Reject ID 12 - MAPS and IP Blacklist? |
Post Reply 
|
| Author | |
jerbo128 
Senior Member 
Joined: 06 March 2006 Status: Offline Points: 178 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Reject ID 12 - MAPS and IP Blacklist?Posted: 16 December 2007 at 8:15pm |
|
Reject ID 12 appears to cover both MAPS listings and Local IP blacklist.
Anyone know of a way of differentiate between the two? I have a page that is querying for current quarantine contents - and I would like to know how effective my "ip harvesting" has been.
Jerbo128
|
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4106 |
Post Options
Thanks(0)
Quote Reply
Posted: 16 December 2007 at 9:40pm |
|
Sorry, you will need to parse the logfiles to see which filter rejected those emails, as in the database both will be using ID=12.
For emails stopped by MAPS listing, the logfile line showing the reject will contain the text: MAPS search done... 521 The IP For emails stopped by the Local IP blacklist the line will instead contain the text: - IP is in local blacklist file... |
|
|
|
|
pcmatt
Senior Member
Joined: 15 February 2005 Location: United States Status: Offline Points: 116 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 December 2007 at 12:20am |
|
We have a program that parses SpamFilter logs and assembles multiple log entries into one very informative database row per email (SF2DB - SpamFilter Logs to Database). We put a separate reject id code in our SFLog database for local blacklist emails. So it's easy to get complete data on any traffic. We get you easy to query data on keywords effectiveness and much more than other log parsers. Our data shows you how long your emails are taking to process; the SURBL listing that caused a block; how many honeypot emails caused what Auto IP Blocks and complete virus name/trend analysis. A database record is created for each and every recipient (rcpt to).
On virtually every email we give you:
LogID - Unique Key.
SRS - SpamFilter Server Name or reference. RDomain - Recipient Domain. LDate - Email Processing Start Date LTime - Email Processing Start Time LFullDate - Email Processing Start Full Date and Time LDOW - Email Processing Start Day of Week LMonth - Email Processing Start Month ThreadID - SpamFilter Thread ID SourceIP - Source IP Address of Sending System SourceHostName - Source Host Name of Sending System SourceCountry - Source Country of Sending System Sender - Sender Email Address Recipient - Recipient Email Address SFAction - Result of SpamFilter checks 0 = Incomplete Data, 1 = Accepted, 2 = Rejected/Quarantined Reason - Reason if Rejected, see SFLRejectCodes Rejection codes table. Note SF2DB uses its own table of rejection codes that does not correspond exactly to SpamFilter's tblRejectCodes. Message - MAPS or Primary Email Disposition Message Queued - Was queued for delivery? Complete - SF2DB found a complete set of email log entries? CompletedTime - Full Date and Time Email Checking by SpamFilter was completed (to the point where the message was either queued or rejected/quarantined. Keywords - Keyword or phrase that failed this email message. SPFCheck - SPF Policy/Record if one was found. AutoIPBlock - This message caused IP to be added to Auto Block List? SURBLEntry - SURBL Value that caused message to be blocked Virus - Virus that email message contained. Does not include any reporting front end but it's pretty easy to query a database and create HTML, SQL or Crystal reports:
|
|
|
-Matt R
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.172 seconds.