Log messages

Wed Mar 4 01:05:40 CET 2009

On Tue, 3 Mar 2009 07:36:47 -0800
Serguei Miridonov wrote:

> Thanks for your reply.
> 
> On Tuesday 03 March 2009, David Relson wrote:
> > On Sun, 1 Mar 2009 08:52:10 -0800
> >
> > Serguei Miridonov wrote:
> > > Regarding logging facility of bogofilter when run by user, isn't
> > > it more logical to add an option to place log messages in a user
> > > log file instead of sending it to syslog?
> >
> > Bogofilter sets up for logging with:
> >
> >    openlog("bogofilter", LOG_PID, LOG_MAIL);
> >
> > and logs with:
> >
> >     syslog(LOG_INFO, "%s\n", msg_bogofilter);
> >
> > Syslog is highly configurable and is flexible in how/where it saves
> > logging messages.  Try configuring it and let us know what happens.
> > The info will make a good entry for the FAQ!
> 
> Syslog configuration is not accessable for regular user who may run 
> bogofilter with procmail on his last mail relay. So, logging to user 
> file may be the only option. Well, this part of code is easiest to 
> write. The only problem is locking: to avoid writing to log file from 
> two bogofilters running in parallel.

Good point about user access!  A workable approach would be to create a
bf_syslog.c file with open, print, and close functions.  syslog would
be used when a log file isn't specified and fprintf when a log file is
specified.

> 
> [...]
> 
> > > And finally, if the log may inclide MessageID header, why not
> > > include "From: " header, as well as others specified by user?
> >
> > Non-trivial.  Two issues come to mind:
> >
> > Bogofilter breaks a message into tokens and doesn't care about
> > "lines" as do you and I.  The parsing code (in src/lexer_v3.l)
> > recognizes "To", "CC", "From",  etc and uses this info to set tags
> > to create tokens like "From:example.com".  It doesn't have a "From
> > line" to include in a log record.
> 
> Hmm... This is strange... I think headers and text of the message
> must be processed differently. Headers part is like an envelope with 
> several distinct stamps out of spammers control and it should be 
> parsed without breaking dates, addresses, etc. These stamps have 
> standard syntax, so their contents should be easy to analyze.

Bogofilter is designed with a significant amount of knowledge about
email formats, i.e. headers, bodies, mime, etc.  As mentioned earlier,
lexer_v3.l recognizes the header lines that bogofilter cares about so
that bogofilter can create special tokens for words in the header
files.  Including a full message line in a log message is
contrary to bogofilter's mode of operation (which is token oriented,
rather than line oriented.

 ...[snip]...

> Consider subscribing. 
> 
> I will.

Thank you.

David