Re: [exim] logging question - regex

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alex
Date:  
À: exim-users
Sujet: Re: [exim] logging question - regex
Hi Dave,

Thank you for pointing me in the right direction, looks like
"log_selector = -rejected_header" did the trick :)

Cheers.
A.


On 2014-09-02 10:42, Dave Lugo wrote:
> Look for log_selector in the docs.
>
> On Tue, 2 Sep 2014, Alex wrote:
>
>> Date: Mon, 1 Sep 2014 19:51:36
>> From: Alex <thunder@???>
>> To: exim-users@???
>> Subject: [exim] logging question - regex
>>
>> Hi There,
>>
>> Just wondering is there is a way to trim down what gets logged when
>> there is an ACL match under acl_check_data. I have a regex acl that is
>> helping drop mail from a long time spamming pest. The acl seems to
>> work a treat however it logs part of the envelope to the reject log. I
>> don't want this information in the logs as it makes them long and hard
>> to read.
>>
>> So, I have the following ACL:
>>
>> acl_check_data:
>>
>> drop message = Would you like some green eggs with that spam?
>>     regex = 
>> [a-zA-Z0-9]{1,}-[a-z0-9A-Z]{1,}-[a-zA-Z]{1,4}=mydomain.net@[a-zA-z0-9]{1,}\.
>>      log_message   = Manual Ban via ACL (dumbass spammer).

>>
>>
>> What I would like to see in the reject log is only this:
>>
>> 2014-09-02 06:10:53 1XOXwC-000Jjd-Rz H=(vps.nitsnats.com)
>> [173.0.63.208] F=<costco-slave-XXXXXX=mydomain.net@???>
>> rejected after DATA: Manual Ban via ACL (dumbass spammer).
>>
>> However I get the above but also the stuff below:
>> -------------------------------------------------
>>
>> Envelope-from: <costco-slave-XXXXXX=mydomain.net@???>
>> Envelope-to: <me@???>
>> P Received: from [173.0.63.208] (helo=vps.nitsnats.com)
>>         by srv.mydomain.net with esmtp (Exim 4.84 (FreeBSD))
>>         (envelope-from 
>> <costco-slave-XXXXXX=mydomain.net@???>)
>>         id 1XOXwC-000Jjd-Rz
>>         for me@???; Tue, 02 Sep 2014 06:10:53 +1000
>> P Received: by vps.nitsnats.com id h0j9ek0001g0 for <me@???>; 
>> Mon, 1 Sep 2014 20:11:05 +0000 (envelope-from 
>> <costco-slave-XXXXXX=mydomain.net@???>)
>>   Mime-Version: 1.0
>>   Content-Type: multipart/alternative; 
>> boundary="c344-626b-d5f5-37ad-7150-d169-1813-a605"
>> I Message-Id: 
>> <506a3181961d0517da735f5db626443c.2c0724ff164cba92@???>
>>  Date: Mon, 1 Sep 2014 20:11:05 +0000
>> F From: Costco Coupons<costco-pacts@???>
>> T To: me@???
>>  Subject: Congratulations on your Costco Survey Reward ..
>> -----------------------------------------------------------------------

>>
>> Is there anyway to just keep the log entry brief? Is there an extra
>> flag/directive that I can add to the ACL? I am curious, what are the
>> "P" and "I" and "F" and "T" markers mean?
>>
>> Cheers,
>> Alex.
>>
>>
>>