exim rejectlog with log snippets and new ideas, (was: Re: exim log analysis)
Joost van Baal
joostvb at logreport.org
Thu Aug 25 11:50:41 CEST 2005
Hi Tom,
On Thu, Aug 25, 2005 at 10:47:32AM +0100, Tom Northeast wrote:
>
<snip>
> Then Joost and I discovered that in Exim's Rejectlog, after the
> timestamped line containing the rejection reason, the messages header
> is dumped to the log file. On the first line of the header is the
> email's Envelope entry. eg.
>
> 2005-02-02 14:04:02 1CwL6w-xxxxx-A5 H=crc2.xxxxx.us (mail01.xxxxx.us) [206.158.x.x] I=[193.108.x.x]:25 F=<tester at testvirus.org> rejected after DATA: Virus/Trojan detected in this email (Eicar-Test-Signature)
> Envelope-from: <tester at testvirus.org>
> Envelope-to: <xxxxx at xxxxxxx.com> {this is the part I require)
>
> I think that this is now the only realistic option I have for
> producing the analysed results I require. If anyone could help me
> getting started with a DLF converter
Do timestamped lines alternate with header chunks always? If not, this
logfile is likely not machine-parsable... Or does the last line of a
header chunk have some special token? Could you give a more complete
example of what's in exim's reject-log?
Thanks for posting this summary!
Bye,
Joost
--
. . http://logreport.com/
| '.| /^LogReport$/
| Lire http://logreport.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.logreport.org/pipermail/questions/attachments/20050825/e80accf7/attachment.bin
More information about the Questions
mailing list