In response to Matts suggestion of doing the logging in a deny hook, i just created a 'denylog' plugin, which can be configured for which plugins a deny should be logged and with which loglevel. It can also help catching your own users doing abuse (see below).
You can find the plugin here: http://qpsmtpd.kju.de/qpsmtpd/created_by_me/denylog/denylog.README Example logfile entry: Sep 19 15:55:59 zeus qpsmtpd: 17855 Rejected a mail: Sep 19 15:55:59 zeus qpsmtpd: =========================================== Sep 19 15:55:59 zeus qpsmtpd: mail from: <[EMAIL PROTECTED]> Sep 19 15:55:59 zeus qpsmtpd: rcpt to: <[EMAIL PROTECTED]> Sep 19 15:55:59 zeus qpsmtpd: mail size: 17726 bytes Sep 19 15:55:59 zeus qpsmtpd: tcp client: mir.nadeshda.org [217.160.208.52] Sep 19 15:55:59 zeus qpsmtpd: relay client: yes Sep 19 15:55:59 zeus qpsmtpd: authmethod: pop-before-smtp Sep 19 15:55:59 zeus qpsmtpd: client user: 0815test Sep 19 15:55:59 zeus qpsmtpd: denied by: virus::clamav Sep 19 15:55:59 zeus qpsmtpd: denial code: 901 Sep 19 15:55:59 zeus qpsmtpd: denial text: Virus Found: Worm.Bagle.Gen-1 Sep 19 15:55:59 zeus qpsmtpd: =========================================== This may seem a bit bulky, but i like to have all relevant information logged. You can see another use for this plugin in this example: As this example states, my own user with the userid '0815test' tried to deliver a Worm Mail through me. I could probably automatically detect such situations and send my customer a warning that he should check his system. Also will this log users sending mails which trigger the spam threshold etc. -kju -- It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
