I think I sorta like both. Sam Clippinger wrote: > OK, I guess I've been working on version 4.0.0 for too long now because > I didn't realize I'd already implemented this feature (until I tried to > add it again). However, I didn't do it quite the way we described in > this thread; instead of changing the "ALLOWED" messages, I added a new > log level that will print out extra messages. (In fact, the entire log > level system has been revisited and reorganized). > > When the logging level is "verbose" or higher, messages like these will > be produced: > FILTER_RDNS_MISSING ip: 11.22.33.44 > FILTER_RDNS_BLACKLIST ip: 11.22.33.44 rdns: 11-22-33-44.example.com > file: /var/qmail/spamdyke/rdns_blacklist.txt(31) > FILTER_RBL_MATCH ip: 11.22.33.44 rbl: foorbl.example.com > FILTER_GRAYLISTED sender: [EMAIL PROTECTED] recipient: > [EMAIL PROTECTED] path: > /var/qmail/spamdyke/graylist.d/example.com/user/spamdomain.com/spammer > FILTER_WHITELIST_IP ip: 11.22.33.44 file: > /var/qmail/spamdyke/whitelist_ip.txt(7) > ...and so on. Any filter that triggers either an acceptance or a > rejection will produce a "FILTER" log message. Filters that only > examine the connection (but aren't triggered) won't produce any output > (unless the log level is increased to "debug" or higher). > > I chose this approach because it provides more information than just the > matching filter; it gives the file and line numbers, the directory > paths, etc. Because it requires setting the log level higher, it can be > enabled when someone wants to collect the data for analysis or turned > off if it is not wanted. > > Does that sound sufficient or should I remove it and change the > "ALLOWED" messages instead? > > -- Sam Clippinger > > Sam Clippinger wrote: >> "ALLOWED_GRAYLISTED" could be useful if graylisting isn't active for all >> domains. It would mean that the graylisting filter had checked for the >> existence of a graylist file for that connection (and found one). I >> agree it should be possible to match an "ALLOWED" with a previous >> "DENIED_GRAYLISTED" but that could involve searching log files from >> multiple days if the remote server doesn't attempt redelivery very quickly. >> >> -- Sam Clippinger >> >> Michael Colvin wrote: >> >>> Doesn't it already log "DENIED GREYLISTED" when it greylists an address, >>> then when it is sent again, and passes the greylist test, it logs >>> "ALLOWED"... Doesn't that already identify greylisted e-mails? Or, are we >>> talking about logging the fact that e-mails are allowed AND have already >>> been greylisted? Which, if you greylist all domains, would be every e-mail, >>> right? >>> >>> The "ALLOWED_WHITELISTED_*" items might be useful, but I don't see where >>> logging allowed greylisted e-mails makes sense... In fact, "Allowed >>> Greylist" seems kind of contradictory to me... :-) Just my .02, which, >>> with the state of the dollar, is worth even less today than last week. :-) >>> >>> >>> Michael J. Colvin >>> NorCal Internet Services >>> www.norcalisp.com >>> >>> >>> >>> >>> >>> >>> >>> >>> >>>> -----Original Message----- >>>> From: [EMAIL PROTECTED] >>>> [mailto:[EMAIL PROTECTED] On Behalf Of BC >>>> Sent: Wednesday, April 23, 2008 1:32 PM >>>> To: spamdyke-users@spamdyke.org >>>> Subject: Re: [spamdyke-users] Greylisting wishes >>>> >>>> >>>> On 4/23/2008 [EMAIL PROTECTED] wrote: >>>> >>>> >>>> >>>>> I could do that if it would be useful. Now is the time >>>>> >>>>> >>>> for changes >>>> >>>> >>>>> like this, since version 4.0 won't be backwards compatible >>>>> >>>>> >>>> anyway. >>>> >>>> >>>>> What about changing the log message for other reasons too? For >>>>> example, ALLOWED_WHITELISTED_IP, ALLOWED_WHITELISTED_SENDER, etc. >>>>> >>>>> >>>> I'd like to see that sort of addition to the logging, too. >>>> >>>> Thanks, >>>> >>>> Bucky >>>>
-- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users