On 3/25/11 10:42 AM, "Alex" <mysqlstud...@gmail.com> wrote:
> Hi,
>
>>> But it seems like there is a reset in the URIBL_RHS_DOB database or
>>> something.
>>>
>>> A lot of domains that are not new domains are now listed.
>>
>> It appears to be hitting on a lot of mail today:
>> $ grep DOB /var/log/mail/info.log | cut -d\ -f 1,2 | uniq -c
>> 119 Mar 20
>> 174 Mar 21
>> 168 Mar 22
>> 310 Mar 23
>> 10527 Mar 24
>
> Isn't "DOB" a bit of a broad pattern to be matching for something like
> this? Unless there's something else than the obvious in that info.log
> file, or you know something I don't, why wouldn't you just search on
> the full rule name?
I'll accept that criticism. Looks like I got a few quarantine tags,
message-id's, and FRT_ADOBE2 rule hits. But it doesn't affect the order of
magnitude significantly.
$ grep URIBL_RHS_DOB /var/log/mail/info.log | cut -d\ -f 1,2 | uniq -c
119 Mar 20
168 Mar 21
168 Mar 22
276 Mar 23
13439 Mar 24
1844 Mar 25
And some of the discrepancy is amavis continuation lines:
Mar 24 12:08:12 sa amavis[12315]: (12315-04) ...RHS_DOB=0.276,
US_DOLLARS_3=2.523] autolearn=disabled
Mar 24 12:27:11 sa amavis[13861]: (13861-13) ...RHS_DOB=0.276,
US_DOLLARS_3=2.523] autolearn=disabled
Mar 24 14:07:33 sa amavis[29001]: (29001-04) ..._RHS_DOB=0.276,
US_DOLLARS_3=2.523] autolearn=disabled
Mar 24 18:25:07 sa amavis[11933]: (11933-02) ...DOB=0.276]
autolearn=disabled
>
> Just curious, I guess.
>
> Thanks,
> Alex
