Yeah, well, I know enough about Exim to know I don't know what it puts in the logs. I just grep exim_mainlog now and then if there is an issue. ;-)
--- Dustin Puryear CEO Puryear IT, LLC - We see IT differently. Networks - Servers - Desktops - Strategy Direct: 225-304-6402 | Main: 225-706-8414 | Fax: 225-308-6740 | http://www.puryear-it.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jarred White Sent: Wednesday, August 22, 2012 3:25 PM To: [email protected] Subject: Re: [brlug-general] General Digest, Vol 107, Issue 2 RFC 821 vs. RFC 822. I'd expect you to know this Dustin! ;) On Wed, Aug 22, 2012 at 3:42 PM, Alexander Perlis <[email protected]> wrote: > Dustin, > >> With sendmail or Postfix, I'd be able to see the sender. Is there a way to >> get this data from a log or spool file somewhere? > > Depends on whether by "sender" you mean "envelope sender" or "message > content header From line". The former is indeed in the log (see > below). > >> [...] I see things like this: >> 2012-08-16 10:52:44 1T22NI-0000sD-SD <= [email protected] >> U=puryeart P=local S=2394 >> [email protected] T="Hey guy!" for >> [email protected] > > The "envelope sender" is "[email protected]". The > "envelope destination" is "[email protected]". The message was > injected into Exim by a local Unix process running under username > "puryeart". (Conceivably that local process was obtaining the message > elsewhere and injecting it locally for delivery, e.g., a POP > grab-and-forward process, or perhaps it was a message like a local > error message that truly originated locally; Exim has no way of > discerning the behavior or purpose of that local process. That local > process could even be another copy of Exim, if Exim is doing envelope > address rewriting and reinjecting the rewritten message to itself for > re-delivery.) The message is 2,394 bytes long, and did have a subject > line in the message contents, which is "Hey guy!". > >> 2012-08-16 10:52:44 1T22NI-0000sD-SD => :blackhole: >> <[email protected]> R=virtual_aliases > > Your aliases file or Exim config says to "silently discard" all > messages with an envelope destination of "[email protected]". > >> 2012-08-16 10:52:44 1T22NI-0000sD-SD Completed > > Exim dutifully discarded it. Thus the message content (the thing > inside the envelope, comprising headers and body) is gone, no longer > in the spool. > > Note that the message content headers could have had potentially > *different* From and To addresses (there's no requirement that they > match the envelope sender and destination), and more importantly would > have had various "Received" header lines showing prior hops this > message took, thus giving insight into the true origin of the message. > But all of that is part of the content, not the envelope, and now > seemingly gone. > > Alexander > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net -- "The world's my oyster, a hotel room's my prison cell..." _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
