Hi -
Apologies that refers to some slightly peripheral software rather than exim itself...
It appears that exilog is not displaying all rejections on my exim/sa-exim system.
For example, the following was logged this morning:
in main.log
2006-09-30 08:26:32 1GTZEq-0000QI-FK SA: Action: permanently rejected message: score=21.8 required=1.0 trigger=8.0 (scanned in 11/11 secs | Message-Id: 1GTZEq-0000QI-FK). From <joyphillip44@??? <
mailto:joyphillip44@hotmail.com> > (host=dsl-146-51-105.telkomadsl.co.za [165.146.51.105]) for cstrfs@??? <
mailto:cstrfs@bkau1.staffs.ac.uk>
2006-09-30 08:26:32 1GTZEq-0000QI-FK F=joyphillip44@??? <
mailto:F=joyphillip44@hotmail.com> H=dsl-146-51-105.telkomadsl.co.za (mydomain.com) [165.146.51.105] P=esmtp rejected by local_scan(): Rejected
In reject.log
2006-09-30 08:26:32 1GTZEq-0000QI-FK SA: Action: permanently rejected message: s
core=21.8 required=1.0 trigger=8.0 (scanned in 11/11 secs | Message-Id: 1GTZEq-0
000QI-FK). From <joyphillip44@??? <mailto:joyphillip44@hotmail.com> > (host=dsl-146-51-105.telkomadsl.co.za
[165.146.51.105]) for cstrfs@??? <mailto:cstrfs@bkau1.staffs.ac.uk>
Envelope-from: <joyphillip44@??? <mailto:joyphillip44@hotmail.com> >
Envelope-to: <cstrfs@??? <mailto:cstrfs@bkau1.staffs.ac.uk> >
P Received: from dsl-146-51-105.telkomadsl.co.za ([165.146.51.105] helo=mydomain
.com)
by bs33d.staffs.ac.uk with esmtp (Exim 4.60)
(envelope-from <joyphillip44@??? <mailto:joyphillip44@hotmail.com> >)
id 1GTZEq-0000QI-FK
for cstrfs@??? <mailto:cstrfs@bkau1.staffs.ac.uk> ; Sat, 30 Sep 2006 08:26:21 +0100
P Received: from abyss.mx.aol.com ([178.224.128.192]) by maelstrom.hotmail.com w
ith ESMTP
id 363FA0B0;
Sat, 30 Sep 2006 07:26:40 -0000
P Received: from nk1.mail.lycos.com ([227.60.1.202]) by nk2.google.com with esmt
p (Exim 3.35 #1)
id 1496AABC;
Sat, 30 Sep 2006 07:26:30 -0000
P Received: from nk3.excite.com ([88.217.169.209]) by nk4.linksynergy.com with I
nternet Mail Service
id 05786C80;
Sat, 30 Sep 2006 07:26:20 -0000
Date: Sat, 30 Sep 2006 09:26:20 +0200
F From: joyphillip44@??? <mailto:joyphillip44@hotmail.com>
T To: joyphillip44@??? <mailto:joyphillip44@hotmail.com>
* Subject: FROM MRS. JOY PHILLIP.
MIME-Version: 1.0
* Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
X-SA-Exim-Connect-IP: 165.146.51.105
X-SA-Exim-Mail-From: joyphillip44@??? <mailto:joyphillip44@hotmail.com>
Subject: [SPAM]{bs33d score 21.8} FROM MRS. JOY PHILLIP.
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on bs33d.staffs.ac.uk
X-Spam-Level: @@@@@@@@@@@@@@@@@@@@@
X-Spam-Status: Yes, score=21.8 required=1.0 tests=CONFIRMED_FORGED,
FAKE_HELO_EXCITE,FAKE_HELO_LYCOS,FORGED_HOTMAIL_RCVD,FORGED_RCVD_HELO,
FROM_ENDS_IN_NUMS,MILLION_USD,NIGERIAN_BODY1,NIGERIAN_BODY2,
NIGERIAN_BODY3,NIGERIAN_BODY4,NO_REAL_NAME,RCVD_ILLEGAL_IP,
RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,SPF_SOFTFAIL,SUBJ_ALL_CAPS,
US_DOLLARS_3 autolearn=failed version=3.0.4
X-Spam-SU-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
bs33d.staffs.ac.uk
X-Spam-SU-Checks: CONFIRMED_FORGED=2.35,FAKE_HELO_EXCITE=2.127,
FAKE_HELO_LYCOS=1.645,FORGED_HOTMAIL_RCVD=2.132,FORGED_RCVD_HELO=0.05,
FROM_ENDS_IN_NUMS=0.516,MILLION_USD=1.29,NIGERIAN_BODY1=2.914,
NIGERIAN_BODY2=0.489,NIGERIAN_BODY3=1.931,NIGERIAN_BODY4=1.379,
NO_REAL_NAME=0.178,RCVD_ILLEGAL_IP=1.37,RCVD_IN_NJABL_DUL=1.655,
RCVD_IN_SORBS_DUL=0.137,SPF_SOFTFAIL=0.842,SUBJ_ALL_CAPS=0.365,
US_DOLLARS_3=0.411
Content-Type: multipart/mixed; boundary="----------=_451E1C28.C7FA68A5"
X-SA-Exim-Version: 4.2 (built Tue, 28 Jun 2005 19:34:23 -0400)
X-SA-Exim-Scanned: Yes (on bs33d.staffs.ac.uk)
2006-09-30 08:26:32 1GTZEq-0000QI-FK F=joyphillip44@??? <mailto:F=joyphillip44@hotmail.com> H=dsl-146-51-105
.telkomadsl.co.za (mydomain.com) [165.146.51.105] P=esmtp rejected by local_scan
(): Rejected
Nothing is displayed by Exilog regarding this message in th normal "show everything" view; however if I search for the Exim message ID the following is displayed
2006-09-30 08:26:32 F=joyphillip44@??? H=dsl-146-51-105.telkomadsl.co.za (mydomain.com) [165.146.51.105]
P=esmtp rejected by local_scan(): Rejected
2006-09-30 08:26:32 SA: Action: permanently rejected message: score=21.8 required=1.0 trigger=8.0 (scanned
in 11/11 secs | Message-Id: 1GTZEq-0000QI-FK). From <joyphillip44@???>
(host=dsl-146-51-105.telkomadsl.co.za [165.146.51.105]) for cstrfs@???
The only reference I have been able to fnd to this message in the exilog database is this:
mysql> select * from unknown where message_id="1GTZEq-0000QI-FK";
+--------+------------------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| server | message_id | timestamp | line |
+--------+------------------+------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| bs33d | 1GTZEq-0000QI-FK | 1159601192 | SA: Action: permanently rejected message: score=21.8 required=1.0 trigger=8.0 (scanned in 11/11 secs | Message-Id: 1GTZEq-0000QI-FK). From <joyphillip44@??? <mailto:joyphillip44@hotmail.com> > (host=dsl-146-51-105.telkomadsl.co.za [165.146.51.105]) for cstrfs@??? <mailto:cstrfs@bkau1.staffs.ac.uk> |
| bs33d | 1GTZEq-0000QI-FK | 1159601192 | F=joyphillip44@??? <mailto:F=joyphillip44@hotmail.com> H=dsl-146-51-105.telkomadsl.co.za (mydomain.com) [165.146.51.105] P=esmtp rejected by local_scan(): Rejected
Can anyone suggest how I can get messages of this type to be displayed in the default view?
Thanks and regards
Richard
The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.
