amavis-user March 2012 archive
Main Archive Page > Month Archives  > amavis-user archives
amavis-user: Re: Logging question

Re: Logging question

From: Robert Schetterer <robert_at_nospam>
Date: Thu Mar 29 2012 - 07:42:01 GMT
To: amavis-users@amavis.org

Am 29.03.2012 09:25, schrieb Ralf Hildebrandt:
> Mar 29 09:13:20 mail2 amavis[16916]: (16916-16) Passed CLEAN {RelayedOutbound}, LOCAL [141.42.206.36]:37952 [85.179.68.181]
> <absender@charite.de> -> <empfaenger@gmail.com>, Message-ID: <86e7921583186ccc7b08fa356655af14.squirrel@webmail.charite.de>,
> mail_id: hK-6Jq4eATvE, Hits: -2.14, size: 3977, queued_as: 3VJHHN5wKjz1tJd, dkim_new=default:charite.de, 538 ms
>
> [141.42.206.36]:37952 is my mailserver, but what is 85.179.68.181?
>
> Under which circumstance does amavis log 2 IPs in [] and what info is
> being logged there?
>

dig -x 85.179.68.181

; <<>> DiG 9.4.2-P2.1 <<>> -x 85.179.68.181
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7614
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;181.68.179.85.in-addr.arpa. IN PTR

;; ANSWER SECTION:
181.68.179.85.in-addr.arpa. 86400 IN PTR e179068181.adsl.alicedsl.de.

looks like some dyn user ip, maybe the sender ip

your right that log looks strange, somthing at parse go fail etc?
-- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria