2009/9/7 Wietse Venema :
> You need to find the FIRST logfile record with C74FC6A60A0.
> That record was logged 160062 seconds ago (almost 2 days).
>
> Jul 23 07:01:23 server_name postfix/smtp[30845]: C74FC6A60A0:
> ==
> to=, relay=none, delay=160
Hi,
I understand now. But there are very very old queue IDs - older than
my logs so I can't find where the user comes from. Is there a
possibility how to set some limit how old at maximum can the queue ID
be (the postfix would reset the queue ID after this time)? Or is there
a possibility how to "
Martina Tomisova:
[ Charset ISO-8859-1 unsupported, converting... ]
> >> not every time. Actually this line is missing just in cases the spam
> >> is sent. :) How's that possible? Any ideas how can I get the IP
> >> address of the sender in such case?
> >
> > From the SMTP server's PROCESS ID field
There is no pickup process so I believe that the server is OK. Thank
you for your warning and I'm sorry for not pasting logs.
2009/9/7 /dev/rob0 :
> On Monday 07 September 2009 07:25:52 Martina Tomisova wrote:
>> I'm analyzing logs to find the spam source and I've understood
>> that if someone sen
>> not every time. Actually this line is missing just in cases the spam
>> is sent. :) How's that possible? Any ideas how can I get the IP
>> address of the sender in such case?
>
> From the SMTP server's PROCESS ID field in the logfile.
I've investigated this and I haven't found any connection bet
Wietse Venema:
> Martina Tomisova:
> > Hi,
> >
> > I'm analyzing logs to find the spam source and I've understood that if
> > someone sends the message, one of the first lines written to the log
> > file is a line containing the queue id and 'client=IP_ADDRESS'. But
>
> That is incorrect.
>
> T
On Monday 07 September 2009 07:25:52 Martina Tomisova wrote:
> I'm analyzing logs to find the spam source and I've understood
> that if someone sends the message, one of the first lines written
> to the log file is a line containing the queue id and
> 'client=IP_ADDRESS'.
This is only true if the
Martina Tomisova:
> Hi,
>
> I'm analyzing logs to find the spam source and I've understood that if
> someone sends the message, one of the first lines written to the log
> file is a line containing the queue id and 'client=IP_ADDRESS'. But
That is incorrect.
The SMTP server logs the client= onc
Hi,
I'm analyzing logs to find the spam source and I've understood that if
someone sends the message, one of the first lines written to the log
file is a line containing the queue id and 'client=IP_ADDRESS'. But
not every time. Actually this line is missing just in cases the spam
is sent. :) How's