Explanation amavisd log file entries
Frank Reppin
frank at undermydesk.org
Thu Nov 22 02:24:18 CET 2012
Hi Richard,
On 22.11.2012 00:17, Richard Young wrote:
> I was wondering if somebody could explain/define what the ipaddresses are in a standard amavis log entry. Below is a log entry from the mail log file, that contains two different ipaddresses, in the majority of log entries the two ipadresses are the same but sometimes they are different.
>
> Nov 18 22:23:05 sfilter2 amavis[2892]: (02892-06) Passed CLEAN {RelayedInbound}, [94.236.98.19] [139.86.2.56] <Hua.Wang at usq.edu.au> -> <wang at usq.edu.au>, Message-ID: <7A17BBB7FB5B46488AF598D3BF4933FE3887675E1B at EXCHMB.usq.edu.au>, mail_id: I-_EecyM4cSE, Hits: -0.999, size: 488219, queued_as: 92C2B15B59F, 5363 ms
according to
http://www.ijs.si/software/amavisd/README.customize.txt
and (taken from amavisd 2.8.0 code):
# This text section governs how a main per-message amavisd-new log entry (at
# log level 0) is formed (config variable $log_short_templ). Empty
disables it.
[?%#D|#|Passed #
[? [:ccat|major] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER-[:ccat|minor]|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)] {[:actions_performed]}#
, [? %p ||%p ][?%a||[?%l||LOCAL ][:client_addr_port] ][?%e||\[%e\] ]%s
-> [%D|,]#
the first IP within [...] represents 'a' and the second represents 'e'
where
a is a synonym for client_addr
e best guess of the originator IP address: the bottom-most public
IP...
HTH,
frank\
--
43rd Law of Computing:
Anything that can go wr
fortune: Segmentation violation -- Core dumped
More information about the amavis-users
mailing list