Discussion:
Multiple rcpt to log entries
Steve Falla
2004-09-28 23:15:34 UTC
Permalink
Hi,

I am trying to parse some exim logs to pull back some very specific
statistical information, and have
come across some log entries that have broken my checksums.

The documentation for exim 4 specifies that when a mesage is received it
is marked in the log
with a <=, when it is delivered it is marked with a => and a delivery to
a second address will be
marked with a ->

My problem is that totally against the specification, I am seeing logs
that are marking multiple
deliveries all with a =>

eg

18:47:26 1CCM4T-0002Rj-2x <= <> H=(mail.somewhere.com) [IP Address ......
18:47:26 1CCM4T-0002Rj-2x => ***@domain1.com R=remote T=r.....
18:47:26 1CCM4T-0002Rj-2x -> ***@domain2.com R=remote T=remote_smtp
H=host......
18:47:30 1CCM4T-0002Rj-2x => ***@domain3.com R=remote T=remote_smtp
H=host2.....
18:47:30 1CCM4T-0002Rj-2x Completed

I can reproduce this on other servers by specifying multiple rcpt to:
lines when connecting to the
server with telnet.

Is this a bug with Exim, or is the documentation just wrong?

From website documentation:

45.7

When more than one address is included in a single delivery (for
example, two SMTP RCPT commands in one transaction) the second and
subsequent addresses are flagged with "->" instead of "=>". When two or
more messages are delivered down a single SMTP connection, an asterisk
follows the IP address in the log lines for the second and subsequent
messages.


By the way, there are no asterix characters after the Ip address on the
snipped logs above, before anyone asks.


Steve
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
John W. Baxter
2004-09-28 23:33:34 UTC
Permalink
Post by Steve Falla
The documentation for exim 4 specifies that when a mesage is received it
is marked in the log
with a <=, when it is delivered it is marked with a => and a delivery to
a second address will be
marked with a ->
My problem is that totally against the specification, I am seeing logs
that are marking multiple
deliveries all with a =>
I think you've read the spec without considering all the words (in
particular "single delivery").

-> is for (per the 4.40 spec, in 45.7)
When more than one address is included in a single delivery (for example,
two SMTP RCPT commands in one transaction) the second and subsequent
addresses are flagged with ³->² instead of ³=>².

That will seldom be the case for mail to domain1.com and domain2.com
(yes...sometimes they'll share the same MX, go out the to the same
smarthost, etc).

--John
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
Fred Viles
2004-09-28 23:48:15 UTC
Permalink
On 29 Sep 2004 at 0:15, Steve Falla wrote about
"[exim] Multiple rcpt to log entries":

|...
| My problem is that totally against the specification, I am seeing logs
| that are marking multiple
| deliveries all with a =>
|
| eg
|
| 18:47:26 1CCM4T-0002Rj-2x <= <> H=(mail.somewhere.com) [IP Address ......
| 18:47:26 1CCM4T-0002Rj-2x => ***@domain1.com R=remote T=r.....
| 18:47:26 1CCM4T-0002Rj-2x -> ***@domain2.com R=remote T=remote_smtp
| H=host......

Hmm. I'd guess "domain1.com" and "domain2.com" are really the same
name, or if not both domains are handled by the same MX host.

| 18:47:30 1CCM4T-0002Rj-2x => ***@domain3.com R=remote T=remote_smtp
| H=host2.....

Whereas "domain3.com" really is a different domain handled by a
different MX host.

| 18:47:30 1CCM4T-0002Rj-2x Completed
|...
| Is this a bug with Exim, or is the documentation just wrong?

Neither, AFAICT from the obfuscated information you posted.

| From website documentation:
|
| 45.7
|
| When more than one address is included in a single delivery (for
| example, two SMTP RCPT commands in one transaction) the second and
| subsequent addresses are flagged with "->" instead of "=>". When two or
| more messages are delivered down a single SMTP connection, an asterisk
| follows the IP address in the log lines for the second and subsequent
| messages.

Your example is showing a message being relayed to multiple remote
hosts. It seems likely that the *deliverys* (outgoing SMTP sessions)
were actually separate. You are perhaps confusing "single reception"
with "single delivery"?

- Fred
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
Steve Falla
2004-09-29 00:19:36 UTC
Permalink
I am not too bothered, as I will work out how to handle this, but I have
replicated this
where one address was local and the other remote.

18:47:26 1CCM4T-0002Rj-2x <= <> H=(mail.somewhere.com) [IP Address ......
18:47:26 1CCM4T-0002Rj-2x => ***@localdomain.com R=remote T=r.....
18:47:26 1CCM4T-0002Rj-2x => ***@remotedomain.com R=remote T=remote_smtp

both domains have no link to each other whatsoever, and the exim config
is not using any smart hosting. MX records are definitely not the same.

Steve
Post by Fred Viles
On 29 Sep 2004 at 0:15, Steve Falla wrote about
|...
| My problem is that totally against the specification, I am seeing logs
| that are marking multiple
| deliveries all with a =>
|
| eg
|
| 18:47:26 1CCM4T-0002Rj-2x <= <> H=(mail.somewhere.com) [IP Address ......
| H=host......
Hmm. I'd guess "domain1.com" and "domain2.com" are really the same
name, or if not both domains are handled by the same MX host.
| H=host2.....
Whereas "domain3.com" really is a different domain handled by a
different MX host.
| 18:47:30 1CCM4T-0002Rj-2x Completed
|...
| Is this a bug with Exim, or is the documentation just wrong?
Neither, AFAICT from the obfuscated information you posted.
|
| 45.7
|
| When more than one address is included in a single delivery (for
| example, two SMTP RCPT commands in one transaction) the second and
| subsequent addresses are flagged with "->" instead of "=>". When two or
| more messages are delivered down a single SMTP connection, an asterisk
| follows the IP address in the log lines for the second and subsequent
| messages.
Your example is showing a message being relayed to multiple remote
hosts. It seems likely that the *deliverys* (outgoing SMTP sessions)
were actually separate. You are perhaps confusing "single reception"
with "single delivery"?
- Fred
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
Fred Viles
2004-09-29 02:05:59 UTC
Permalink
On 29 Sep 2004 at 1:19, Steve Falla wrote about
"Re: [exim] Multiple rcpt to log ent":

| I am not too bothered, as I will work out how to handle this, but I have
| replicated this where one address was local and the other remote.

If you expected otherwise, I don't think you've understood John's and
my replies.

| 18:47:26 1CCM4T-0002Rj-2x <= <> H=(mail.somewhere.com) [IP Address ......
| 18:47:26 1CCM4T-0002Rj-2x => ***@localdomain.com R=remote T=r.....
| 18:47:26 1CCM4T-0002Rj-2x => ***@remotedomain.com R=remote T=remote_smtp
|
| both domains have no link to each other whatsoever, and the exim config
| is not using any smart hosting. MX records are definitely not the same.

Right, so obviously both destinations can not be handled in a single
delivery. Hence the two => lines, as expected, just like in your
previous example.

- Fred
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
Steve Falla
2004-09-29 07:46:54 UTC
Permalink
Ok, I do understand now,

guess I just hadn't seen many of these log types crop up before so was
not sure of
the exact definition of a delivery, was thinking of messages rather than
connections.

My presumption from the docs was that 2 deliveries down the same
connection were
marked with the asterisk.

thanks for the pointers

S
Post by Fred Viles
On 29 Sep 2004 at 1:19, Steve Falla wrote about
| I am not too bothered, as I will work out how to handle this, but I have
| replicated this where one address was local and the other remote.
If you expected otherwise, I don't think you've understood John's and
my replies.
| 18:47:26 1CCM4T-0002Rj-2x <= <> H=(mail.somewhere.com) [IP Address ......
|
| both domains have no link to each other whatsoever, and the exim config
| is not using any smart hosting. MX records are definitely not the same.
Right, so obviously both destinations can not be handled in a single
delivery. Hence the two => lines, as expected, just like in your
previous example.
- Fred
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
Philip Hazel
2004-09-29 09:19:53 UTC
Permalink
My presumption from the docs was that 2 deliveries down the same connection
were
marked with the asterisk.
Yes. Two *messages* down the same connection use the asterisk. That is
what is meant by "two deliveries". Two recipients in the *same* delivery
use the -> notation. You can get asterisks only on remote deliveries.
However, you can get -> on local deliveries if you set batch_max greater
than 1 in a local transport.

Looking at it another way, the -> notation is used when no additional
copy of the message itself is sent. Thus, if you count => lines, you are
counting the number of copies of message bodies that are delivered. The
-> lines just indicate additional recpients that tag onto another
delivery. If you are, for example, accounting for volumes of data
delivered, you should exclude -> lines because they do not represent
deliveries of copies of messages.
--
Philip Hazel University of Cambridge Computing Service,
***@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
--
## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
Loading...