Logging question

Robert Schetterer robert at schetterer.org
Thu Mar 29 09:42:01 CEST 2012


Am 29.03.2012 09:25, schrieb Ralf Hildebrandt:
> Mar 29 09:13:20 mail2 amavis[16916]: (16916-16) Passed CLEAN {RelayedOutbound}, LOCAL [141.42.206.36]:37952 [85.179.68.181]
> <absender at charite.de> -> <empfaenger at gmail.com>, Message-ID: <86e7921583186ccc7b08fa356655af14.squirrel at webmail.charite.de>,
> mail_id: hK-6Jq4eATvE, Hits: -2.14, size: 3977, queued_as: 3VJHHN5wKjz1tJd, dkim_new=default:charite.de, 538 ms
> 
> [141.42.206.36]:37952 is my mailserver, but what is 85.179.68.181?
> 
> Under which circumstance does amavis log 2 IPs in [] and what info is
> being logged there?
> 

dig -x 85.179.68.181

; <<>> DiG 9.4.2-P2.1 <<>> -x 85.179.68.181
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7614
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;181.68.179.85.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
181.68.179.85.in-addr.arpa. 86400 IN    PTR     e179068181.adsl.alicedsl.de.

looks like some dyn user ip, maybe the sender ip

your right that log looks strange, somthing at parse go fail etc?
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria


More information about the amavis-users mailing list