Log file format |
Post Reply 
|
| Author | |
stupid48 
Newbie 
Joined: 13 August 2008 Status: Offline Points: 2 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Log file formatPosted: 13 August 2008 at 1:34pm |
|
Hi there,
We have been a long time user of your product. In order for us to allow our helpdesk to search for failed incoming e-mails, I wrote an asp.net application that allows them to search the logs based on a date and an e-mail address. I noticed that one of the rejected e-mail failure reasons (EmailTO is not in AuthorizedTOEmail list) has a different result at the end of the failure. Most of the time, a failure ends in the log with either "will be rejected" or "will be disconnected". These are the phrases that I use to key on in my program. The failure noted above does not really have a failure notice. It just ends in "disconnect". Would it be possible to end this type of failure in the same way that the other failures do? Maybe in the next version???
Here is the log section I am talking about...
08/13/08 00:02:37:310 -- (2932) Connection from: 66.xx.xx.205 - Originating country : United States
08/13/08 00:02:37:435 -- (2932) Received MAIL FROM: administrator@xxxx.xx 08/13/08 00:02:37:450 -- (2932) Received RCPT TO: ckli@xxxxx.gov 08/13/08 00:02:37:466 -- (2932) - EmailTO is not in AuthorizedTOEmail list... 08/13/08 00:02:37:497 -- (2932) Resolving 66.xx.xx.205 - mail.xxxxx.com 08/13/08 00:02:37:700 -- (2932) found SPF record for xxxx.xx: v=spf1 ip4:66.xx.xx.192/27 a mx -all 08/13/08 00:02:37:700 -- (2932) SPF query result: pass 08/13/08 00:02:37:700 -- (2932) - SPF analysis for xxxx.xx done: - pass 08/13/08 00:02:37:700 -- (2932) Mail from: administrator@xxxx.xx 08/13/08 00:02:37:857 -- (2932) - MAPS search done... 08/13/08 00:02:37:857 -- (2932) RCPT TO: ckli@xxxxx.gov accepted 08/13/08 00:02:37:919 -- (2932) Disconnect So what I am looking for is to change "disconnect" to:
Mail from: administrator@xxxx.xx To: ckli@xxxxx.gov will be rejected
It would be great for us if that could be done, pretty please....
Thanks, Chris
|
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 17 August 2008 at 10:16pm |
|
The behavior on what happens when an email is not in Authorized TO whitelist is dictated by a parameter in the SpamFilter.ini file (DisconnectOnNonAuthorizedTO). Depending on this value connections can be immediately disconnected when an email address is not in that list, or the rejection will be postponed till later. Partly due to this reason, the rejection message was made different than the other cases several years ago when this list was implemented. Since then, there have been several products and customers who have been parsing SpamFilter's logs for reports, and for this reason we are *very* hesitant in changing existing logging syntax in order to prevent problems in anyone who is relying on the current specific format in their reports.
|
|
|
|
|
stupid48
Newbie
Joined: 13 August 2008 Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 28 August 2008 at 9:03pm |
|
Thanks for the quick response. I understand what you are saying. I set the entry, DisconnectOnNonAuthorizedTO to TRUE and now I get the full "will be disconnected" log entry. Now, since you have an .ini entry for notauthorizedto to display the disconnected line, could we get some more options for some of the other reasons to get rejected? For example, the "detected blank HTML email with specified attachment" reason. It also just displays:
08/28/08 14:41:36:282 -- (5272) Detected blank HTML email with specified attachment
08/28/08 14:41:36:344 -- (5272) Blacklist cache - Added 198.190.190.99 to limbo 08/28/08 14:41:36:547 -- (5272) SFDB - Added 198.190.190.99 - Response: Error=0 08/28/08 14:41:36:547 -- (5272) Disconnect Again, it would be nice if we could set a toggle in the .ini similar to the DisconnectOnNonAuthorizedTO option for blank email....
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.143 seconds.