[Gross] Logging inormation.

Eino Tuominen eino at utu.fi
Thu Jul 9 16:56:50 EEST 2015


The codes are:

a = action,
d = delay in milliseconds, time between receiving the request and sending out the response,
w = weight, the total weight of all the matched tests,
c = client,
s = sender,
r = recipient,
h = host

Trust means that we have not found anything suspicious enough to prevent receiving the mail. Match means a match from the bloom filter, that is we have seen this triplet before and should accept the mail. Greylist means we should greylist this sender and Block means that the sender is suspicous enough to be blocked completely.

  Eino Tuominen

-----Original Message-----
From: gross-bounces at lists.utu.fi [mailto:gross-bounces at lists.utu.fi] On Behalf Of tim nicholson
Sent: 9. heinäkuuta 2015 13:11
To: gross at lists.utu.fi
Subject: [Gross] Logging inormation.

Just trying to get up to speed on gross, and understand the logging
information. I have looked through the archives to no avail so any help

A typical log line will contain:-

a=trust d=6 w=0 c= s=someone at somewhere r=other at elsewhere

c,s,r and h are self explanatory, but I'm not sure about d and w
w could be weight but d I am clueless on.

a is obviously the response, but I am unclear what moves an entry from
match to trust (if indeed that happens and if not what causes a trust
value to occur).

AFAIK an unknown tuple starts as "greylist" and a subsequent occurrence
returns "match".

I presume that either of those correspond to the "OK" response referred
to in the README, while "greylist" corresponds to the GREY response.

Any enlightenment appreciated.

Key Fingerprint 38CF DB09 3ED0 F607 8B67 6CED 0C0B FC44 8B0B FC83
Gross mailing list
Gross at lists.utu.fi

More information about the Gross mailing list