Re: [AMaViS-user] how to get amavis to log remote MTA IP on

>
> We run a separate MX before the amavis box.
>
> We'd like to harvest on the amavis box the IPs of MTAs that
> send msgs that get spam-tag-ged, in the same way "spammy" log
> lines log [MX IP} and [IP that sent to the MX].
>
> Is there some amavis/spamassassin param that does this?
>

At $log_level 2, you get SPAM-TAG messages in the log.

.... SPAM-TAG, <sender@example.com> -> <recip@sample.net>, No,
score=5.245 tagged_above=1 required=6.31
tests=[AWL=-0.603, BAYES_20=-0.74, ..., UNPARSEABLE_RELAY=0.001]

I haven't looked too carefully, but from the code you can see the line that
logs SPAM-TAG is:

do_log(2, "SPAM-TAG, %s -> %s, %s", $msginfo->sender_smtp,
join(',', map { $_->recip_addr_smtp } @recip_cluster), $s);


You could possibly modify it to look like:

do_log(2, "SPAM-TAG, %s[%s] -> %s, %s", $msginfo->sender_smtp,
$msginfo->client_addr,
join(',', map { $_->recip_addr_smtp } @recip_cluster), $s);

It would require that you had XFORWARD configured using postfix (which
passes in the client IP address using the XFORWARD extension).

Note that I've placed the client address immediately next to the sender smtp
address:

.... SPAM-TAG, <sender@example.com>[192.168.0.1] -> <recip@sample.net>, No,
score=5.245 tagged_above=1 required=6.31
tests=[AWL=-0.603, BAYES_20=-0.74, ..., UNPARSEABLE_RELAY=0.001]

This modification is likely to trip up any log processing software.

MrC


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/