Re: [exim] Exim Log File

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] Exim Log File
Hans Klose <hansklose@???> (Mon May 16 15:25:06 2011):
> Hi,
>
> i configured a new rule in the exim acl_smtp_data
> section. I want that exim block mail with defined sentences in the body.

(…)
>   deny message     = STOP!
>        condition   = ${if or { \
>                       {match {${lc:$message_body}}{.*this ist sentence one.*}} \
>                       {match {${lc:$message_body}}{.*this ist sentence two.*}} \
>                       {match {${lc:$message_body}}{.*this ist sentence three.*}} \
>                       }{1}{0}}
> Like this:
> May 16 15:02:50 mailserver03 exim[26230]: [1\24] 2011-05-16 13:02:50 +0000 1QLxRg-0006p4-5A H=(PC) [xx.xx.xx.xx] F=<aasd@???> rejected after DATA:
> May 16 15:02:50 mailserver03 exim[26230]: [2\24] Envelope-from: <aasd@???>
> May 16 15:02:50 mailserver03 exim[26230]: [3\24] Envelope-to: <xyz@???>

(…)
> May 16 15:02:50 mailserver03 exim[26230]: [10\24] by mail.server.de with esmtpa (Exim 4.76)
> May 16 15:02:50 mailserver03 exim[26230]: [11\24] (envelope-from <aswes@???>)
>
> What are the lines with [2\24] for? I there an error in the rule?


You're logging via syslog? These items [x\24] I've never seen, but --
the rest looks like the message, exim writes into the rejectlog if some
message gets rejected by a data acl. (At this point of rejection exim
already knows the headers (even the complete message) and logs these
headers - in case you need some information when investigating the
rejection).

--
Heiko :: dresden : linux : SCHLITTERMANN.de
GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B