Re: [exim] Meaning of addresses in rejectlog

Página superior
Este mensaje es parte del siguiente hilo:
M\El árbol completo de hilos, ordenados por fecha
MM\Jeremy Harris, mensaje del <-
MMMAlways Learning, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Always Learning
Fecha:  
A: Exim
Cc: Kaz Kylheku
Asunto: Re: [exim] Meaning of addresses in rejectlog

On Sat, 2014-06-21 at 20:57 -0700, Kaz Kylheku wrote:

> I know what the range 192.168 is; but what is the syntax of the log? The
> Exim reject logs vary in their structure. I have seen variations like:
> 
>    H=X [Z]
>    H=(X) [Z]
>    H=X ([Y]) [Z]
>    H=([Y]) [Z]

>
> and possibly others. The address Z in square brackets is consistent.
> Between the H= and that, sometimes there are two tokens and sometimes
> only one, with various combinations of brackets or parentheses.

H= occurs twice. Once in receiving messages and once when sending
messages.

Sending messages
H= host_name [ip address]
-------------------------------
Receiving messages (examples from yesterday's log; all rejected by my
defences)

When the HELO (or EHLO) is the same as the host name, the HELO is not
shown.
H=41.254.3.13.wimax.dynamic.ltt.ly [41.254.3.13]:51672

NO HOST_NAME
H=[82.221.106.233]:53132

HELO DIFFERENT FROM HOST_NAME
H=87.69.22.53.cable.012.net.il (user-f886ea06f2) [87.69.22.53]:2207

* Host_name not in brackets
* HELO different from host_name, HELO in round brackets ()
* IP address in square brackets []

> How can we parse all these variations?

You can 'play' with these in the ACLs.

> In the case of ([192.168.2.33]),
> if that is the HELO string, what came from the host? Just the numeric
> address, or with the square brackets? Or are the square brackets Exim's
> convention for logging IP addresses?

'192.168.2.33' is the HELO ! All numeric. Note it is in round brackets
and is shown because it is different from the host_name. Because the
bogus HELO is an IP address it is also enclosed in square brackets.

> Do parentheses always denote the HELO information?

Round brackets yes - but shown only when it is different from the
host_name.

> I'm guessing:
> 
>    H=X [Z]  --  host gave no HELO; X is a reverse lookup from Z.

host_name = HELO. Yes, X is derived from Z. 

>    H=(X) [Z] --  X was given as HELO; but matches Z

Wrong - I think. HELO, if different from host_name will be in round
brackets. First entry on line is either host_name (if derived from IP
address) or IP address; never HELO. 

>    H=X ([Y]) [Z] -- X was reversed from Z; host gave Y numeric IP as HELO

HELO (y) is different from host_name (x) 

>    H=X (Y) [Z] -- X was reversed from Z; host gave Y non-numeric item as 
> HELO

Yes.


--
Regards,

Paul.
England, EU.

Centos, Exim, Apache, Libre Office.
Linux is the future. Micro$oft is the past.


Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: [exim] Interfacing MailArchiva to Exim on a shared (cPanel) serverRe: [exim] Meaning of addresses in rejectlog->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)