Re: [exim-dev] [Bug 2376] New: log_message doesn't log if c…

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Dla: exim-dev
Temat: Re: [exim-dev] [Bug 2376] New: log_message doesn't log if connection is interrupted (which is quite unexpected) while other rules in the same acl are applied
admin--- via Exim-dev <exim-dev@???> (Mo 18 Feb 2019 07:30:24 CET):
> For example:
>
> acl_notquit:
>         accept authenticated = *

>
>         warn condition = ${if match {$smtp_notquit_reason}{command}{yes}{no}}
>                 log_message = "Connection Ratelimit - $sender_fullhost because
> of notquit: $smtp_notquit_reason ($sender_rate/$sender_rate_period
> max:$sender_rate_limit)"
>                 logwrite = "LOGWRITE: $tod_log $message_id Connection Ratelimit
> - $sender_fullhost because of notquit: $smtp_notquit_reason
> ($sender_rate/$sender_rate_period max:$sender_rate_limit)"
>                 ratelimit = BADNOAUTH_LIMIT / strict / per_conn

>
>         accept

>



I'm replying here, until I'm sure that we're talking about a bug :)

I believe, it is clearly documented:
From the spec.txt:

log_message = <text>

    This modifier sets up a message that is used as part of the log message if
    the ACL denies access or a warn statement's conditions are true. For
    example:



How do you know, that the "ratelimit" fired (returned TRUE, because it was hit?)
The output from your log doesn't indicate it:

2019-02-15 16:09:49.000 [26467] "LOGWRITE: 2019-02-15 16:09:49.000 Connection Ratelimit - (mztyg.com) [49.86.182.22]:53541 because of failed SMTP AUTH without QUIT: connection-lost (/ max:)

I'd have expected something like:

LOG: H=(ME) [1.1.1.1] Warning: non-polite client: connection-lost [1.7/1m max:1]


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -