OK, I guess I've been working on version 4.0.0 for too long now because
I didn't realize I'd already implemented this feature (until I tried to
add it again). However, I didn't do it quite the way we described in
this thread; instead of changing the "ALLOWED" messages, I added a new
log level that will print out extra messages. (In fact, the entire log
level system has been revisited and reorganized).
When the logging level is "verbose" or higher, messages like these will
be produced:
FILTER_RDNS_MISSING ip: 11.22.33.44
FILTER_RDNS_BLACKLIST ip: 11.22.33.44 rdns: 11-22-33-44.example.com
file: /var/qmail/spamdyke/rdns_blacklist.txt(31)
FILTER_RBL_MATCH ip: 11.22.33.44 rbl: foorbl.example.com
FILTER_GRAYLISTED sender: [EMAIL PROTECTED] recipient:
[EMAIL PROTECTED] path:
/var/qmail/spamdyke/graylist.d/example.com/user/spamdomain.com/spammer
FILTER_WHITELIST_IP ip: 11.22.33.44 file:
/var/qmail/spamdyke/whitelist_ip.txt(7)
...and so on. Any filter that triggers either an acceptance or a
rejection will produce a "FILTER" log message. Filters that only
examine the connection (but aren't triggered) won't produce any output
(unless the log level is increased to "debug" or higher).
I chose this approach because it provides more information than just the
matching filter; it gives the file and line numbers, the directory
paths, etc. Because it requires setting the log level higher, it can be
enabled when someone wants to collect the data for analysis or turned
off if it is not wanted.
Does that sound sufficient or should I remove it and change the
"ALLOWED" messages instead?
-- Sam Clippinger
Sam Clippinger wrote:
> "ALLOWED_GRAYLISTED" could be useful if graylisting isn't active for all
> domains. It would mean that the graylisting filter had checked for the
> existence of a graylist file for that connection (and found one). I
> agree it should be possible to match an "ALLOWED" with a previous
> "DENIED_GRAYLISTED" but that could involve searching log files from
> multiple days if the remote server doesn't attempt redelivery very quickly.
>
> -- Sam Clippinger
>
> Michael Colvin wrote:
>
>> Doesn't it already log "DENIED GREYLISTED" when it greylists an address,
>> then when it is sent again, and passes the greylist test, it logs
>> "ALLOWED"... Doesn't that already identify greylisted e-mails? Or, are we
>> talking about logging the fact that e-mails are allowed AND have already
>> been greylisted? Which, if you greylist all domains, would be every e-mail,
>> right?
>>
>> The "ALLOWED_WHITELISTED_*" items might be useful, but I don't see where
>> logging allowed greylisted e-mails makes sense... In fact, "Allowed
>> Greylist" seems kind of contradictory to me... :-) Just my .02, which,
>> with the state of the dollar, is worth even less today than last week. :-)
>>
>>
>> Michael J. Colvin
>> NorCal Internet Services
>> www.norcalisp.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> -----Original Message-----
>>> From: [EMAIL PROTECTED]
>>> [mailto:[EMAIL PROTECTED] On Behalf Of BC
>>> Sent: Wednesday, April 23, 2008 1:32 PM
>>> To: [email protected]
>>> Subject: Re: [spamdyke-users] Greylisting wishes
>>>
>>>
>>> On 4/23/2008 [EMAIL PROTECTED] wrote:
>>>
>>>
>>>
>>>> I could do that if it would be useful. Now is the time
>>>>
>>>>
>>> for changes
>>>
>>>
>>>> like this, since version 4.0 won't be backwards compatible
>>>>
>>>>
>>> anyway.
>>>
>>>
>>>> What about changing the log message for other reasons too? For
>>>> example, ALLOWED_WHITELISTED_IP, ALLOWED_WHITELISTED_SENDER, etc.
>>>>
>>>>
>>> I'd like to see that sort of addition to the logging, too.
>>>
>>> Thanks,
>>>
>>> Bucky
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> [email protected]
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>>>
>> _______________________________________________
>> spamdyke-users mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
