Logging of destination domain
Julian Field
mailscanner at ecs.soton.ac.uk
Sun Dec 8 15:41:25 GMT 2002
But if there are 100 different recipients in the same message?
At 15:34 08/12/2002, you wrote:
>MailScanner currently produces log entries like:
>
>Dec 8 09:30:22 mx20 mailscanner[33546]: Message 18L3Nr-00096Q-00 from
>66.227.40.58.3294 (dbzmail.com) is Yes (score=13.6, required 8, BIG_FONT,
>CALL_FREE, FROM_ENDS_IN_NUMS, GAPPY_TEXT, HIDDEN_ASSETS, HTML_50_70,
>HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_GRAY, HTML_FONT_COLOR_RED,
>HTML_FONT_COLOR_YELLOW, HTML_FONT_INVISIBLE, MISSING_HEADERS,
>NORMAL_HTTP_TO_IP, NO_REAL_NAME, OPT_IN, SOCIAL_SEC_NUMBER,
>SPAM_PHRASE_13_21, TABLE_THICK_BORDER, USER_AGENT_OE)
>
>What would be nifty is if you could add in the recipient domain, e.g.
>
>Dec 8 09:30:22 mx20 mailscanner[33546]: Message 18L3Nr-00096Q-00 from
>66.227.40.58.3294 (dbzmail.com) to (thisdomain.com) is Yes (score=13.6,
>required 8, BIG_FONT, CALL_FREE, FROM_ENDS_IN_NUMS, GAPPY_TEXT,
>HIDDEN_ASSETS, HTML_50_70, HTML_FONT_COLOR_BLUE, HTML_FONT_COLOR_GRAY,
>HTML_FONT_COLOR_RED, HTML_FONT_COLOR_YELLOW, HTML_FONT_INVISIBLE,
>MISSING_HEADERS, NORMAL_HTTP_TO_IP, NO_REAL_NAME, OPT_IN,
>SOCIAL_SEC_NUMBER, SPAM_PHRASE_13_21, TABLE_THICK_BORDER, USER_AGENT_OE)
>
>That way, log file parsers could grep out the sender and the recipient
>domain and graph the values accordingly, giving you the ability to graph
>spam sources per destination domain name.
>
>--Mike
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list