[Mimedefang] Accuracy of infected IP in mdlog

Jonas Eckerman jonas_lists at frukt.org
Mon May 17 06:31:43 EDT 2004


On Mon, 17 May 2004 09:11:18 +0200, Jerome Tytgat wrote:

>> The way I see it, they can be trusted for statistics. But of course you have to actually know what it is they log before you decide how to interpret them. 

>  Stating the relayadress has no meaning if it's wrong.

In my system MIMEDefang has never logged a faulty relay address AFAIK.

> What's the
> point telling me that 127.0.0.1 is infected x times as I know I'm

MIMEDefang never tries to tell you wich system is infected. It just logs the address of the relay that connected your sendmail server.

Before you decide to not trust MIMEDefang's log lines, it would be a good idea for you to find out what they are supposed to contain. Nowhere in trhe docs for MIMEDefang does it say *anything* about MIMEDefang logging the IPs of infected computers.

And since MIMEDefang doen't analyze Received-headers unless you implement it yourself in your filter, how on earth do you expect MIMEDefang to have even the slightest idea about any relays other than the one the address of wich MIMEDefang gets from sendmail?

/Jonas

-- 
Jonas Eckerman, jonas_lists at frukt.org
http://www.fsdb.org/




More information about the MIMEDefang mailing list