On 19.06.2015 16:43, Reindl Harald wrote:
Am 19.06.2015 um 16:34 schrieb Axb:
On 19.06.2015 16:24, Reindl Harald wrote:
Am 19.06.2015 um 16:19 schrieb Axb:
Postfix/MTA/Glue Session IDs, etc... having the data in a DB also
allows all kinds of stats.
nonsense, there is *nothing* to xfer the other log entries and the
timestamp is for sure nothing you can rely on in case of multiple
mails arrive at the same time
Jun 19 11:10:55 mail-gw spamd[25089]: spamd: result: . 4 -
BAYES_50,HTML_MESSAGE,MISSING_MID,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,SPF_NONE
scantime=1.9,size=5966,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=/run/spamassassin/spamassassin.sock,mid=(unknown),bayes=0.599086,autolearn=disabled,shortcircuit=no
if you only have one user=sa-milter then you're screwed
and how does a "user=rcpt" give you any useful information to grep for
the sender of the mail in the case above?
Your system design limits you. Maybe you should reconsider your spamd
options so it logs the recipient using -q
besides that the RCPT don't matter when you miss the sender-information
and "-q, --sql-config Enable SQL config (needs -x)" not my design
limits me, the missing informations in the logs can't be recovered
when you see a "spamd: result" with a high score you are interested in
the sender, in many cases both, envelope and from-header
envelope=_SENDERDOMAIN_, from=_AUTHORDOMAIN_ would be the interesting
data but currently it's only available in the headers which don't help
in case messages are not your owns but you want to analyze if something
needs to be adjusted
again: "Your system design limits you"
my glue allows me to log all that in SQL and Xref it.
My SA/spamd's syslog's entries are mainly I/O noise, except for a quick
tail check to see if a rule is hitting.
If you want all the bells and whistles in SA you either have to hack
your SA source or submit patches and/or a detailed RFE which may or not
be accepted.
