RE: [Declude.JunkMail] Interim Log Level Low and IP

[Markus Gufler]

The current MID level (release and beta, not interim) works fine for me. I think I'm not the only user that want to have this log level also in the future - whatever name it would have (MID, MIDH, HIGH, MIDOLD, ....)   The format described below ("HEADERLINE=WARN SORBS-SPAM(DYNA)=WARN[3]...") would be usefull if different action files are present but all the WARNs would be pretty useless if there is a single $default$.junkmail file. I know the actions are present also in the current MID level log format but if you want decrease logfile size why include 10000 x "WARN"? What would WARN cause in the worst case?   I think the argument about missing BAD/SPAMHEADER codes is very important.   The current format in my opinion is "easy to read" because every test result has his own line and I can easily see which tests failed a certain message:   CBL (Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=24.84.122.251). Action="">DSBL (http://dsbl.org/listing?ip=24.84.122.251). Action="">SPAMCOP (Blocked - see http://www.spamcop.net/bl.shtml?24.84.122.251). Action="">FIVETEN-SRC (251.122.84.24.blackholes.five-ten-sg.com.). Action="">XBL-DYNA (http://www.spamhaus.org/xbl/xbl.lasso?query=24.84.122.251). Action="">NOABUSE (Not supporting [EMAIL PROTECTED]). Action="">REVDNS (This E-mail was sent from a MUA/MTA 24.84.122.251 with no reverse DNS entry.). Action="">ROUTING (This E-mail was routed in a poor manner consistent with spam [2000010f].). Action="">SPAMCHK (Message failed SPAMCHK: 83.). Action="">BLKLST-COUNTRY (Message failed BLKLST-COUNTRY test (line 226, weight 15)). Action="">WEIGHT100 (Weight of 263 reaches or exceeds the limit of 100.). Action="">   VS   CBL=WARN. DSBL=WARN. SPAMCOP=WARN. FIVETEN-SRC="" REVDNS=WARN. ROUTING=WARN. SPAMCHK=WARN. BLKLST-COUNTRY=IGNORE. WEIGHT100=HOLD.   Aaah, the first message has failed XBL-DYNA! And the second one ??? Also if you scroll trough hundreds and thousands of test results the second LOG file format will urge you to buy a horizontal scroll mouse.  ;-)   Until now Declude was very backward compatible. So my suggestion: leave MID as it is, and introduce new levels if they are asked under a new name.   Maybe you can leave out from MID something like "This E-mail was routed in a poor manner consistent with spam" and "Message failed [TESTNAME]" By doing this the logfile size can be reduced by 15 to 20% without loosing any information.   Markus     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 26, 2004 6:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Interim Log Level Low and IP Let me ask people: do you think that it would be better to have the "Msg failed" lines in LOGLEVEL MID?  It would be nice to have a log level that was useful for most log analysis and not overly bloated for other reasons.  In fact, it would be nice to have  LOGLEVEL MID do a bit more trimming and combine two long lines into one, like so: ----- Combined Weights and Actions ----- 01/24/2004 05:50:14 Q4ddb009301dc335c From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]  IP: 216.74.146.148 Subject: Celebrate The Big Game with Super Snacks ID: i0O9ML5n020939 01/24/2004 05:50:14 Q4ddb009301dc335c Tests failed [weight=11]: HEADERLINE=WARN SORBS-SPAM(DYNA)=WARN[3] SORBS-SPAM(ALL)=WARN[1] FIVETEN-SUPPORT=WARN(3) IPNOTINMX=WARN NOLEGITCONTENT=WARN SNIFFER-WHITE=WARN GIBBERISH=WARN(4) HIGH-MAILPURE=ROUTETO HIGH-CUSTOMER=IGNORE HIGH-SUBJECT=SUBJECT HIGH-BOUNCE=IGNORE HIGH-RECIPS=WARN 01/24/2004 05:50:14 Q4ddb009301dc335c L1 Message OK Note that I also placed the Subject in the first field and moved the Message OK action to the last line.  I believe this still would allow for full functionality and it would cut the size down to about half of what it is currently.  I definitely don't care for individual MSG Failed lines at this log level. Matt