Mailing List Archive

On 28/12/2020 16:23, Yves Goergen via Exim-users wrote:
>> When two or more messages are delivered down a single SMTP connection, an asterisk follows the IP address in the log lines for the second and subsequent messages.
>
> How does that look like in the log file?

I=[nnn.nnn.nnn.nnn]*

>
> 2. I see log lines like these:
>
>> 2020-12-27 08:02:06 1ktQ44-0074VW-Qi => username@t-online.de <othername@mydomain.de> F=<...> R=dnslookup T=remote_smtp ...
>> 2020-12-27 17:39:25 1ktZ4m-008ljc-Is => user.name@t-online.de <User.Name@t-online.de> F=<...> R=dnslookup T=remote_smtp ...
>
> It's not documented what these two addresses mean.

http://exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html#SECTlogselector
Section 7:

"For ordinary local deliveries, the original address is given in angle brackets after the final delivery address, which might be a pipe or a file. If intermediate address(es) exist between the original and the final address, the last of these is given in parentheses after the final address."


> Which of the two addresses, if present, is the one I should care about?

You haven't defined what you care about.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

> I=[nnn.nnn.nnn.nnn]*

Is it just for the I field (local interface used) or also for the shown
remote IP address? The quoted text doesn't mention the local interface
at all.

-Yves


-------- Ursprüngliche Nachricht --------
Von: Jeremy Harris via Exim-users <exim-users@exim.org>
Gesendet: Montag, 28. Dezember 2020, 17:41 MEZ
Betreff: [exim] More log questions

On 28/12/2020 16:23, Yves Goergen via Exim-users wrote:
When two or more messages are delivered down a single SMTP connection,
an asterisk follows the IP address in the log lines for the second and
subsequent messages.

How does that look like in the log file?

I=[nnn.nnn.nnn.nnn]*


2. I see log lines like these:

2020-12-27 08:02:06 1ktQ44-0074VW-Qi => username@t-online.de
<othername@mydomain.de> F=<...> R=dnslookup T=remote_smtp ...
2020-12-27 17:39:25 1ktZ4m-008ljc-Is => user.name@t-online.de
<User.Name@t-online.de> F=<...> R=dnslookup T=remote_smtp ...

It's not documented what these two addresses mean.

http://exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html#SECTlogselector
Section 7:

"For ordinary local deliveries, the original address is given in angle
brackets after the final delivery address, which might be a pipe or a
file. If intermediate address(es) exist between the original and the
final address, the last of these is given in parentheses after the final
address."


Which of the two addresses, if present, is the one I should care about?

You haven't defined what you care about.



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 28/12/2020 17:10, Yves Goergen via Exim-users wrote:
>> I=[nnn.nnn.nnn.nnn]*
>
> Is it just for the I field (local interface used) or also for the shown remote IP address? The quoted text doesn't mention the local interface at all.

If you're not logging the local IP, it'll be on the remote IP.

That's actually a bug; it ought to be consistent.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/