[Exim] Exim_Reject Log

Top Page
Delete this message
Reply to this message
Author: Phil White
Date:  
To: exim-users
Subject: [Exim] Exim_Reject Log
Has anyone put any time into creating an automatic perl script to parse and
report entries in the exim_reject.log? I ask because I am wanting to do some
stats analysis on just how much legitimate mail we are receiving, despite
getting a reject entry logged (I currently try to log all warnings, despite
accepting the mail)

As a second side, I am getting puzzled about the point at which the log entry
is writted. Example:
------------------------------------------------------------------------------
2002-03-20 14:28:02 16nh4M-0001jb-00 warning: from
<barry2002@???>: syntax error in 'To' header: "@" or "."
expected after "Undisclosed": failing address is: <Undisclosed Recipients>
Recipients: jon@???
P Received: from dcc by radagast.itmagic.ltd.uk with dcc (Exim 3.31 #1)
    id 16nh4M-0001jb-00
    for jon@???; Wed, 20 Mar 2002 14:28:02 +0000
P Received: from pc2.yems-unet.ocn.ne.jp ([61.127.29.146.14477]
helo=mail.univ-mode.com)
    by radagast.itmagic.ltd.uk with esmtp (Exim 3.31 #1)
    id 16nh4G-0001j1-00
    for jon@???; Wed, 20 Mar 2002 14:28:02 +0000
P Received: from 202.102.100.114 ([65.91.188.176] RDNS failed) by
mail.univ-mode.com with Microsoft SMTPSVC(5.0.2195.2966);
     Wed, 20 Mar 2002 23:26:28 +0900
I Message-ID: <000029a72067$00006a2d$00002c16@211.9.77.178>
T To: <Undisclosed Recipients>
F From: barry2002@???
  Subject: Notice: Interest Rates Are Low!                          11286
  Date: Wed, 20 Mar 2002 09:31:50 -0500
  MIME-Version: 1.0
  Content-Type: text/plain;
    charset="Windows-1252"
  Content-Transfer-Encoding: 7bit
  X-Priority: 3
  X-MSMail-Priority: Normal
R Reply-To: jerry20022@???
  X-MimeOLE: Received: from web21006.mail.yahoo.com (web21006.mail.yahoo.com
[216.136.227.60])
  X-OriginalArrivalTime: 20 Mar 2002 14:26:31.0230 (UTC)
FILETIME=[3ACD1DE0:01C1D01B]
  X-RBL-Warning: (relays.visi.com) Mail from 61.127.29.146 refused -- see
http://relays.visi.com/nph-l?61.127.29.146
  X-RBL-Warning: (relays.osirusoft.com) This entry was last confirmed open on
12/27/2001
  X-Debug-Exim: Router   : checksum
  X-Debug-Exim: Transport: dcc
  X-DCC-wanadoo-be-Metrics: soth 1016; From=0 Message-ID=0 Received=0 Body=1
    Fuz1=many Fuz2=many
-----------------------------------------
The line I am most interested in ATM is the final X-DCC- entry.
Incoming smtp mail is passed to an external script, which adds this header,
and then passes the mail message back to exim for delivery. Therefore,
HOW is this line getting logged? The message should, in theory, be logged at
close of smtp dialog, before this line has been added!
 <which it is - each message gets logged twice>
First guess would imply the fault of my external script. In each case (that
I have seen so far), I have bad to: cc: etc. headers (including posts to
exim-users!), whether it be no domain, or an extra > at the end of an
address, or a malformed address.
(Could this imply a bug in exim. Not only should it recognise an error, but
surely it should correct it if possible?)
ie. To: "Fred Bloggs" <fred@???>>,
    To: Fred Bloggs <fred@???>,
and
  To: <Porn Lover> rewritten as (for example)
    To: "Spam Email" <spam@???>


Lastly, is there any way I can include a message header to indicate that exim
has detected an inconsistency, such as
no valid sender in headers
syntax error in headers
etc
Exim currently devotes a lot of time validating incoming email, only to put
an entry in a log file, which is difficult to access on a per-message basis.
Additional headers, as done for the RBL, might be useful, no?