Topic: Question of Maillog
==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 5.9
- Related log if you're reporting an issue: maillog
I had a question concerning some output in the maillog, on a system and domain I've been running for a week now. I'm using splunk to parse the logs and I see this entry (type) quite a bit:
Jun 18 20:29:49 pcrmail policyd: rcpt=41, whitelist=update, host=10.1.1.1 (unknown), firstname.lastname@example.org, email@example.com, size=1662
One thing that stands out .. is that the time stamp is in the future? When I saw this, it was currently 2pm (14:00:00) and I verified my server's time .. so where is that 20:29:49 coming from?
The other issue is I do have my server behind a nat / firewall, the 10.1.1.1 ip address is of my gateway. Is there something I failed to configure? (The server does send and receive emails -- but the domain users are claiming they're not getting enough emails.)
Lastly, what does whitelist=update signify? Do I need to manually add this address to the whitelist? It doesn't seem automatic as I see several of these entries from the same email address.