7.2.9  
Download Now
 
 

Sawmill Discussion Forum

Subject: "Sendmail Log filters" Archived thread - Read only
    Previous Topic | Next Topic
Printer-friendly copy     Email this topic to a friend    
Conferences Support Topic #1465
Reading Topic #1465
Craig Schar
unregistered user
 Mar-31-04, 02:34 PM (PDT)
 
"Sendmail Log filters"
 
   Hello, I am trying to do some log analysis on Sendmail, filtering for certain virus log entries. It all works fine, but I am having a problem where log entries for the to and from are not lining up. Very often due to our anti-spam/anti-virus activities, there will be a from: line, followed by a to: line from a another email. Sawmill is reporting incorrect from entries. I don't know exactly how to explain it, but in the following log example, merrie.duflot is listed as having sent this email:

Top froms (more info)


From Hits Bandwidth Hits bar
1 <merrie.duflot@dhs.state.tx.us>
1 1.37k
Top tos (more info)


To Hits Bandwidth Hits bar
1 <angela.bibby@tcada.state.tx.us>
1 1.37k

When the log information shows that she was not the sender, and in fact it was rosynurse.... It is as if because merrie jumped in before the other email was complete, it is not reporting based on the mqueue id (i2TG2MYM024059 instead of i2TG2SS2024069)


Mar 29 10:02:28 romulus sendmail<24059>: i2TG2MYM024059: from=<rosynurse@aol.com>, size=30470, class=0, nrcpts=1, msgid=
<200403291602.i2TG2MYM024059@romulus.tcada.state.tx.us>, proto=SMTP, daemon=MTA, relay=wan-v3qsaib.dal2.biz.mindspring.c
om <199.174.42.75>
Mar 29 10:02:28 romulus sendmail<24069>: i2TG2SS2024069: from=<merrie.duflot@dhs.state.tx.us>, size=1406, class=0, nrcpt
s=1, msgid=<C98621D17B337E4284E03A4BAA76F6A50E4B6E47@ausmis09.dhs.state.tx.us>, proto=SMTP, daemon=MTA, relay=ausmis36.d
hs.state.tx.us <147.80.32.55>
Mar 29 10:02:28 romulus mimedefang.pl<1119>: MDLOG,i2TG2MYM024059,virus,Worm.SomeFool.I,199.174.42.75,<rosynurse@aol.com
>,<angela.bibby@tcada.state.tx.us>,Re: Details
Mar 29 10:02:28 romulus mimedefang.pl<1119>: filter: i2TG2MYM024059: bounce=1
Mar 29 10:02:28 romulus mimedefang<24060>: i2TG2MYM024059: Bouncing because filter instructed us to
Mar 29 10:02:28 romulus sendmail<24059>: i2TG2MYM024059: Milter: data, reject=554 5.7.1 Virus Worm.SomeFool.I found in m
ail - rejected
Mar 29 10:02:28 romulus sendmail<24059>: i2TG2MYM024059: to=<angela.bibby@tcada.state.tx.us>, delay=00:00:06, pri=60470,
stat=Virus Worm.SomeFool.I found in mail - rejected

Any help would be greatly appreciated, I am sure I am screwing something up. Thanks.

Craig Schar
Texas Commission on Alcohol and Drug Abuse



  Printer-friendly page | Top
i21
Member since Mar-21-02
1832 posts		 Apr-05-04, 10:27 AM (PDT)
Click to EMail i21 Click to view user profileClick to add this user to your buddy list  
1. "RE: Sendmail Log filters"
In response to message #0
 
Hi, I am no expert on mail logs, but if you send over a sample I can have a look and see if we can do this a bit better.

Cheers,
--
Graham
support@thesawmill.co.uk


  Printer-friendly page | Top

Conferences | Topics | Previous Topic | Next Topic
 
 
Home    Lite    Professional    Enterprise    Samples    FAQ    Downloads    Purchase    Manual    Support    Contact Us
Copyright © 2007 by Flowerfire. Privacy Policy