Dan Mahoney, System Admin wrote: > On Tue, 9 Oct 2007, Steven Kurylo wrote: > >>> Parsing the SA logs would be easy, but the connecting IP isn't listed >>> there. >> As I mentioned, I'm parsing exim's logs. It contains the spam score and the >> IP address. > > Oh, that's true enough. I was musing on parsing my own logfiles as > opposed to plugins. Not enough info since I'm rejecting at the procmail > level, not the MTA (sendmail) level. > > -Dan
message-id from spam(d/assassin) log line, message-id -> queue-id, queue-id -> connecting IP. Shouldn't be too hard to write in perl, just have to keep track of active (hasn't finished local delivery) IP/QID/MID triples. Also depending on your MTA you may be able to pass the connecting IP to procmail.
