Score:2

Can postfix log source ports for inbound SMTP connections?

kz flag

At the moment, postfix logs inbound connections like this:

May  4 11:15:01 hostname postfix/smtpd[161025]: connect from unknown[192.0.2.1]

This isn't enough information for hosting providers to respond to abuse reports where they use CGNAT. They need the source port to identify the offending customer.

Is there any way to make postfix log the source port? Something like this would be ideal:

May  4 11:15:01 hostname postfix/smtpd[161025]: connect from unknown[192.0.2.1:12345]
anx avatar
fr flag
anx
Related question about **destination ports**: https://serverfault.com/questions/725122/postfix-show-destination-port-for-incoming-connection-in-the-logs
Score:2
fr flag
anx

Yes, just set smtpd_client_port_logging to yes.

smtpd_client_port_logging (default: no)

Enable logging of the remote SMTP client port in addition to the hostname and IP address. The logging format is "host[address]:port".

This feature is available in Postfix 2.5 and later.

-- man 5 postconf

Note that the format does not quite match your example, it will place the port after the brackets: unknown[192.0.2.1]:12345

Beware of log aggregation and analysis tools that might need their regex patterns adjusted to correctly parse the changed format - notably utilities like fail2ban might no longer detect the relevant log lines.

kz flag
Perfect, and works like a charm. Thanks!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.