>-----Message d'origine----- >De : [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] la part de Davide Libenzi >Envoy=E9 : mardi 30 septembre 2008 15:01 >=C0 : 'xmail@xmailserver.org' >Objet : [xmail] Re: Question/Suggestion about smtp logs and=20 >CustMapsList >or spammers. tab > > >On Mon, 29 Sep 2008, CLEMENT Francis wrote: > >>=20 >> Hello Davide >>=20 >> Actually I have "CustMapsList" settings with :0, meaning=20 >"wait for auth >> before reject" >>=20 >> In this configuration, each time a sender is in the 'rbl',=20 >and it does not >> 'auth' I have two entries in smtp logs, sample entries : >>=20 >> "mx.groupeab.com" "mx.groupeab.com" "201.78.167.81"=09 >"2008-09-27 >> 00:02:01" "20178167081.user.veloxzone.com.br" "" >> "[EMAIL PROTECTED]" "" "" "SNDRIP=3DEIPMAP >> (zen.spamhaus.org)" "" "0" "" >> "mx.groupeab.com" "mx.groupeab.com" "201.78.167.81"=09 >"2008-09-27 >> 00:02:01" "20178167081.user.veloxzone.com.br" ""=09 >"" "" >> "" "SMTP=3DEERRS" "" "0" "" >>=20 >> Can we avoid to have the two entries in this case (rbl and=20 >no auth coming) >> but only the first=20 >> (and of course, none generated at all if auth was coming as wanted) >>=20 >> I ask this because with this :0 setting, log files grow very=20 >fast, and the >> second line is not really helpfull when generating reports,=20 >... (need to >> verify if the SMTP=3DEERRS have a corresponding previous=20 >EIPMAP entry before >> skiping it, complicating the reporting script, slowing it, ...) >>=20 >> Same think then the ip is in spammers.tab with "code=3D0" option >>=20 >> Your opinion ? > >Not worth for me, even because this is not the only place=20 >where log-lines=20 >correlation is necessary (see RCPT+RECV for example). I'm not going to =
>change the logs format. > > > >- Davide > > Ok Davide, But the big diff I see between the EIPMAP/EERRS and RCPT/RECV sequences = is that in case of the second you allways have a valuable data in the = lines to 'correlate', a sort of 'tag' : MSGID field that easily link these lines together. Not the case for multiple EIPMAP from the same ip and the corresponding EERRS. Could it be possible to generate this MSGID at very first stage = (initial client ip connection) even if no 'message' at all (transaction aborted, ....), and add this to any smtp log lines (field placeholder is = allready here even in eipmap/eerrs lines :)) Yes/no ? Francis - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
