At 12:45 AM 9/30/2003, you wrote:
On Mon, Sep 29, 2003 at 09:47:47AM -0400, Jesse Guardiani wrote: > Why not? I think it's useful to log the TCPREMOTEHOST and TCPREMOTEIP. > That way you can be 100% sure that a virus is coming from a computer > on your local network, and that it's not forged.
That's what the RC:[01] value is for!!!
BTW: syslog records can not be infinite in length. That's why a lot of information is never going to show up in the Q-S logs. There just isn't room...
Jason, I'd give also my vote for the TCPREMOTEIP and the X-Qmail-Scanner-Message-ID...
on the other hand I guess the TCPREMOTEIP looses some of its interest
when you use a separate local machine for your local users all use a
different smtp server for their outgoing mail to avoid the delays caused by S.A. + the AV's :
all RC:1 would have the IP of this smtp server...
If room is the issue, I guess some room can be gained back from the Subject field
that could be shortned (to only the first 30 characters ? : I see many messages
tagged as spam by SA. have abusively long subjects [ >100 characters]
fab.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
