logs archiveIRC Archive / Freenode / #exim / 2010 / May / 12 / 1
null
Question: Does anyone have any one-liners or can point me in the right direction for auditing the mail logs to see which user accounts are being used to send spam?
phx
that's not so trivial
frist question. does the logs contain the mail is spam? that usually needs content-checking results
null
It sort of is with qmail.
phx
if don't, you need to use heuristics like sending frequencies and bounce rates
null
I haven't had time to start looking, i'm just assuming the default exim log configs
phx
it'll be tough i guess
null
shouldn't be too bad
petemc
null: eximstats no good?
null: also, whatever method you use that makes it so easy with qmail could likely be adapted, if its just log parsing
null
yes, it is just log parsing
however there is a lot more debug information and 5x the logs with exim and there's infinite amount of work to do, so i really haven't had time to look into this. i thought i'd ask first
         

petemc
thats a lot of work
jaalto2
~/.procmailrc is not run. Any suggestion? /etc/exim4/conf.d/router/700_exim4-config_procmail and /etc/exim4/conf.d/transport/30_exim4-config_procmail_pipe are standard configuration (Debian). But according to the log entry, different transport is being used: "2010-05-12 18:03:53 1OCDTU-0001qs-1H => vacation <test@host> R=local_user T=maildir_home"
kantlivelong
is there a way to list errors only? IE deffered messages/rejected messages?
null
exim_paniclog?
kantlivelong
null: im looking for rejections.. IE YAHOO/AOL rejecting our mail
Zathraz
grep?
sanjimori
hey, quick question, when sending mail to remote hosts i get: a TLS session is required for foo.bar [x.x.x.x], but the server did not offer TLS support
i've been looking for a few hours but just can't find the option that make exim require TLS for remote smtp
adding hosts_avoid_tls = * to the remote_smtp transport doesn't help
next »