I see the connection on my MTA(sendmail), but only the allowed connection is
reported in the ASSP maillog:
Sendmail: grep for lisa.eby
Mar 25 12:22:10 mailgw1 sendmail[2953]: m2PHM8nT002953: from=<[EMAIL
PROTECTED]>, size=5120, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
relay=localhost.localdomain [127.0.0.1]
Mar 25 12:37:18 mailgw1 sendmail[5821]: m2PHavEj005821: collect: unexpected
close on connection from localhost.localdomain, sender=<[EMAIL PROTECTED]>
Mar 25 12:37:18 mailgw1 sendmail[5821]: m2PHavEj005821: from=<[EMAIL
PROTECTED]>, size=0, class=0, nrcpts=1, proto=ESMTP, daemon=MTA,
relay=localhost.localdomain [127.0.0.1]
ASSP: grep for everything from ‘lisa.eby’… grepping verizonbusiness.com shows
the same.
[assp]# grep lisa.eby /usr/local/assp/maillog.txt
Mar-25-08 12:37:17 id-66633-23036 [BombData] 198.4.8.167 <[EMAIL PROTECTED]>
to: [EMAIL PROTECTED] SPAM FOUND (BombData: 'cialis')
ASSP: grep by server IP
[EMAIL PROTECTED] assp]# cat maillog.txt | grep -i "198.4.8.167"
Mar-25-08 12:37:17 id-66633-23036 [BombData] 198.4.8.167 <[EMAIL PROTECTED]>
to: [EMAIL PROTECTED] SPAM FOUND (BombData: 'cialis')
What happened to assp’s log of the connection attempt from 12:22:10? Ideas?
Paul K. Dickson
Systems Administrator III
Frederick County Government, I.I.T.
301-600-2399
No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.21.8/1340 - Release Date: 3/23/2008 6:50
PM
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
