Re: [exim] log parsing question

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Chris Lightfoot
CC: exim-users
Subject: Re: [exim] log parsing question
On Thu, 23 Nov 2006, Chris Lightfoot wrote:

> On Thu, Nov 23, 2006 at 05:02:40PM +0100, Stanislaw Halik wrote:
> > I'm having a problem with log parsing. I'm trying to take some
> > assumptions, I'd like you to correct or confirm them.
> >
> > Field `H=' contains connecting host name. If host doesn't resolve and
>     [...]

>
> your best bet is probably to read the bit of the source
> that generates those lines -- src/deliver.c looks like it
> from a quick grep.


Or how about reading the documentation? There's a whole chapter called
"Log files", which has a section called "Logging message reception". Are
these hard to find? Therein is the paragraph you seek:

For messages from other hosts, the H and U fields identify the remote
host and record the RFC 1413 identity of the user that sent the
message, if one was received. The number given in square brackets is
the IP address of the sending host. If there is a single,
unparenthesized host name in the H field, as above, it has been
verified to correspond to the IP address (see the host_lookup option).
If the name is in parentheses, it was the name quoted by the remote
host in the SMTP HELO or EHLO command, and has not been verified. If
verification yields a different name to that given for HELO or EHLO,
the verified name appears first, followed by the HELO or EHLO name in
parentheses.

All you need to "assume" is that the documentation correct. <grin>

-- 
Philip Hazel            University of Cambridge Computing Service
Get the Exim 4 book:    http://www.uit.co.uk/exim-book