Re: [exim] logging question - regex

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAlways Learning at <-
MAlex at ->
Delete this message
Reply to this message
Author: Dave Lugo
Date:  
To: Alex
CC: exim-users
Subject: Re: [exim] logging question - regex
Look for log_selector in the docs.

On Tue, 2 Sep 2014, Alex wrote:

> Date: Mon, 1 Sep 2014 19:51:36
> From: Alex <thunder@???>
> To: exim-users@???
> Subject: [exim] logging question - regex
>
> Hi There,
>
> Just wondering is there is a way to trim down what gets logged when there is
> an ACL match under acl_check_data. I have a regex acl that is helping drop
> mail from a long time spamming pest. The acl seems to work a treat however it
> logs part of the envelope to the reject log. I don't want this information in
> the logs as it makes them long and hard to read.
>
> So, I have the following ACL:
>
> acl_check_data:
>
> drop message = Would you like some green eggs with that spam?
>     regex = 
> [a-zA-Z0-9]{1,}-[a-z0-9A-Z]{1,}-[a-zA-Z]{1,4}=mydomain.net@[a-zA-z0-9]{1,}\.
>      log_message   = Manual Ban via ACL (dumbass spammer).

>
>
> What I would like to see in the reject log is only this:
>
> 2014-09-02 06:10:53 1XOXwC-000Jjd-Rz H=(vps.nitsnats.com) [173.0.63.208]
> F=<costco-slave-XXXXXX=mydomain.net@???> rejected after DATA: Manual
> Ban via ACL (dumbass spammer).
>
> However I get the above but also the stuff below:
> -------------------------------------------------
>
> Envelope-from: <costco-slave-XXXXXX=mydomain.net@???>
> Envelope-to: <me@???>
> P Received: from [173.0.63.208] (helo=vps.nitsnats.com)
>         by srv.mydomain.net with esmtp (Exim 4.84 (FreeBSD))
>         (envelope-from <costco-slave-XXXXXX=mydomain.net@???>)
>         id 1XOXwC-000Jjd-Rz
>         for me@???; Tue, 02 Sep 2014 06:10:53 +1000
> P Received: by vps.nitsnats.com id h0j9ek0001g0 for <me@???>; Mon, 1 
> Sep 2014 20:11:05 +0000 (envelope-from 
> <costco-slave-XXXXXX=mydomain.net@???>)
>   Mime-Version: 1.0
>   Content-Type: multipart/alternative; 
> boundary="c344-626b-d5f5-37ad-7150-d169-1813-a605"
> I Message-Id: 
> <506a3181961d0517da735f5db626443c.2c0724ff164cba92@???>
>  Date: Mon, 1 Sep 2014 20:11:05 +0000
> F From: Costco Coupons<costco-pacts@???>
> T To: me@???
>  Subject: Congratulations on your Costco Survey Reward ..
> -----------------------------------------------------------------------

>
> Is there anyway to just keep the log entry brief? Is there an extra
> flag/directive that I can add to the ACL? I am curious, what are the "P" and
> "I" and "F" and "T" markers mean?
>
> Cheers,
> Alex.
>
>
> 

-- 
--------------------------------------------------------
Dave Lugo   dlugo@???    LC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.
--------------------------------------------------------
Are you the police?  . . . .  No ma'am, we're sysadmins.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] logging question - regexRe: [exim] logging question - regex->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)