On 2015-11-17, Daniel Oakes <Daniel.Oakes@???> wrote:
> Hi There,
>
> Tried googling for quite a bit, but didn't really find what I was after.
>
> What I'm trying to do is log a specific header line in the received: portion to a different log file.
>
> Basically we've got a simple filter we've created for our exim which blocks email to specific domains (for spam reasons). We think we've got a bucketload of compromised accounts but want to capture them. The filter is currently:
>
> deny message = Domain $domain is prohibited for outgoing mails
> domains = lsearch;/etc/exim4/restricted_domains
>
logging to an arbitrary file is hard. but there are some other things
you could try.
* log to a standard log file but prepend a token that you can later grep
for when analysing the logs
* log to an arbitrary socket using the ${readsocket expansion
* log to an SQL database using the apropriate query lookup expansions
* embedded perl
* redis lookup expansion - experimental (so you'll need to build a
recent version of exim from source) alsi it handles arbitrary strings
poorly.
* modify exim.
--
\_(ツ)_
