On Jun 5, 2011, at 7:42 AM, John Levine wrote:
Works for me. The only thing I can see that might come up is that not
all SMTP servers listen on port 25, so maybe we need a way of
(optionally) logging the port on which the SMTP server was listening as
Sure, could be PORT and IPORT. Purists might argue that if it's port
587 it should be WITH SUBMIT rather than WITH SMTP.
If the point of this is NAT tracking then, AIUI, the meaningful bit of data
is always the source and destination port pair, so maybe it would simplify
things to always record that pair, rather than having two separate records.
Also, IP addresses of either end of the connection are not recorded in
any formally defined manner in trace headers- they're just stuffed into a
comment string in a not entirely consistent or predictable way (try HELOing
with a dotted quad and see what gets recorded where).
Adding formal structure for port numbers where there isn't any for source
and destination addresses seems a bit strange. Either the port numbers
can go in a comment, or the additional structure should record the full
source-ip / source-port / destination-ip / destination-port, maybe?