-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <20110605055639(_dot_)29565(_dot_)qmail(_at_)joyce(_dot_)lan>, John
Levine
<johnl(_at_)taugh(_dot_)com> writes
I see that this draft will shortly be an RFC:
http://datatracker.ietf.org/doc/draft-ietf-intarea-server-logging-
recommendations/
It tells us that in the coming era of giant NATs, to do useful logging,
along with the IP address and an accurate timestamp, you also need to
log the port number. That's technically easy enough to do, it took about
5 minutes to patch my SMTP server to log the port number
in Exim you use:
log_selector = +incoming_port
and a typical received line is then:
Received: from ppsw-41.csi.cam.ac.uk ([131.111.8.141]:46703)
by mail.highwayman.com with esmtp (Exim 4.76)
(envelope-from <rnc1(_at_)cl(_dot_)cam(_dot_)ac(_dot_)uk>)
id 1QTwHl-000JhQ-W1
for richard(_at_)highwayman(_dot_)com; Tue, 07 Jun 2011 14:25:34 +0100
this dates back to at least 2003 (I suspect it was new in Exim 4)
That has the disadvantage that RFC 5321 has a nice clear syntax
definition for a Time-stamp-line, and it doesn't include a :port after
the IP address. I realize that there are a lot of funky Received:
lines in the world, but I would prefer not to add yet more gratuitous
funkitude.
following the lead taken by such a widely used program as Exim won't add
much to bio-diversity!
BTW: Received header fields have always been discussed (not always in a
consistent way) in both the x821 and x822 documents (and probably
earlier than that as well). So you do need to look in both documents to
be sure what you propose is OK :)
- --
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBTe4qhuINNVchEYfiEQJqPQCfeuvtouwFS2m9qI5qMNrIwCRIa/4AnRGy
PeFe+CcZCZVpVR2vSNc2FKJO
=vYeI
-----END PGP SIGNATURE-----