Message Log Syntax

The message log stores information about each message processed by the PureMessage milter. The log file is specified in the message_log setting in the pmx.conf configuration file (by default /opt/pmx6/var/log/message_log).

The message log file contains one line of data for each message. The line begins with the date and time that the message was processed. The rest of the fields are key/value pairs separated with an "=". Some fields may consist only of keys, rather than key/value pairs, in which case the "=" symbol is not present.

Keys:

  • a: The milter status action for this message, and the callback that provided the final action.
  • action: The PureMessage processing action performed on the message.
  • at: Attachments (see "Adding Attachment Information").
  • b: blocklist reason ("reject" or "ok"); appears when the pmx_blocklist policy rule is used.
  • f: The envelope-from address.
  • fur: The IP address of the first untrusted relay.
  • h: The spam rule name. Repeats if multiple spam rules are hit.
  • p: The spam probability value for the message; a number between 0 and 1.
  • pmx_action: Can contain as many as five parts, including the final action taken on the message, and the reason the action was taken. If the addressee belongs to a PureMessage group, the group is listed next, followed by the individual recipient. If the recipient has an alias, this appears as the final part of the entry. If not, the recipient address is repeated. If any one of the five parts is not available or does not apply, a dash ("-") appears in its place.
  • q: The sendmail queue id of the message.
  • r: The hostname of the relay SMTP server.
  • Size: The message size in bytes
  • t: The envelope-to address. Repeats when there are multiple recipients of the message.
  • tm: The time (in seconds) that it took to process the message.
  • v: The virus ID. Repeats if multiple viruses are found.
  • vs: Virus-scanned: records when a message has been scanned for viruses.

Return codes:

  • a: accept
  • c: continue
  • d: discard
  • r: reject
  • t: tempfail

Event codes:

  • eom: end of message
  • eoh: end of headers
  • connect: MTA connect
  • abort: MTA abort

Example:

For example, a typical line from message_log which logs a message might look like this:

2007-01-27T16:48:58 q=i0S0miXk018339 f=<sender@domain.com>
t=<recipient@example.org> p=0.351 h=RCVD_IN_SBL h=EXCUSE_19
h=LINES_OF_YELLING h=__EVITE_CTYPE h=__CTYPE_CHARSET_QUOTED
h=__CT_TEXT_PLAIN h=__CT h=__HAS_MSGID h=FREE_MONEY h=__SANE_MSGID
h=NO_REAL_NAME h=__TO_MALFORMED_2 h=__MIME_TEXT_ONLY h=__MIME_VERSION
Size=2274 r=relay.someplace.net tm=1.80 a=a/eom

This message was sent from sender@domain.com to recipient@example.org at 16:48.58 on Jan. 27 2007 via relay.someplace.net. It was 2274 bytes in size, took 1.0 seconds to process, triggered a number of anti-spam rules, received a total Spam score of %35.1 and was accepted by the mailer at the end of message event.

Customizing Message Log Information:

Additional custom keys and key/value pairs can be written to the message log using the pmx_mark and pmx_mark1 policy actions. (In the PureMessage Manager, these actions are called "Log the message with key/value pair" and "Log the message with keyword". See "Actions Defined" in the Policy Tab section of the Manager Reference for more information. ) For example, the default version of the policy filter adds an "i" key to indicate messages that originated from local hosts, and a "Size" key with the value of the message size, in bytes. The pmx-test program adds a Test-ID key and value for the purpose of tracking the message.

Customizing Message Log Reporting:

A variety of third-party tools can be used to generate custom reports from the message log. In addition, the pmx-mlog program can be used in conjunction with grep options to extract data from the message log. Use the --verbose option with pmx-mlog to display the log contents in multi-line format.