Thanks for the info! --- Dustin Puryear CEO Puryear IT, LLC - We see IT differently. Networks - Servers - Desktops - Strategy
Direct: 225-304-6402 | Main: 225-706-8414 | Fax: 225-308-6740 | http://www.puryear-it.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Alexander Perlis Sent: Wednesday, August 22, 2012 2:42 PM To: [email protected] Subject: Re: [brlug-general] General Digest, Vol 107, Issue 2 Dustin, > With sendmail or Postfix, I'd be able to see the sender. Is there a way to > get this data from a log or spool file somewhere? Depends on whether by "sender" you mean "envelope sender" or "message content header From line". The former is indeed in the log (see below). > [...] I see things like this: > 2012-08-16 10:52:44 1T22NI-0000sD-SD <= [email protected] > U=puryeart P=local S=2394 > [email protected] T="Hey guy!" for > [email protected] The "envelope sender" is "[email protected]". The "envelope destination" is "[email protected]". The message was injected into Exim by a local Unix process running under username "puryeart". (Conceivably that local process was obtaining the message elsewhere and injecting it locally for delivery, e.g., a POP grab-and-forward process, or perhaps it was a message like a local error message that truly originated locally; Exim has no way of discerning the behavior or purpose of that local process. That local process could even be another copy of Exim, if Exim is doing envelope address rewriting and reinjecting the rewritten message to itself for re-delivery.) The message is 2,394 bytes long, and did have a subject line in the message contents, which is "Hey guy!". > 2012-08-16 10:52:44 1T22NI-0000sD-SD => :blackhole: <[email protected]> > R=virtual_aliases Your aliases file or Exim config says to "silently discard" all messages with an envelope destination of "[email protected]". > 2012-08-16 10:52:44 1T22NI-0000sD-SD Completed Exim dutifully discarded it. Thus the message content (the thing inside the envelope, comprising headers and body) is gone, no longer in the spool. Note that the message content headers could have had potentially *different* From and To addresses (there's no requirement that they match the envelope sender and destination), and more importantly would have had various "Received" header lines showing prior hops this message took, thus giving insight into the true origin of the message. But all of that is part of the content, not the envelope, and now seemingly gone. Alexander _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
