[Top] [All Lists]

Re: Logging port numbers

2011-06-07 08:59:15

Hash: SHA1

In article <20110605055639(_dot_)29565(_dot_)qmail(_at_)joyce(_dot_)lan>, John 
<johnl(_at_)taugh(_dot_)com> writes

I see that this draft will shortly be an RFC:

It tells us that in the coming era of giant NATs, to do useful logging,
along with the IP address and an accurate timestamp, you also need to
log the port number.  That's technically easy enough to do, it took about
5 minutes to patch my SMTP server to log the port number

in Exim you use:
        log_selector = +incoming_port

and a typical received line is then:

Received: from ([]:46703)
        by with esmtp (Exim 4.76)
        (envelope-from <rnc1(_at_)cl(_dot_)cam(_dot_)ac(_dot_)uk>)
        id 1QTwHl-000JhQ-W1
        for richard(_at_)highwayman(_dot_)com; Tue, 07 Jun 2011 14:25:34 +0100

this dates back to at least 2003 (I suspect it was new in Exim 4)

That has the disadvantage that RFC 5321 has a nice clear syntax
definition for a Time-stamp-line, and it doesn't include a :port after
the IP address.  I realize that there are a lot of funky Received:
lines in the world, but I would prefer not to add yet more gratuitous

following the lead taken by such a widely used program as Exim won't add
much to bio-diversity!

BTW: Received header fields have always been discussed (not always in a
consistent way) in both the x821 and x822 documents (and probably
earlier than that as well). So you do need to look in both documents to
be sure what you propose is OK :)

- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

Version: PGPsdk version 1.7.1


<Prev in Thread] Current Thread [Next in Thread>