----- Original Message -----
From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]>
>> So I will ask you the same question, why do you need to open the file for
>> viewing? Why not just parse what you are looking for from the command
>> prompt? There must be something I'm not considering
>
> Some of smaller guys are not versed enough in command prompt commands to
> generate and find the information we want to review. Now, if some one
wanted
> to either put a guide together for us or point us at a good resource...
I would be willing to put a small guide with samples together and a
reference list, if there
is interest in me doing that. I have posted samples here a few times in the
past and
have generally not heard much feedback.
> Example, sometimes I need to review exactly what happen on a particular
> message. How do you pull all the log lines for a particular message?
For your message here, I checked the headers and found the queue ID:
X-Queue-File: D45612ea600883067.SMD
Then I parsed the JunkMail log with the part between the "D" and the ".SMD",
since Declude logs the "Q" file name without the ".smd" in the JunkMail
logs. Here is an example of the log entries for your message:
grep 45612ea600883067 m:\imail\spool\spam\log\dec0929.log
and here is what the query came back with:
=====
09/29/2003 07:44:56 Q45612ea600883067 nIPNOTINMX:-3 nNOLEGITCONTENT:-5
BODY-FILTER:-5 DYNAMIC-FILTER:3 MAILFROM-FILTER:-10 SUBJECT-FILTER:-18
SPAMCHECK:2 . Total weight = -36
09/29/2003 07:44:56 Q45612ea600883067 Msg failed BODY-FILTER (Message failed
BODY-FILTER test (24)). Action=WARN.
09/29/2003 07:44:56 Q45612ea600883067 Msg failed DYNAMIC-FILTER (Message
failed DYNAMIC-FILTER test (296)). Action=WARN.
09/29/2003 07:44:56 Q45612ea600883067 Msg failed MAILFROM-FILTER (Message
failed MAILFROM-FILTER test (143)). Action=WARN.
09/29/2003 07:44:56 Q45612ea600883067 Msg failed SUBJECT-FILTER (Message
failed SUBJECT-FILTER test (131)). Action=WARN.
09/29/2003 07:44:56 Q45612ea600883067 Msg failed SPAMCHECK (Message failed
SPAMCHECK: 2.). Action=WARN.
09/29/2003 07:44:56 Q45612ea600883067 L1 Message OK
09/29/2003 07:44:56 Q45612ea600883067 Subject: RE: [Declude.JunkMail] Log to
syslog option
09/29/2003 07:44:56 Q45612ea600883067 From:
[EMAIL PROTECTED] To: [EMAIL PROTECTED] IP:
24.107.232.14 ID: 247DEADE84
=====
This query produced this result in less then 10 seconds. So again, if you
or anyone else is interested, I will spend some time putting together a
cheat-sheet and reference guide.
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
