[Mimedefang] mimedefang logging adds to many lines to the logfiles -> graphdefang misinterprets results

tomvo at absi.be tomvo at absi.be
Thu Jul 28 10:59:15 EDT 2005 

Hi,

I think I have a problem with the mimedefang mdlog logging: I was made 
aware 
of the problem because a client complained that the graphdefang logging 
was 
incorrect, it reported too many mails.

I investigated, and found something strange

- first i'll say what I think that normal mdlog logging looks like (please 

correct me if i am woring):

1) a mails enters the mail relay, with a from=sender at somedomain.com, this 
line is added by sendmail
2) mimedefang picks up the mail, and logs as many lines with 'spamreport' 
as 
there were recipients (nrcpts=somevalue) via 
md_graphdefang_log_enable('mail', 1);

3) mimedefang logs as many lines with 'mail_in' as there were recipients
4) if the mail was considered to be spam, mimedefang logs additionnally as 

many lines with 'spam' as there were recipients

5) finally, sendmail logs a line with a to=<list of the recipients>

Now, I've noticed that regularly, I see mails entering the system, where 
the 
number of spamreport and mail_in lines are instead of 4 when there are 4 
recipients, i see 16 such lines. 3 becomes 9, etc. so it's always the 
square 
no. of lines that appear.

the order in which they appear is (let's assume 3 recipients were 
specified)

1 line from=
3 lines spamreport
3 lines mail_in
3 lines spamreport
3 lines mail_in
3 lines spamreport
3 lines mail_in
1 line to=

I get the impression I only get this behaviour with 'good' (non spam) 
mails. 
when the mails are considered spam, it appears to be correct (ie. 4 
recipients is 4 lines spamreport, and 4 lines 4 lines mail_in and 4 lines 
spam).


The format of the spamreport lines in our syslog is as follows:

Jul 25 00:07:14 mx1 mimedefang.pl[14513]: [ID 702911 mail.info] 
MDLOG,j6OM764T008809,spamreport,29.977,200.146.14.111
,<stein at yahoo.com>,<jeugddienst at somedomain.be>,Any med for your girl to be 

happy!

this are the entries in the mimedefang init script about the logging:

MX_LOG=yes
MX_STATS_SYSLOG=yes


We are running mimedefang v2.51, sendmail 8.13.3, we are also using clamav 

(via clamd daemon). the server is running solaris 9 x86

Any hints ? perhaps this is normal behaviour but i don't think so. Anyway, 

graphdefang is not handling it correctly.


regards,

Tom.

More information about the MIMEDefang mailing list