Re: log sender IP

Fri, 18 May 2012 16:02:37 -0700 

On Thu, May 17, 2012 at 4:35 PM, Chris Hunt <[email protected]> wrote:
> I'm hoping to track scores by sender IP.  Do any gurus know how I can
> get the original sender's IP address into this log line?
>
> May 17 04:08:19 mail01 spamd[20409]: spamd: result: . 2 -
> AWL,BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_02,HTML_MESSAGE,SPF_HELO_PASS,URIBL_WS_SURBL
> scantime=0.9,size=9109,[email protected],uid=105,required_score=5.0,rhost=mail01-01.reachone.com,raddr=127.0.0.1,rport=36534,mid=<[email protected]>,bayes=0.500889,autolearn=no
>
> Please note that since it's a Postfix milter, the spamd daemon sees
> [remoteaddr] as 127.0.0.1:
>
> May 17 16:27:38 mail1spamd[2187]: spamd: [...] [127.0.0.1] for
> [email protected]:104 in 2.2 seconds, 2373 bytes.
>
> I'm hoping custom spamassassin plugin is not the answer :)
>
> TIA,
> Chris
>
>
>
>

For anyone who cares, this is what I came up with.  Please note my
Perl skills are really weak, so if anyone has any optimizations, I'd
welcome them :

--- spamd.orig  2012-05-17 21:52:27.000000000 -0700
+++ spamd       2012-05-18 15:56:06.000000000 -0700
@@ -1630,9 +1630,29 @@

   my $scantime = sprintf( "%.1f", time - $start_time );

-  info("spamd: $was_it_spam ($msg_score/$msg_threshold) for
$current_user:$> in"
-       . " $scantime seconds, $actual_length bytes." );
+##########################################################################################
+##
+##  Hack added by to add relay server addresses to base report for
fail2ban etc.
+##  2012-05-18: First Draft
+##
+
+  my @from_addrs = $mail->get_pristine_header("Received");
+  my $nums = @from_addrs;
+  my $line;
+  my @raddrs;
+  foreach $line (@from_addrs){
+    if($line=~/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/) {
+       if($1 == 127 && $2 == 0 && $3 == 0 && $4 == 1) {
+       }else{
+         push(@raddrs, "$1.$2.$3.$4");
+       }
+    } # end if
+  } # end foreach
+  my $from_addrs2 = join(",",@raddrs);
+  info("spamd: result: $was_it_spam ($msg_score/$msg_threshold) in
$nums relays from $from_addrs2 for $current_user:$> in $scantime
seconds, $actual_length bytes." );

+
+############################################################################################
   # add a summary "result:" line, based on mass-check format
   my @extra;
   push(@extra, "scantime=".$scantime, "size=$actual_length",

Reply via email to