On Wed, Oct 5, 2016 at 11:52 AM, James Gibbard <[email protected]> wrote:
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html > > > "queue_time: The amount of time the message has been in the queue on > the local host is logged as QT=<time> on delivery (=>) lines, for > example, QT=3m45s. The clock starts when Exim starts to receive the > message, so it includes reception time as well as the delivery time > for the current address. This means that it may be longer than the > difference between the arrival and delivery log line times, because > the arrival log line is not written until the message has been > successfully received." > > This is why it's a good idea to check logs for when the connection started. Back when I first implemented rate limiting for a service, one part of Lena's wonderful advice was to add a "warning" to the mainlog as well, which looks something like this: 2016-10-05 09:14:25 +0000 [2432] Rate: 1.0/1h ID(ausername) [email protected] (432.customer.isp.example[127.4.3.2]) -> [email protected] This will show up with "exigrep senderaddress /var/log/exim4/mainlog". I've also turned on rather explicit logging, so that I can see when an IP address first connected, and thereby connect the dots with the sending attempt: log_selector = +address_rewrite +deliver_time +delivery_size +incoming_interface +incoming_port +outgoing_port +pid +queue_time +queue_time_overall +received_recipients +received_sender +rejected_header +return_path_on_delivery +sender_on_delivery +smtp_confirmation +smtp_connection +smtp_incomplete_transaction +smtp_no_mail +smtp_protocol_error +smtp_syntax_error +subject +tls_peerdn +tls_sni Here's the relevant config from the acl_check_rcpt section: warn ratelimit = 0 / 1h / strict logwrite = :main: \ Rate: $sender_rate/$sender_rate_period \ $message_id \ ID($authenticated_id) $sender_address ($sender_host_name[$sender_host_address]) \ -> $local_part@$domain -- Jan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
