> On Tue, 8 Sep 2009, Clunk Werclick wrote: > > > On Tue, 8 Sep 2009, Clunk Werclick wrote: > > > > I have it now - the only disappointment for me is it does not log the > > > > 'to' or 'from' or client ip.
Blew away most of this thread already, before it started getting my attention. Anyway, just checked archives, and there appears to be something fishy that needs to be dealt with -- before we start barking up the tree for custom logs. The log snippet you did show us, and which you claimed is *all* you ever got, is not what SA logs. Basically, it is "starting", "stopping" and the prefork log messages. Granted, you killed spamd just a few minutes after starting. But since you said you never saw anything else, I'll go by that. This is, what SA actually logs per message -- both. http://wiki.apache.org/spamassassin/SpamdSyslogFormat Better? There you got all rules hit. You're missing out on that. > > Sadly, no. As Fetchmail is polling a remote POP3 server, the only part > > of the system to see *all* of the information, is Spamassassin. The MTA > > only sees 'localhost' from Fetchmail. Postfix parses out some > > information, but the client IP is missing. If I could change the way > > Spamassassin logs and what it logs, I would be - how do you put it - > > 'cooking on gas'. In some other post you said, you want to log the last external hop. Well, frankly, since you are feeding spamd (at least partially) from fetchmail, it is not exactly SA's fault that your MTA doesn't know about the last-external, handing-over client. Now, there would be quite a lot of possibilities. Cause SA does know. Since the last external IP and rDNS are available as templates (see the Conf docs), it is trivial to have SA add them as a custom Last-External header. However, you also said you Reject spam [1], so you don't deliver these anywhere. Yet, you want the info. If there is (or would be) procmail somewhere in that chain, which is easy to do for the fetchmail chunk only, logging that specific header is trivial. Along with other information. Also, there's the possibility to either patch spamd to log more (see above), or preferably, to hack a custom logging plugin. This of course should have access to the metadata, and thus the last external hop. However, as a pre-requisite, you need to sort out your logging. Again, see the link above and compare to your actual logs. As long as you don't get those, any solution *within* SA is a lost battle. guenther [1] Something that's quite disturbing. You are not rejecting fetchmail fetched spam, are you? These have been accepted by the MX SMTP already. Hope you do not bounce that spam back to the *forged* sender... -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
