and add the following line:
export GREENARROW_LOG_SMTP_COMMANDS=
svc -tu /service/hvmail-qmail-smtpd2
Enabling SMTP Command Logging for a single IP
In some cases you want to enable SMTP command logging only for certain IP addresses.
To do this edit the IP authorization file, and add the GREENARROW_LOG_SMTP_COMMANDS variable to the entry for the IP that you want to log SMTP commands for. And reload the authorization file configuration.
NOTE: the default authorization file is /var/hvmail/control/smtp.tcp unless you have configured additional authorization files - see the IPs Authorized to Relay documentation for details.
For example, assuming that you want to log the IP 1.2.3.4, and it is already authorized to inject messages with the follwoing line:
1.2.3.4:allow,RELAYCLIENT=""
Append the GREENARROW_LOG_SMTP_COMMANDS="" variable to the authorization line. The result would be:
1.2.3.4:allow,RELAYCLIENT="",GREENARROW_LOG_SMTP_COMMANDS=""
If the IP is not listed because the email client uses SMTP AUTH, then add an entry:
1.2.3.5:allow,GREENARROW_LOG_SMTP_COMMANDS=""
Then apply the new configuration (adjust the command if you are not using the authorization file smtp.tcp):
/var/hvmail/bin/hvmail_update_tcprules smtp
Log SMTP Commands and Message
The procedure is the same when logging only SMTP commands:
(1) Edit the SMTP service file, for SMTP2 it is /var/hvmail/control/smtp2
(2) Append the following lines to log both commands and message:
export GREENARROW_LOG_SMTP_COMMANDS=
export GREENARROW_LOG_SMTP_MESSAGE=
svc -tu /service/hvmail-qmail-smtpd2
Log SMTP Commands and Messages for a single IP
Follow the same procedure for SMTP Command only logging:
(1) Edit the IP Authorization file (/var/hvmail/control/smtp.tcp by default)
(2) If there is an entry for the IP that you want to log, add the two variables. For example:
1.2.3.4:allow,RELAYCLIENT=""
Should become:
1.2.3.4:allow,RELAYCLIENT="",GREENARROW_LOG_SMTP_COMMANDS="",GREENARROW_LOG_SMTP_MESSAGE=""
(3) If the IP does not have an entry then add one:
1.2.3.5:allow,GREENARROW_LOG_SMTP_COMMANDS="",GREENARROW_LOG_SMTP_MESSAGE=""
(4) Apply the new configuration:
/var/hvmail/bin/hvmail_update_tcprules smtp
Where is this information logged?
These SMTP sessions will be logged on the corresponding SMTP service log file.. You can monitor the SMTP2 log with the following command:
tail -F /var/hvmail/log/qmail-smtpd2/current | tai64nlocal
See this screenshot for an example:
Logging SMTP Sessions on Outgoing Connections
To log outgoing connections, use the directives log_smtp_connections, log_smtp_commands, or the log_smtp_hexdump directives.
These directives are added to GreenArrow’s main configuration file, and the logs are sent to the Rspawn Limiter service logs.
(1) Add the directive to the /var/hvmail/control/greenarrow.conf file
(2) Validate and reload the new configuration (correct any syntax errors):
greenarrow_config validate && greenarrow_config reload
(3) Monitor the rspawn-limiter service log file:
tail -F /var/hvmail/log/rspawn-limiter/current | tai64nlocal