> -----Original Message----- > From: Thomas Vogt [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 17, 2007 9:44 AM > To: MrC > Cc: [email protected] > Subject: Re: [AMaViS-user] Question about some log information > > Hello > > Thank you. I have assumed it but was not sure. > > Nn most cases, should this not be the same ip for %a and %e?
In many cases, it will be. But consider a mailing list, or mail provider. The first IP will always been the client's IP (eg. the MTA), if available. The second is the *originator*, which would be, for example, your home machine (eg. the MUA). In fact your email to this list showed two different IPs, which make sense. > > I checked a few thousand CLEAN marked emails (of course some > of them was spam too but not detected). More than 95% of this > emails had the same ip for %a and %e. I guess the 5% with > different ips in %a compared to %e was spam. > Nearly 100% of SPAM marked emails have different ips in %a > compared to %e. May this be a way to collect spamer and block > this ips or would this produce many many false blocked ips? > Use RBLs - that's what they are for. This mechanism would not be reliable. > Cheers, > Thomas MrC > > MrC wrote: > >> Perhaps someone can explain me some amavis log entries. It's > >> amavisd-new > >> 2.4.5 with default config. > >> > >> I got (shorted): > >> amavis[48404]:(48404-01-9) Passed SPAM, [212.71.111.45] > >> [89.220.41.153] > >> amavis[48123]:(48123-01-13) Passed SPAM, [88.238.102.203] > >> [47.62.141.62] > >> > >> Whats the first ip in the brackets after "Passed SPAM" and > whats the > >> second one? > >> > >> I checked the README.customized but it's not 100% clear for me. > >> > >> Regards, > >> Thomas > > > > The first IP is %a, the second IP is %e, which are specified in the > > README.customize: > > > > a original SMTP session client IP address(empty if > unknown,e.g. no > > XFORWARD) > > e best guess of the originator IP address collected from the > > Received trace > > > > MrC > > > > > > > ---------------------------------------------------------------------- > > --- This SF.net email is sponsored by DB2 Express Download > DB2 Express > > C - the FREE version of DB2 express and take control of > your XML. No > > limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > AMaViS-user mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/amavis-user > > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > > AMaViS-HowTos:http://www.amavis.org/howto/ > > -- > "UNIX is basically a simple operating system, but you have to > be a genius to understand the simplicity." Dennis Ritchie > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
