Thanks for the info. Your always a wealth of information! :) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > Sent: Tuesday, October 14, 2003 2:28 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Understanding Imail, junkmail, virus logs > > > >In the Imail logs: > >- A single process ID represents all of the work for a single message in > >a single direction. > > > >- If a message is received from a remote server, the log lines for that > >message will reference a spool\D######.SMD file (an inbound connection, > >process=SMTPD). > > > >- If a message is received from a local authenticated user (for example: > >sending through Outlook), the log lines for that message will reference > >a spool\D######.SMD file (an inbound connection, process=SMTPD). > >Subsequently, a separate set of log lines will reference a > >spool\Q######.SMD file (an outbound connection, process=SMTP-) for the > >outbound connection to send that message to a remote server (if the > >message is bound for a remote domain). The Q and D files for this > >entire message will have the same file name other than the Q and D. > > > >- A message sent from a local user to another local user will only have > >a spool\D######.SMD file (an inbound connection, process=SMTPD). > > I believe this is all correct. Note that most of this refers just to the > logging -- for example, a Q*.SMD file and D*.SMD file will be used for > both > incoming and outgoing E-mail. > > >- To accurately count the number of messages processed, one only needs > >to count the inbound messages b/c any outbound messages must have been > >preceeded by an inbound message. > > "inbound" and "outbound" may cause confusion here (but technically could > be > considered correct terms). > > Instead, I would say that you can accurately count the number of messages > processed by counting the "MAIL FROM:" SMTPD lines. You could instead > count the "RCPT TO:" SMTPD lines to get the total number of recipients. > > >In the Junkmail and Virus logs: > >- The set of log lines representing work done on a single message will > >have the Q file specified (minus the .SMD) on each associated line. > >This identifier is "mated" with the Imail log entry which references the > >D version of the same name. > > Correct. By taking the spool file name and removing the first character > and extension, you can find the E-mail in both the IMail and Declude log > files. > > >- All Junkmail/Virus processing is done on the inbound connection, > >either from a remote server or the user client app (ie. Outlook). No > >processing is done on the outbound connection; hence no D files are > >specified. > > Correct. > > Note that the "D" file is the "data" file (which has a copy of the E-mail > in it, including headers), and the "Q" file is the "recipient" file (which > contains information about the recipients and other information that IMail > finds useful to save about the E-mail). They refer to an E-mail that > IMail > has already received via SMTPD ("inbound"), but not yet delivered via > SMTP32 ("outbound"). > > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus > (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
