On Thu, 17 May 2012, Chris Hunt wrote:
I'm hoping to track scores by sender IP. Do any gurus know how I can
get the original sender's IP address into this log line?
May 17 04:08:19 mail01 spamd[20409]: spamd: result: . 2 -
AWL,BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_02,HTML_MESSAGE,SPF_HELO_PASS,URIBL_WS_SURBL
scantime=0.9,size=9109,user=happy...@willapabay.org,uid=105,required_score=5.0,rhost=mail01-01.reachone.com,raddr=127.0.0.1,rport=36534,mid=<16780360.84...@patriotupdate.com>,bayes=0.500889,autolearn=no
Please note that since it's a Postfix milter, the spamd daemon sees
[remoteaddr] as 127.0.0.1:
May 17 16:27:38 mail1spamd[2187]: spamd: [...] [127.0.0.1] for
drsmo...@olynet.com:104 in 2.2 seconds, 2373 bytes.
I'm hoping custom spamassassin plugin is not the answer :)
I know this doesn't directly answer the question you're asking, but how
about looking up the mid (msgid) in the Postfix log lines to get the
source IP? That should be fairly simple to do in a perl logfile parser.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The real opiate of the masses isn't religion; it's the belief that
somewhere there is a benefit that can be delivered without a
corresponding cost. -- Tom of "Radio Free NJ"
-----------------------------------------------------------------------
2 days until SpaceX Dragon first mission to ISS
