1

Topic: Question of Maillog

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 5.9
- Related log if you're reporting an issue:  maillog
====

I had a question concerning some output in the maillog, on a system and domain I've been running for a week now.  I'm using splunk to parse the logs and I see this entry (type) quite a bit:

Jun 18 20:29:49 pcrmail policyd: rcpt=41, whitelist=update, host=10.1.1.1 (unknown), from=an********@sify.com, to=r*******@texasgeotech.com, size=1662

One thing that stands out .. is that the time stamp is in the future?  When I saw this, it was currently 2pm (14:00:00) and I verified my server's time .. so where is that 20:29:49 coming from?

The other issue is I do have my server behind a nat / firewall, the 10.1.1.1 ip address is of my gateway.  Is there something I failed to configure?  (The server does send and receive emails -- but the domain users are claiming they're not getting enough emails.)

Lastly, what does whitelist=update signify?  Do I need to manually add this address to the whitelist?  It doesn't seem automatic as I see several of these entries from the same email address.

2

Re: Question of Maillog

lennis wrote:

One thing that stands out .. is that the time stamp is in the future?  When I saw this, it was currently 2pm (14:00:00) and I verified my server's time .. so where is that 20:29:49 coming from?

*) Do you have correct timezone configured on your server?
*) Also, syslog was reported to have this issue before, not sure whether it was fixed or not.

lennis wrote:

The other issue is I do have my server behind a nat / firewall, the 10.1.1.1 ip address is of my gateway.  Is there something I failed to configure?  (The server does send and receive emails -- but the domain users are claiming they're not getting enough emails.)

Check your Postfix mail log, if it logs something, then there must be something wrong with your server configuration. If not, there may be something wrong with your firewall.

lennis wrote:

Lastly, what does whitelist=update signify?  Do I need to manually add this address to the whitelist?  It doesn't seem automatic as I see several of these entries from the same email address.

Check this: http://policyd.sf.net/readme.html