>Unfortunately, qmail-smtpd logs nothing itself, and tcpserver only logs
>connections and exit status of qmail-smtpd. There is therefore no surefire
>way to correlate entries in the qmail-smtpd log and the qmail-send logs.
>However, it is rarely critical -- qmail-analog can determine from the
>qmail-send log alone which messages arrived over the network.
Yeah, I agree. I was really mostly hoping to find that there was something
qmailanalog-esque that could read the qmail-smtpd(tcpserver) log and
rank/show IP connection info.
>Various people have posted patches to qmail-smtpd to make it log more
>information. You could also do it by writing a wrapper around qmail-queue
>(used only by qmail-smtpd, not qmail-inject or forward, etc) which logs
>various info.
I have seen these as well, they are fine if you are viewing the logs
manually, but I'm shooting for totals and averages. Like I said, I'm not
opposed to writing a log parser to handle that log, but I'm kind of surprised
that there isn't one already. Is erybody using header info currently to
track down spammer machine IPs? I'd would prefer to be able to see which IP
connected how many times and when myself...
Thanks for the info Charles.
Mike Culbertson
