Zimbra Mail Server logstach filter

Elastic Stack Logstash
1

I have try to configuration logstash for mail server log filter , But unable to get the result, Request you Kindly help me to share the configuration file for same , Or suggest how can we make the filter , if any tool please suggest me .

I have attached the log for your reference.

Thanks in advance for you kind support.

Mail Server Log:-

Oct 7 04:09:23 mail postfix/smtpd[9747]: connect from unknown[45.125.66.216]
Oct 7 04:09:23 mail postfix/smtpd[9747]: lost connection after AUTH from unknown[45.125.66.216]
Oct 7 04:09:23 mail postfix/smtpd[9747]: disconnect from unknown[45.125.66.216] ehlo=1 auth=0/1 commands=1/2
Oct 7 04:11:22 mail postfix/postscreen[10968]: CONNECT from [13.126.45.123]:51258 to [172.31.43.211]:25
Oct 7 04:11:22 mail postfix/postscreen[10968]: HANGUP after 0.74 from [13.126.45.123]:51258 in tests before SMTP handshake
Oct 7 04:11:22 mail postfix/postscreen[10968]: DISCONNECT [13.126.45.123]:51258
Oct 7 04:12:44 mail postfix/anvil[9749]: statistics: max connection rate 1/60s for (smtpd:45.125.66.216) at Oct 7 04:09:23
Oct 7 04:12:44 mail postfix/anvil[9749]: statistics: max connection count 1 for (smtpd:45.125.66.216) at Oct 7 04:09:23
Oct 7 04:12:44 mail postfix/anvil[9749]: statistics: max cache size 1 at Oct 7 04:09:23
Oct 7 04:13:07 mail postfix/postscreen[12111]: CONNECT from [209.85.210.45]:39682 to [172.31.43.211]:25
Oct 7 04:13:07 mail postfix/postscreen[12111]: PASS OLD [209.85.210.45]:39682
Oct 7 04:13:07 mail postfix/smtpd[12112]: connect from mail-ot1-f45.google.com[209.85.210.45]
Oct 7 04:13:07 mail postfix/smtpd[12112]: Anonymous TLS connection established from mail-ot1-f45.google.com[209.85.210.45]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Oct 7 04:13:07 mail postfix/smtpd[12112]: NOQUEUE: filter: RCPT from mail-ot1-f45.google.com[209.85.210.45]: ssk.ramane+caf_=subhash.sabat=npstx.com@gmail.com: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=ssk.ramane+caf_=subhash.sabat=npstx.com@gmail.com to=subhash.sabat@npstx.com proto=ESMTP helo=<mail-ot1-f45.google.com>
Oct 7 04:13:07 mail postfix/smtpd[12112]: NOQUEUE: filter: RCPT from mail-ot1-f45.google.com[209.85.210.45]: ssk.ramane+caf_=subhash.sabat=npstx.com@gmail.com: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10024; from=ssk.ramane+caf_=subhash.sabat=npstx.com@gmail.com to=subhash.sabat@npstx.com proto=ESMTP helo=<mail-ot1-f45.google.com>
Oct 7 04:13:07 mail postfix/smtpd[12112]: NOQUEUE: reject: RCPT from mail-ot1-f45.google.com[209.85.210.45]: 550 5.1.1 subhash.sabat@npstx.com: Recipient address rejected: npstx.com; from=ssk.ramane+caf_=subhash.sabat=npstx.com@gmail.com to=subhash.sabat@npstx.com proto=ESMTP helo=<mail-ot1-f45.google.com>
Oct 7 04:13:07 mail postfix/smtpd[12112]: disconnect from mail-ot1-f45.google.com[209.85.210.45] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7
Oct 7 04:14:21 mail postfix/postscreen[12111]: CONNECT from [13.126.45.123]:51538 to [172.31.43.211]:25
Oct 7 04:14:22 mail postfix/postscreen[12111]: HANGUP after 0.75 from [13.126.45.123]:51538 in tests before SMTP handshake
Oct 7 04:14:22 mail postfix/postscreen[12111]: DISCONNECT [13.126.45.123]:51538
Oct 7 04:16:11 mail postfix/postscreen[14205]: CONNECT from [45.125.66.216]:62435 to [172.31.43.211]:25
Oct 7 04:16:11 mail postfix/postscreen[14205]: PASS OLD [45.125.66.216]:62435
Oct 7 04:16:12 mail postfix/smtpd[14206]: warning: hostname srv28.waterman.today does not resolve to address 45.125.66.216: Name or service not known

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.