[Mimedefang] Accuracy of infected IP in mdlog
Jonas Eckerman
jonas_lists at frukt.org
Fri May 14 11:35:37 EDT 2004
On Fri, 14 May 2004 16:24:20 +0200, Jerome Tytgat wrote:
> And I like to inform abuse at domain that "IP" is infected but I'm
> must have an accurate information,
Then your really need to analyze the actual mail yourself, not log lines from MIMEDefang or *any* other application. Not only can received lines be faked, they can also be in a number of different (and sometimes conflicting) formats wich makes automagical parsing unreliable.
> I've already made a script that
> parse MDLOG entries in syslog and tried hard to alert the abuse
> email of the range IP, but I realize that they are not so accurate
Actually, MIMEDefang's log lines are very accurate, but you were searching for information that MIMEDefang doesn't even know about.
/Jonas
--
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/
More information about the MIMEDefang
mailing list