I'm continuing to appreciate the 4tuple fake "reject trick" in order to log MTA + HELO + FROM + TO on one "reject" line.
One aspect is important that might escape you if you haven't really understood how "matching" works. The 4tuple lines will show the msgs that make it through the earlier smtpd restrictions without being either: A. not rejected. this is the most important info. Is there any obvious spam in there? B. and ... NOT ACCEPTED!! ... by earlier whitelisting, due to the "first match wins". So the 4tuple traffic is not the total accepted traffic. ie, if you have whitelisted aol.com, then all of those msgs get accepted, but not one of them shows up as 4tuple reject. The 4tuple traffic also excludes rejects that occur in cleanup header/mime/body checks which run after smtpd restrictions. So 4tuple traffic may have msgs logged that actually get rejected in cleanup step. conclusion: 4tuple msg are not all the accepted msgs and 4tuple msgs "accepted" may later be rejected by cleanup. The 4tuple trick is a very welcome addition to managing IMGate and I've included it in my basic files. Len
