Last active
August 29, 2015 14:20
-
-
Save msimerson/7d0011b085a0ac06ccdf to your computer and use it in GitHub Desktop.
A connection and a transaction logged to Elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "_index": "smtp-connection-2015-05-06", | |
| "_type": "haraka", | |
| "_id": "F9B868ED-5F72-4ABD-BB9B-DB9A09CFD862", | |
| "_score": null, | |
| "_source": { | |
| "karma": { | |
| "connect": 3, | |
| "history": 6, | |
| "total_connects": "6", | |
| "neighbors": 363 | |
| }, | |
| "relay": { | |
| "skip": [ | |
| "acl(unlisted)" | |
| ] | |
| }, | |
| "access": {}, | |
| "dnsbl": {}, | |
| "spf": { | |
| "scope": "helo", | |
| "result": "None", | |
| "domain": "mail-la0-f103.google.com" | |
| }, | |
| "p0f": { | |
| "query": "209.85.215.103", | |
| "first_seen": 1430896096, | |
| "last_seen": 1430896096, | |
| "total_conn": 1, | |
| "distance": 16, | |
| "os_match_q": 3, | |
| "os_name": "Linux", | |
| "os_flavor": "2.2.x-3.x", | |
| "link_type": "Google" | |
| }, | |
| "fcrdns": { | |
| "pass": [ | |
| "fcrdns", | |
| "is_generic_rdns" | |
| ], | |
| "fcrdns": [ | |
| "mail-la0-f103.google.com" | |
| ], | |
| "ptr_names": [ | |
| "mail-la0-f103.google.com" | |
| ], | |
| "ptr_multidomain": false, | |
| "has_rdns": true, | |
| "ptr_name_has_ips": true, | |
| "ptr_name_to_ip": [ | |
| { | |
| "k": "mail-la0-f103.google.com", | |
| "v": [ | |
| "209.85.215.103" | |
| ] | |
| } | |
| ] | |
| }, | |
| "geoip": { | |
| "asn": "15169", | |
| "org": "Google Inc.", | |
| "continent": "NA", | |
| "country": "US", | |
| "region": "CA", | |
| "city": "Mountain View", | |
| "ll": [ | |
| 37.41919999999999, | |
| -122.0574 | |
| ], | |
| "distance": "2349" | |
| }, | |
| "asn": { | |
| "asn": "15169", | |
| "org": "Google Inc." | |
| }, | |
| "uribl": {}, | |
| "helo": { | |
| "pass": [ | |
| "match_re", | |
| "bare_ip", | |
| "dynamic", | |
| "big_co(not)", | |
| "literal_mismatch", | |
| "valid_hostname", | |
| "rdns_match", | |
| "forward_dns" | |
| ], | |
| "helo_host": "mail-la0-f103.google.com", | |
| "ips": [ | |
| "209.85.215.103" | |
| ], | |
| "multi": true | |
| }, | |
| "timestamp": "2015-05-06T07:08:18.150Z", | |
| "local_ip": "127.0.0.30", | |
| "local_port": 25, | |
| "remote_ip": "209.85.215.103", | |
| "remote_host": "mail-la0-f103.google.com", | |
| "remote_port": 34103, | |
| "greeting": "EHLO", | |
| "hello_host": "mail-la0-f103.google.com", | |
| "relaying": false, | |
| "esmtp": true, | |
| "using_tls": true, | |
| "rcpt_count": { | |
| "accept": 0, | |
| "tempfail": 0, | |
| "reject": 0 | |
| }, | |
| "msg_count": { | |
| "accept": 0, | |
| "tempfail": 0, | |
| "reject": 0 | |
| }, | |
| "duration": 1.303 | |
| }, | |
| "fields": { | |
| "timestamp": [ | |
| 1430896098150 | |
| ] | |
| }, | |
| "sort": [ | |
| 1430896098150 | |
| ] | |
| } | |
| { | |
| "_index": "smtp-transaction-2015-05-06", | |
| "_type": "haraka", | |
| "_id": "DC04AD71-3C14-40D3-9F7B-5946C996CE83.1", | |
| "_score": null, | |
| "_source": { | |
| "karma": { | |
| "fail": [ | |
| "neighbors(-409)", | |
| "karma.neighbors", | |
| "karma.neighbors", | |
| "data.headers.fail" | |
| ], | |
| "history": -2, | |
| "total_connects": "18", | |
| "neighbors": -409 | |
| }, | |
| "relay": { | |
| "skip": [ | |
| "acl(unlisted)" | |
| ] | |
| }, | |
| "access": {}, | |
| "dnsbl": {}, | |
| "spf": { | |
| "scope": "mfrom", | |
| "result": "Pass", | |
| "domain": "bounce.email.newegg.com" | |
| }, | |
| "avg": { | |
| "pass": [ | |
| "clean" | |
| ] | |
| }, | |
| "spamassassin": { | |
| "headers": { | |
| "Level": "", | |
| "ASN": "AS22606 199.122.125.0/24", | |
| "Status": "No, score=-5.5 required=5.0 autolearn=no autolearn_force=no", | |
| "DCC": "dmv.com: spamassassin.tnpi.net 1181; Body=1 Fuz1=many Fuz2=124", | |
| "Checker-Version": "SpamAssassin 3.4.0 (2014-02-07) on\r\n\tspamassassin.tnpi.net", | |
| "Tests": "BAYES_00,DCC_CHECK,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,\r\n\tHTML_IMAGE_RATIO_02,HTML_MESSAGE,LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,\r\n\tRCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,\r\n\tSPF_PASS,T_RP_MATCHES_RCVD" | |
| }, | |
| "line0": "SPAMD/1.1 0 EX_OK", | |
| "flag": "No", | |
| "score": "-5.5", | |
| "hits": "-5.5", | |
| "reqd": "5.0", | |
| "tests": "BAYES_00,DCC_CHECK,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,\r\n\tHTML_IMAGE_RATIO_02,HTML_MESSAGE,LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,\r\n\tRCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,\r\n\tSPF_PASS,T_RP_MATCHES_RCVD" | |
| }, | |
| "p0f": { | |
| "query": "199.122.125.180", | |
| "first_seen": 1430896265, | |
| "last_seen": 1430896265, | |
| "total_conn": 1, | |
| "distance": 10, | |
| "os_name": "Linux", | |
| "os_flavor": "2.6.x", | |
| "link_type": "Ethernet or modem" | |
| }, | |
| "fcrdns": { | |
| "pass": [ | |
| "fcrdns", | |
| "is_generic_rdns" | |
| ], | |
| "fcrdns": [ | |
| "mta2.email.newegg.com" | |
| ], | |
| "ptr_names": [ | |
| "mta2.email.newegg.com" | |
| ], | |
| "ptr_multidomain": false, | |
| "has_rdns": true, | |
| "ptr_name_has_ips": true, | |
| "ptr_name_to_ip": [ | |
| { | |
| "k": "mta2.email.newegg.com", | |
| "v": [ | |
| "199.122.125.180" | |
| ] | |
| } | |
| ] | |
| }, | |
| "geoip": { | |
| "asn": "22606", | |
| "org": "ExactTarget, Inc.", | |
| "continent": "NA", | |
| "country": "US", | |
| "region": "IN", | |
| "city": "Indianapolis", | |
| "ll": [ | |
| 39.772400000000005, | |
| -86.16 | |
| ], | |
| "distance": "1201" | |
| }, | |
| "asn": { | |
| "asn": "22606", | |
| "org": "ExactTarget, Inc." | |
| }, | |
| "uribl": {}, | |
| "helo": { | |
| "pass": [ | |
| "match_re", | |
| "bare_ip", | |
| "dynamic", | |
| "big_co(not)", | |
| "literal_mismatch", | |
| "valid_hostname", | |
| "rdns_match", | |
| "forward_dns" | |
| ], | |
| "helo_host": "mta2.email.newegg.com", | |
| "ips": [ | |
| "199.122.125.180" | |
| ] | |
| }, | |
| "bounce": { | |
| "isa": "no" | |
| }, | |
| "clamd": { | |
| "pass": [ | |
| "clean" | |
| ] | |
| }, | |
| "queue/smtp_forward": { | |
| "pass": [ | |
| [ | |
| "ok 1430896268 qp 36754" | |
| ] | |
| ] | |
| }, | |
| "queue": { | |
| "pass": [ | |
| "ok 1430896268 qp 36754 (DC04AD71-3C14-40D3-9F7B-5946C996CE83.1)" | |
| ] | |
| }, | |
| "is_resolvable": { | |
| "pass": [ | |
| "has_a_records" | |
| ] | |
| }, | |
| "in_host_list": { | |
| "msg": [ | |
| "mail_from!local", | |
| "rcpt!local" | |
| ] | |
| }, | |
| "qmail_deliverable": { | |
| "pass": [ | |
| "rcpt.vpopmail dir" | |
| ], | |
| "msg": [ | |
| "mail_from.not local", | |
| "sock: 127.0.0.6:8998" | |
| ] | |
| }, | |
| "headers": { | |
| "pass": [ | |
| "duplicate", | |
| "missing", | |
| "invalid_date", | |
| "Return-Path", | |
| "direct-to-mx(2)", | |
| "from_match(domain,fcrdns)" | |
| ], | |
| "fail": [ | |
| "UA", | |
| "MLM" | |
| ] | |
| }, | |
| "dmarc": { | |
| "pass": [ | |
| " (p=none d=email.gap.com)" | |
| ], | |
| "dmarc": "pass", | |
| "disposition": "none", | |
| "dkim": "fail", | |
| "spf": "pass" | |
| }, | |
| "timestamp": "2015-05-06T07:11:08.047Z", | |
| "txn": { | |
| "mail_from": "<bounce-20_HTML-1928603-17859-6167206-881@bounce.email.newegg.com>", | |
| "rcpts": [ | |
| "<*****@***PH**O.COM>" | |
| ], | |
| "rcpt_count": { | |
| "accept": 1, | |
| "tempfail": 0, | |
| "reject": 0 | |
| }, | |
| "header": { | |
| "From": "\"Newegg.com\" <Promo@email.newegg.com>", | |
| "To": "<*****@***PH**O.COM>", | |
| "Subject": "Double Deluxe Deals: $119.99 21.5\" 1080p LED-LCD Monitor, $49.99 WD 1TB 7200RPM HDD" | |
| } | |
| }, | |
| "local_ip": "127.0.0.30", | |
| "local_port": 25, | |
| "remote_ip": "199.122.125.180", | |
| "remote_host": "mta2.email.newegg.com", | |
| "remote_port": 46552, | |
| "greeting": "EHLO", | |
| "hello_host": "mta2.email.newegg.com", | |
| "relaying": false, | |
| "esmtp": true, | |
| "using_tls": false, | |
| "rcpt_count": { | |
| "accept": 1, | |
| "tempfail": 0, | |
| "reject": 0 | |
| }, | |
| "msg_count": { | |
| "accept": 1, | |
| "tempfail": 0, | |
| "reject": 0 | |
| }, | |
| "duration": 2.763 | |
| }, | |
| "fields": { | |
| "timestamp": [ | |
| 1430896268047 | |
| ] | |
| }, | |
| "sort": [ | |
| 1430896268047 | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment