|Email Plug-in (Reporting):||1.0.1-048|
|Email Plug-in (Encryption):||1.0.0-036|
The spamtowho_418.exe-tool creates nice reports.
Unfortunately, I can't explain/comprehend all the values. :oops: Is there a source where I can get more informations about 'Costliness', 'Rewrite Agents' and many other sections and terms?
Has someone already "decrypted" such a report?
Costliness is really talking about CPU cost, in the sense of which message took the longest to process. Typically most costly messages are also the largest, however I'm sure that if the message is zipped three + times it will start adding to the cost of the processing.
With regards to the Rewrite Agent I'm not sure if I've seen that entry before. Could you forward a scrubbed example of what that section of the report looks like?
You can find "Rewrite Agent" between "Recipients" and "SBRS"
RecipientsI can't reproduce the number 36 in this section. Could someone explain it :?:
Average # per connection (all) 1.07626344214087
Average # per connection (successful) 1.15692883546402
Average # per message 1.15521857974302
Bounced by LDAPACCEPT (workqueue) xxx
VOFWhat does VOF mean? Was this 6,733 messages "too big for scanning" for anti-virus and/or anti-spam? And where can I adjust it? What are the negative impacts?
Messages which were too big for scanning (res will be negative) 6,733
What does VOF mean?
Thank you for this information! Do you know any other source for "translating" the spamtowho_418-reports?
unfortunately the very only thing i have is a document called "spamtowho_418_NOTES.txt" that came along with the binaries.
are u interested? it doesnt add much info, but...
I already have this 8kb-File with 152 lines, ending with the name "Tomki".
Is he/she still working for IronPort? Maybe he would be a source for some answers. :roll:
'Costliness' is relevant to the size of the message and the number of recipients it was sent to. Here is an example entry:
Size From #rcpts Time
4585474 email@example.com 1 Mon May 21 16:55:11 2007
And just for a note of clarity "tcamp" is Tomki. So he would be authoritative on the spamtowho utility, of course it looks like all the reasons for Rewrite Agent are escaping him.
I took a look and it seems that Rewrite Agent looks for MIDs with a ICID of 0 to determine if the message was Rewritten. You should be able to perform a 'grep -e "ICID 0" mail_logs' in order to be able to see the actual events that are hitting that classification.
Take a look and provide feedback on whether you found any messages with an ICID of 0.
Incrementations in the 'Rewrite Agents' section are caused simply by actions that state (in the logs) that the message is rewritten.
Examples from the code comments (logfuncs.pl):
Tue Jan 6 15:03:18 2004 Info: MID 2 rewritten to 3 by antispam
#Tue Apr 5 17:34:20 2005 Info: MID 35381452 rewritten to 35381453 by antivirus
#Fri May 14 20:44:43 2004 Info: MID 6 rewritten to 7 by alt-rcpt-to-filter filter 'testfilt'
#Tue May 3 06:07:03 2005 Info: MID 424576592 rewritten to 424576594 by antivirus(unsafe alt-rcpt-to) filter 'unknown'
#Thu Aug 17 00:55:23 2006 Info: MID 1 rewritten to MID 2 by antispam (alt-rcpt-to) filter 'unknown'
#Info: MID 386736 rewritten to MID 386737 by add-footer filter 'Footer Stamping'
#Info: MID 419747 rewritten to MID 419761 by drop-attachments-by-filetype filter 'Block_Attachments'