On Tue, 8 Sep 2009, Clunk Werclick wrote:
On Tue, 2009-09-08 at 09:34 -0700, John Hardin wrote:
On Tue, 8 Sep 2009, Clunk Werclick wrote:
I have it now - the only disappointment for me is it does not log the
'to' or 'from' or client ip.
You may be able to determine that if you correlate more than one log. SA
logs the message-ID, and the MTA log should give you enough information to
determine the client IP address given the message-ID.
Sadly, no. As Fetchmail is polling a remote POP3 server, the only part
of the system to see *all* of the information, is Spamassassin. The MTA
only sees 'localhost' from Fetchmail. Postfix parses out some
information, but the client IP is missing. If I could change the way
Spamassassin logs and what it logs, I would be - how do you put it -
'cooking on gas'.
And I don't suppose you can get the logs from the MTA fetchmail is
retrieving from.
Do you have your trust list set up to trust that MTA?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
It is criminal to teach a man not to defend himself when he is the
constant victim of brutal attacks. -- Malcolm X (1964)
-----------------------------------------------------------------------
9 days until the 222nd anniversary of the signing of the U.S. Constitution
