The current MID level (release and beta, not interim) works
fine for me. I think I'm not the only user that want to have this log level also
in the future - whatever name it would have (MID, MIDH, HIGH, MIDOLD,
....)
The format described below ("HEADERLINE=WARN SORBS-SPAM(DYNA)=WARN[3]...") would
be usefull if different action files are present but all the WARNs would be
pretty useless if there is a single $default$.junkmail file. I know the
actions are present also in the current MID level log format but if you
want decrease logfile size why include 10000 x "WARN"? What would WARN cause in
the worst case?
I think the argument about missing BAD/SPAMHEADER codes is
very important.
The current format in my opinion is "easy to read" because
every test result has his own line and I can easily see which tests failed a
certain message:
CBL (Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=24.84.122.251). Action="">DSBL (http://dsbl.org/listing?ip=24.84.122.251). Action="">SPAMCOP (Blocked - see http://www.spamcop.net/bl.shtml?24.84.122.251). Action="">FIVETEN-SRC
(251.122.84.24.blackholes.five-ten-sg.com.). Action="">XBL-DYNA (http://www.spamhaus.org/xbl/xbl.lasso?query=24.84.122.251). Action="">NOABUSE (Not supporting [EMAIL PROTECTED]). Action="">REVDNS (This E-mail was sent from a MUA/MTA
24.84.122.251 with no reverse DNS entry.). Action="">ROUTING (This E-mail
was routed in a poor manner consistent with spam [2000010f].).
Action="">SPAMCHK (Message failed SPAMCHK: 83.).
Action="">BLKLST-COUNTRY (Message failed BLKLST-COUNTRY test (line 226,
weight 15)). Action="">WEIGHT100 (Weight of 263 reaches or exceeds the
limit of 100.). Action="">
VS
CBL=WARN. DSBL=WARN. SPAMCOP=WARN.
FIVETEN-SRC="" REVDNS=WARN. ROUTING=WARN. SPAMCHK=WARN.
BLKLST-COUNTRY=IGNORE. WEIGHT100=HOLD.
Aaah, the first message
has failed XBL-DYNA! And the second one ???
Also if you scroll trough
hundreds and thousands of test results the second LOG file format will urge you
to buy a horizontal scroll mouse. ;-)
Until now Declude was
very backward compatible. So my suggestion: leave MID as it is, and introduce
new levels if they are asked under a new name.
Maybe you can leave out
from MID something like "This E-mail was routed in a poor manner consistent with
spam" and "Message failed [TESTNAME]"
By doing this the logfile
size can be reduced by 15 to 20% without loosing any information.
Markus
|
- [Declude.JunkMail] Interim Log Level Low and IP Matt
- Re: [Declude.JunkMail] Interim Log Level Low an... R. Scott Perry
- Re: [Declude.JunkMail] Interim Log Level Lo... Matt
- Re: [Declude.JunkMail] Interim Log Level Lo... System Administrator
- Re: [Declude.JunkMail] Interim Log Leve... Darin Cox
- Re: [Declude.JunkMail] Interim Log Leve... R. Scott Perry
- RE: [Declude.JunkMail] LOGLEVEL MID ... Andy Schmidt
- Re: [Declude.JunkMail] Interim Log ... System Administrator
- Re: [Declude.JunkMail] Interim Log ... Matt
- Markus Gufler