On Sat, 26 Dec 2009, Dan Mahoney, System Admin wrote:
Hey there,
Background: Sendmail with spamd running on a different box, spamc called from
global procmail file.
I'm doing some nightly log-combing to look for interesting patterns,
including against other network traffic (like erroneous DNS lookups, I think
I might be on to something).
However, one of the annoying things about spamassassin's logging is that it
fails to log the remote connecting ip, even though it places it in special
places in the logs:
take for example:
Dec 26 08:41:51 quark spamd[87490]: spamd: connection from prime.gushi.org
[snip..]
Is logging output configurable that I could add the value of the "relay="
line into the output? Or perhaps the value of "X-Envelope-To?"
Also, does spamc have any concept of the "short" (ESMTP) messageid, as
defined by sendmail's queues? (nBQDcLck027423). In terms of parsing logs,
this is a much more useful correlation point, since it's that identifier that
every other milter uses, and every other thing that writes to maillog uses.
(But I understand if it's not possible since the API is different).
For example, grepping for that self-same messageid, other than spamc, gives
me the whole story. Sender, recipient, every milter it's been through.
[snip..]
Thoughts?
-Dan Mahoney
What about using a milter to tie spamassassin into your sendmail instead
of running spamc from procmail? The milter has access to all the desired
info (both from sendmail & spamd) and you can log what ever you desire.
By the time you get to procmail the message is already in the 'delivery'
phase and some of your desired info is no longer available.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
