[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amavis-user
Subject:    Re: Explanation amavisd log file entries
From:       Frank Reppin <frank () undermydesk ! org>
Date:       2012-11-22 1:24:18
Message-ID: 50AD7EC2.3010206 () undermydesk ! org
[Download RAW message or body]

Hi Richard,

On 22.11.2012 00:17, Richard Young wrote:
> I was wondering if somebody could explain/define what the ipaddresses are in a \
> standard amavis log entry. Below is a log entry from the mail log file, that \
> contains two different ipaddresses, in the majority of log entries the two \
> ipadresses are the same but sometimes they are different. 
> Nov 18 22:23:05 sfilter2 amavis[2892]: (02892-06) Passed CLEAN {RelayedInbound}, \
> [94.236.98.19] [139.86.2.56] <Hua.Wang@usq.edu.au> -> <wang@usq.edu.au>, \
> Message-ID: <7A17BBB7FB5B46488AF598D3BF4933FE3887675E1B@EXCHMB.usq.edu.au>, \
> mail_id: I-_EecyM4cSE, Hits: -0.999, size: 488219, queued_as: 92C2B15B59F, 5363 ms

according to

http://www.ijs.si/software/amavisd/README.customize.txt

and (taken from amavisd 2.8.0 code):

# This text section governs how a main per-message amavisd-new log entry (at
# log level 0) is formed (config variable $log_short_templ). Empty 
disables it.
[?%#D|#|Passed #
[? [:ccat|major] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)] {[:actions_performed]}#
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s 
-> [%D|,]#


the first IP within [...] represents 'a' and the second represents 'e'
where

   a  is a synonym for client_addr
   e  best guess of the originator IP address: the bottom-most public
      IP...

HTH,
frank\



-- 
43rd Law of Computing:
         Anything that can go wr
fortune: Segmentation violation -- Core dumped


[prev in list] [next in list] [prev in thread] [next in thread]