Hello Thank you. I have assumed it but was not sure.
Nn most cases, should this not be the same ip for %a and %e? I checked a few thousand CLEAN marked emails (of course some of them was spam too but not detected). More than 95% of this emails had the same ip for %a and %e. I guess the 5% with different ips in %a compared to %e was spam. Nearly 100% of SPAM marked emails have different ips in %a compared to %e. May this be a way to collect spamer and block this ips or would this produce many many false blocked ips? Cheers, Thomas MrC wrote: >> Perhaps someone can explain me some amavis log entries. It's >> amavisd-new >> 2.4.5 with default config. >> >> I got (shorted): >> amavis[48404]:(48404-01-9) Passed SPAM, [212.71.111.45] >> [89.220.41.153] >> amavis[48123]:(48123-01-13) Passed SPAM, [88.238.102.203] >> [47.62.141.62] >> >> Whats the first ip in the brackets after "Passed SPAM" and >> whats the second one? >> >> I checked the README.customized but it's not 100% clear for me. >> >> Regards, >> Thomas > > The first IP is %a, the second IP is %e, which are specified in the > README.customize: > > a original SMTP session client IP address(empty if unknown,e.g. no > XFORWARD) > e best guess of the originator IP address collected from the Received > trace > > MrC > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > AMaViS-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ -- "UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity." Dennis Ritchie ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
