[prev in list] [next in list] [prev in thread] [next in thread]
List: amavis-user
Subject: Re: Explanation amavisd log file entries
From: Frank Reppin <frank () undermydesk ! org>
Date: 2012-11-22 1:24:18
Message-ID: 50AD7EC2.3010206 () undermydesk ! org
[Download RAW message or body]
Hi Richard,
On 22.11.2012 00:17, Richard Young wrote:
> I was wondering if somebody could explain/define what the ipaddresses are in a \
> standard amavis log entry. Below is a log entry from the mail log file, that \
> contains two different ipaddresses, in the majority of log entries the two \
> ipadresses are the same but sometimes they are different.
> Nov 18 22:23:05 sfilter2 amavis[2892]: (02892-06) Passed CLEAN {RelayedInbound}, \
> [94.236.98.19] [139.86.2.56] <Hua.Wang@usq.edu.au> -> <wang@usq.edu.au>, \
> Message-ID: <7A17BBB7FB5B46488AF598D3BF4933FE3887675E1B@EXCHMB.usq.edu.au>, \
> mail_id: I-_EecyM4cSE, Hits: -0.999, size: 488219, queued_as: 92C2B15B59F, 5363 ms
according to
http://www.ijs.si/software/amavisd/README.customize.txt
and (taken from amavisd 2.8.0 code):
# This text section governs how a main per-message amavisd-new log entry (at
# log level 0) is formed (config variable $log_short_templ). Empty
disables it.
[?%#D|#|Passed #
[? [:ccat|major] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)] {[:actions_performed]}#
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s
-> [%D|,]#
the first IP within [...] represents 'a' and the second represents 'e'
where
a is a synonym for client_addr
e best guess of the originator IP address: the bottom-most public
IP...
HTH,
frank\
--
43rd Law of Computing:
Anything that can go wr
fortune: Segmentation violation -- Core dumped
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic