suddenly 'User unknown'?

Charles Bradshaw charles.bradshaw at ntlworld.com
Thu Nov 29 14:00:37 EST 2018


Simon

My original post contained a dump of /var/log/maillog, butwas asked by
Dan "what does cyrus syslog say" so assumed there should be some more
log messages somewhere.

For the record I do: Clear /var/log/maillog then send a test email from
the command line. Then /var/log/maillog contains:

Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067: from=brad,
size=44, class=0, nrcpts=1,
msgid=<201811291836.wATIapoE005067 at bradcan.homelinux.com>,
relay=brad at localhost
Nov 29 18:36:51 dell2600-1 sendmail[5068]: NOQUEUE: connect from
localhost.localdomain [127.0.0.1]
Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5
DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5
Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgq005068: Milter: no
active filter
Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server,
relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3, verify=NO,
cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Nov 29 18:36:51 dell2600-1 sendmail[5068]: STARTTLS=server,
cert-subject=, cert-issuer=, verifymsg=ok
Nov 29 18:36:51 dell2600-1 sendmail[5068]: AUTH: available mech=CRAM-MD5
DIGEST-MD5, allowed mech=EXTERNAL DIGEST-MD5 CRAM-MD5
Nov 29 18:36:51 dell2600-1 sendmail[5067]: STARTTLS=client,
relay=[127.0.0.1], version=TLSv1/SSLv3, verify=FAIL,
cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
Nov 29 18:36:51 dell2600-1 sendmail[5068]: ruleset=trust_auth,
arg1=brad at bradcan.homelinux.com, relay=localhost.localdomain
[127.0.0.1], reject=550 5.7.1 <brad at bradcan.homelinux.com>... not
authenticated
Nov 29 18:36:51 dell2600-1 sendmail[5068]: wATIapgr005068:
from=<brad at bradcan.homelinux.com>, size=358, class=0, nrcpts=1,
msgid=<201811291836.wATIapoE005067 at bradcan.homelinux.com>, proto=ESMTP,
daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Nov 29 18:36:51 dell2600-1 sendmail[5070]: AUTH=client, relay=localhost,
mech=, bits=0
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068:
to=<brad at bradcan.homelinux.com>, delay=00:00:00, xdelay=00:00:00,
mailer=cyrusv2, pri=120358, relay=localhost, dsn=5.1.1, stat=User unknown
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005068:
wATIapgq005070: DSN: User unknown
Nov 29 18:36:51 dell2600-1 sendmail[5067]: wATIapoE005067:
to=brad at bradcan.homelinux.com, ctladdr=brad (500/500), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30044, relay=[127.0.0.1] [127.0.0.1],
dsn=2.0.0, stat=Sent (wATIapgr005068 Message accepted for delivery)
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070:
to=<brad at bradcan.homelinux.com>, delay=00:00:00, xdelay=00:00:00,
mailer=cyrusv2, pri=31677, relay=localhost [[UNIX:
/var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown

NOTE: The following is to be expected because both root and postmaster
are aliased to brad at bradcan.homelinux.com

Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias
MAILER-DAEMON => postmaster
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias
postmaster => root
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root =>
brad at bradcan.homelinux.com
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias
postmaster => root
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: alias root =>
brad at bradcan.homelinux.com
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070:
wATIapgr005070: return to sender: User unknown
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070:
to=brad at bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00,
mailer=cyrusv2, pri=32701, relay=localhost [[UNIX:
/var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: alias
MAILER-DAEMON => postmaster
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: alias
postmaster => root
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: alias root =>
brad at bradcan.homelinux.com
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgr005070: done;
delay=00:00:00, ntries=1
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: Losing
./qfwATIapgq005070: savemail panic
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: SYSERR(root):
savemail: cannot save rejected email anywhere
Nov 29 18:36:51 dell2600-1 sendmail[5070]: wATIapgq005070: done;
delay=00:00:00, ntries=1
Nov 29 18:36:52 dell2600-1 sendmail[5070]: wATIapgr005068: done;
delay=00:00:01, ntries=1

That's the entire content.

Now you tell me is cyrus syslog being sent to /var/log/maillog? Or
should it be going to /var/imapd.log as the configuration files, man
pages and cyrus installation guides ( found here:
https://www.cyrusimap.org/imap/installing.html ) say it should?

I originally asked for an explanation of the mechanism (IE. sequence of
events) lmtp uses to decide stat = 'User unknown" or not. But I seem to
be getting deeper and deeper into where the logs are going rather than
understanding the process.

On 29/11/2018 17:55, Simon Matter wrote:
>> Dan
>>
>> I have, and have always had, an empty /var/log/imapd.log so I'm not
>> going to make progress until I fix that.
>>
>> In n /etc/rsyslog.conf
>>
>> # cyrus imapd
>> #local6.*                              /var/log/imapd.log   - tried this
>> first.
>> local6.debug                        /var/log/imapd.log
>> auth.debug                          /var/log/auth.log
>>
>> and in /etc/imapd.conf
>>
>> syslog_prefix: cyrus
>> syslog_facility: LOCAL6
>>
>> If I remove the file /etc/imapd.log then
>>
>> # /etc/init.d/rsyslog restart
>>
>> # logger local6.debug 'test log message'
>>
>> # cat /var/log/imapd.log
>>
>> Nov 29 15:06:42 dell2600-1 brad: test log message
>>
>> Obviously syslog is working local6. But still no messages from cyrus!
>> Therefor I'm now stuck with this secondary problem.
>>
>> I have followed the cyrus instructions as best I can, but no go. I say
>> again this has all worked for years, albeit with an always empty imapd.log
>>
>> There must be some missing cyrus syslog configuration.
> From README.RPM in the cyrus-imapd package:
> 12) Check your syslog configuration. This RPM uses the mail facility to log
>     messages. On busy sites you may want to limit the mail facility to the
>     info priority with something like 'mail.info    /var/log/maillog' in
>     /etc/syslog.conf.
>
> So, I guess your cyrus-imapd messages go to /var/log/maillog then, not?
>
> Regards,
> Simon
>


More information about the Info-cyrus mailing list