Marc Sherman wrote: > jean-paul natola wrote: >> thats what I thought, However, see below >> >> milter# grep jnatola /var/log/exim/rejectlog >> Envelope-to: <[EMAIL PROTECTED]> >> for [EMAIL PROTECTED]; Fri, 05 Jan 2007 11:45:33 -0500 >> T To: [EMAIL PROTECTED] >> Envelope-to: <[EMAIL PROTECTED]> >> for [EMAIL PROTECTED]; Fri, 05 Jan 2007 12:27:31 -0500 >> T To: [EMAIL PROTECTED] >> > > Exigrep does not, in fact, work on rejectlog in the general case. It > only works on the lines within rejectlog that happen to look like > standard exim mainlog lines, because the way exigrep works is by finding > lines with matches, finding the messageids those lines apply to, and > then finding all log lines relating to those message ids.
That may indeed be the 'plan'. > Since the > header dump parts of the rejectlog don't have message ids on them, it > doesn't work. > > - Marc > But where in this is there a message ID? (more on which below...) ==== conducive# exigrep 203.177.244.141 /var/log/exim/rejectlog 2006-10-22 00:15:44 H=(PC.97seezf.com) [203.177.244.141]:2237 I=[203.194.153.81]:25 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5 [EMAIL PROTECTED] invalid address: No such account here. 2006-10-22 00:15:44 H=(PC.97seezf.com) [203.177.244.141]:2237 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:15:50 H=(PC.jdarno.net) [203.177.244.141]:2384 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:16:09 H=(PC) [203.177.244.141]:2413 I=[203.194.153.81]:25 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5 [EMAIL PROTECTED] invalid address: No such account here. 2006-10-22 00:16:09 H=(PC) [203.177.244.141]:2413 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:16:32 H=(PC) [203.177.244.141]:2622 I=[203.194.153.81]:25 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5 [EMAIL PROTECTED] invalid address: No such account here. 2006-10-22 00:16:32 H=(PC) [203.177.244.141]:2622 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:17:20 H=(t3sug.1eab.optonline.net) [203.177.244.141]:2956 I=[203.194.153.81]:25 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: H7 0 invalid rDNS=20 Source HELO Name Blacklisted=50 Mismatched ID in HELO=5 [EMAIL PROTECTED] invalid address: No such account here. 2006-10-22 00:17:20 H=(t3sug.1eab.optonline.net) [203.177.244.141]:2956 I=[203.194.153.81]:25 rejected DATA: PD16 235 RFC points for H7 0 invalid rDNS=20 Source HELO Name Blacklisted=50 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:17:24 H=(PC) [203.177.244.141]:3059 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:17:30 H=(PC.me1uey.org) [203.177.244.141]:3066 I=[203.194.153.81]:25 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5 [EMAIL PROTECTED] invalid address: No such account here. 2006-10-22 00:17:30 H=(PC.me1uey.org) [203.177.244.141]:3066 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:19:13 H=(PC) [203.177.244.141]:3736 I=[203.194.153.81]:25 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5 [EMAIL PROTECTED] invalid address: No such account here. 2006-10-22 00:19:13 H=(PC) [203.177.244.141]:3736 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:19:14 H=(PC) [203.177.244.141]:3740 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors 2006-10-22 00:19:15 H=(PC) [203.177.244.141]:3742 I=[203.194.153.81]:25 F=<[EMAIL PROTECTED]> rejected RCPT <[EMAIL PROTECTED]>: H7 0 invalid rDNS=20 Mismatched ID in HELO=5 [EMAIL PROTECTED] invalid address: No such account here. 2006-10-22 00:19:15 H=(PC) [203.177.244.141]:3742 I=[203.194.153.81]:25 rejected DATA: PD16 185 RFC points for H7 0 invalid rDNS=20 Mismatched ID in HELO=5 Missing rDNS PTR record=150 RFC errors === Next, I took the timestamp 'range' and manually looked at both ~/mainlog and ~/rejectlog to see if those entries show a messageID anythere. It may (should) exist in the (any) message - at least that gets as far as the 'DATA' phase before rejection. BUT: - Running with: 'log_selector = +all -all_parents -queue_run -arguments' (which does not omit message-ID's) - A Mark-I eyeball search of the time-range for the above in both ~/mainlog and ~/rejectlog does NOT list a message ID. - Further, traffic rejected at RCPT time should not have had either an Exim-assigned ID yet applied, NOR have onpassed 'visible' header/body content (which awaits DATA phase) that would have included sender-MUA/MTA assigned messageID. Weird, that. Bug? "Feature"? Anomaly specific to bog-standard 4.6X FreeBSD port install? Now curious... Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
