Wietse Venema:
> Martina Tomisova:
> > Hi,
> >
> > I'm analyzing logs to find the spam source and I've understood that if
> > someone sends the message, one of the first lines written to the log
> > file is a line containing the queue id and 'client=IP_ADDRESS'. But
>
> That is incorrect.
>
> The SMTP server logs the client= once per SESSION not once per MESSAGE.
Oops, that is incorrect. It *is* a per-message record. If there is
no client= logging, then either your syslog server dropped the
logging, or the client gave up.
Wietse
> > not every time. Actually this line is missing just in cases the spam
> > is sent. :) How's that possible? Any ideas how can I get the IP
> > address of the sender in such case?
>
> >From the SMTP server's PROCESS ID field in the logfile.
>
> Wietse
>
>
