Code: Select all
2009-04-08 09:18:17 magicspam-plesk[20425]: SPAM[block_lists:35]:
mua=0,
ip=[1.2.3.4:host4.sendersdomain.com],
helo=<host.sendersdomain.com>,
from=<sender@sendersdomain.com>,
rcpt=<user@recipientsdomain.com>
Date: 2009-04-30 09:18:17
Process Identifier: magicspam-plesk[20425]:
Spam Protection Result: SPAM
Spam Protection rule triggered: [block_lists:35]
"Mail User Agent" (mua) flag: 0
Sending mail server IP address: 1.2.3.4
Reverse DNS entry for IP address: host4.sendersdomain.com
Mail server identification (HELO): host.sendersdomain.com
Sender's email address: sender@sendersdomain.com
Recipient's email address: user@recipientsdomain.com
Each log entry represents a single recipient for each message; if there are multiple recipients for each message, each recipient would have their own log entry. This permits individual spam settings to be observed in the logs.
Below are a few more notes about some of the fields.
Process Identifier
This is the name of the process generating the log entry. The number in square brackets (20425) is the the process ID (PID) for that process.
Spam Protection Result
This field can have several different values:
- SPAM - The message has triggered an enabled rule or blocklist and is now marked as being spam. The message to the specified recipient will be dropped.
- HAM - The message did not trigger any enabled rules or blocklists. The message will be delivered normally.
- FROM_WHITELIST - The message was sent from an email address listed in the MagicSpam from whitelist.
- RCPT_EXEMPT - The message was sent to a recipient who is currently exempt from MagicSpam protection.
- IP_EXEMPT - The message was sent from a mail server listed in the MagicSpam IP exemption list.
This field will represent the rule which the message triggered to mark the message as spam. Values for this field may be:
- block_ip_in_addr
- check_dynamic_reverse_dns
- check_ip_reverse_dns
- check_reverse_dns_list
- resolve_helo_domain
- require_full_addr
- require_helo
- valid_from_addr
- valid_helo_domain
There is also another (special) rule which can be triggered: block_lists. This rule will be triggered if the connecting IP address is listed on any of the block lists which are currently enabled. If this occurs, the block list's ID will be printed after the "block_list" keyword. The block list ID's are also listed in the "Block Lists" page in the MagicSpam Administrative Interface for your reference.
"Mail User Agent" (mua) flag
If the SMTP connection is using authentication, then the Mail User Agent flag will be set to 1. Otherwise, it will be set to 0. This allows us to determine whether the connection is coming from a remote server, or from one of the servers authorized clients.