Finding reason for smtpd rejections

Today's pflogsumm report includes this rejection:

Recipient address rejected: Please see http (total: 2)
2 <a href=""></a>

Since this is my address I'm curious why two incoming messages were rejected
when many more were passed. I'd appreciate advice on how I can identify
these two messages in /var/log/maillog.1 among all the logged incoming
messages to this address.




Re: Finding reason for smtpd rejections

By Wietse Venema at 12/06/2018 - 11:10

Rich Shepard:
pflogsumm *summarizes* a detailed logfile.

You look at the *detailed* log messages that produced the above result.


Re: Finding reason for smtpd rejections

By Noel Jones at 12/06/2018 - 11:09

On 12/6/2018 9:59 AM, Rich Shepard wrote:

To see just the logged rejection (which is often enough):

grep reject: /var/log/maillog.1 | grep <a href=""></a>

To see more context of the connection that was rejected, open the
file with your favorite text editor and search for
/reject: .*rshepard@appl-ecosys

Wild guess: some spammer used your own address as sender, and the
connection was rejected by some of your spam controls, probably an rbl.

-- Noel Jones