Am 19.06.2015 um 16:34 schrieb Axb:
On 19.06.2015 16:24, Reindl Harald wrote:Am 19.06.2015 um 16:19 schrieb Axb:Postfix/MTA/Glue Session IDs, etc... having the data in a DB also allows all kinds of stats.nonsense, there is *nothing* to xfer the other log entries and the timestamp is for sure nothing you can rely on in case of multiple mails arrive at the same time Jun 19 11:10:55 mail-gw spamd[25089]: spamd: result: . 4 - BAYES_50,HTML_MESSAGE,MISSING_MID,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD,SPF_NONE scantime=1.9,size=5966,user=sa-milt,uid=189,required_score=5.5,rhost=localhost,raddr=127.0.0.1,rport=/run/spamassassin/spamassassin.sock,mid=(unknown),bayes=0.599086,autolearn=disabled,shortcircuit=noif you only have one user=sa-milter then you're screwed
and how does a "user=rcpt" give you any useful information to grep for the sender of the mail in the case above?
Your system design limits you. Maybe you should reconsider your spamd options so it logs the recipient using -q
besides that the RCPT don't matter when you miss the sender-information and "-q, --sql-config Enable SQL config (needs -x)" not my design limits me, the missing informations in the logs can't be recovered
when you see a "spamd: result" with a high score you are interested in the sender, in many cases both, envelope and from-header
envelope=_SENDERDOMAIN_, from=_AUTHORDOMAIN_ would be the interesting data but currently it's only available in the headers which don't help in case messages are not your owns but you want to analyze if something needs to be adjusted
signature.asc
Description: OpenPGP digital signature
