Managing mail with MMDF

Authorization log files

MMDF authorization log files contain descriptions of authorization attempts and reasons for failure or success. Log files are produced by defining the appropriate authorization logging level.

The format of messages in the authorization log file is similar to other MMDF log files. Each message includes the date, time, message source, and message ID, followed by the log-specific information. The message also includes an ``end of processing'' message that describes the message sender and size. Each authorization message can include either one or two reasons for authorizing a particular message.

Message example:

   4/29  9:44:54 AU-0000:  msg.a000561: i='local' o='ucscc'
         a='lisa@rsre.AC.UK' r='CH' hi='' ho='username@rsre.ac.uk'
   4/29  9:44:54 AU-0000:  msg.a000561: i='local' o='ucscc'
         a='jane@rsre.AC.UK' r='CH' hi='' ho='username@rsre.ac.uk'
   4/29  9:44:55 AU-0000:  msg.a000561: END size='2102', sender='robert'

NOTE: Authorization log file messages appear on one line; the examples in this section split the lines for readability.

Authorization message keys

Keys used in authorization log file messages:

i: input channel
o: output channel
a: destination address
r: reason for authorization
hi: inbound host
ho: outbound host

Single-reason authorization codes

If the authorization message includes a single reason for authorization, the ``r'' key specifies a single authorization code that describes both the inbound and the outbound authorization when you use host-based authorization.

Single-reason authorization codes:

OH: outbound host/route
HC: outbound host/route and inbound channel
HH: inbound host/route and outbound host/route
CC: inbound channel and outbound channel
CH: inbound channel and outbound host/route
IH: inbound host/route

This example uses the CH authorization code:

   4/29  9:44:54 AU-0000:  msg.a000561: i='local' o='peaks'
         a='bob@rsre.AC.UK' r='CH' hi='' ho='username@rsre.ac.uk'
   4/29  9:44:54 AU-0000:  msg.a000561: i='local' o='peaks'
         a='mike@rsre.AC.UK' r='CH' hi='' ho='username@rsre.ac.uk'
   4/29  9:44:55 AU-0000:  msg.a000561: END size='2102', sender='cooper'

In this example, the authorized message has two recipients (bob and mike). The first authorization message shows that the inbound channel (``i'') is the local channel and the outbound channel is peaks. The ``a'' key indicates that the recipient's address is bob@rsre.ac.uk.

The reason (``r'') given for authorizing the message is CH; in other words, the inbound channel (local) has authorization to send mail to the given outbound host or route (specified by ``ho''), in this case username@rsre.ac.uk.

Two-reason authorization codes

Two-reason authorization codes describe the reason for authorization in terms of user-based authorization:

IL: inbound channel, outbound = LIST
OL: outbound channel, dest = LIST
IS: inbound channel by sender
OS: outbound channel by sender
IR: inbound channel by receiver
OR: outbound channel by receiver
I: inbound channel, log unauthorized access
O: outbound channel, log unauthorized access

NOTE: MMDF only uses these authorization codes when you set the ``auth=inlog'' or ``auth=outlog'' parameters of the AUTHLOG keyword in /usr/mmdf/mmdftailor.

The message in this example uses two-reason authorization (if no authorization is required for a channel, MMDF leaves the reason field (``r'') empty):

   4/29  9:53:09 AU-0000:  msg.a000653: i='local' o='your_company'
         a='john@edxa.ac.uk' r='' r='OS'
   4/29  9:53:10 AU-0000:  msg.a000653: END size='197', sender='david'

In this example, the message arrived (with no authorization required) on the local channel and is authorized to leave on the your_company channel because the sender (david) is authorized to use it (OS).