Last active
August 29, 2015 14:20
-
-
Save msimerson/7d0011b085a0ac06ccdf to your computer and use it in GitHub Desktop.
A connection and a transaction logged to Elasticsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"_index": "smtp-connection-2015-05-06", | |
"_type": "haraka", | |
"_id": "F9B868ED-5F72-4ABD-BB9B-DB9A09CFD862", | |
"_score": null, | |
"_source": { | |
"karma": { | |
"connect": 3, | |
"history": 6, | |
"total_connects": "6", | |
"neighbors": 363 | |
}, | |
"relay": { | |
"skip": [ | |
"acl(unlisted)" | |
] | |
}, | |
"access": {}, | |
"dnsbl": {}, | |
"spf": { | |
"scope": "helo", | |
"result": "None", | |
"domain": "mail-la0-f103.google.com" | |
}, | |
"p0f": { | |
"query": "209.85.215.103", | |
"first_seen": 1430896096, | |
"last_seen": 1430896096, | |
"total_conn": 1, | |
"distance": 16, | |
"os_match_q": 3, | |
"os_name": "Linux", | |
"os_flavor": "2.2.x-3.x", | |
"link_type": "Google" | |
}, | |
"fcrdns": { | |
"pass": [ | |
"fcrdns", | |
"is_generic_rdns" | |
], | |
"fcrdns": [ | |
"mail-la0-f103.google.com" | |
], | |
"ptr_names": [ | |
"mail-la0-f103.google.com" | |
], | |
"ptr_multidomain": false, | |
"has_rdns": true, | |
"ptr_name_has_ips": true, | |
"ptr_name_to_ip": [ | |
{ | |
"k": "mail-la0-f103.google.com", | |
"v": [ | |
"209.85.215.103" | |
] | |
} | |
] | |
}, | |
"geoip": { | |
"asn": "15169", | |
"org": "Google Inc.", | |
"continent": "NA", | |
"country": "US", | |
"region": "CA", | |
"city": "Mountain View", | |
"ll": [ | |
37.41919999999999, | |
-122.0574 | |
], | |
"distance": "2349" | |
}, | |
"asn": { | |
"asn": "15169", | |
"org": "Google Inc." | |
}, | |
"uribl": {}, | |
"helo": { | |
"pass": [ | |
"match_re", | |
"bare_ip", | |
"dynamic", | |
"big_co(not)", | |
"literal_mismatch", | |
"valid_hostname", | |
"rdns_match", | |
"forward_dns" | |
], | |
"helo_host": "mail-la0-f103.google.com", | |
"ips": [ | |
"209.85.215.103" | |
], | |
"multi": true | |
}, | |
"timestamp": "2015-05-06T07:08:18.150Z", | |
"local_ip": "127.0.0.30", | |
"local_port": 25, | |
"remote_ip": "209.85.215.103", | |
"remote_host": "mail-la0-f103.google.com", | |
"remote_port": 34103, | |
"greeting": "EHLO", | |
"hello_host": "mail-la0-f103.google.com", | |
"relaying": false, | |
"esmtp": true, | |
"using_tls": true, | |
"rcpt_count": { | |
"accept": 0, | |
"tempfail": 0, | |
"reject": 0 | |
}, | |
"msg_count": { | |
"accept": 0, | |
"tempfail": 0, | |
"reject": 0 | |
}, | |
"duration": 1.303 | |
}, | |
"fields": { | |
"timestamp": [ | |
1430896098150 | |
] | |
}, | |
"sort": [ | |
1430896098150 | |
] | |
} | |
{ | |
"_index": "smtp-transaction-2015-05-06", | |
"_type": "haraka", | |
"_id": "DC04AD71-3C14-40D3-9F7B-5946C996CE83.1", | |
"_score": null, | |
"_source": { | |
"karma": { | |
"fail": [ | |
"neighbors(-409)", | |
"karma.neighbors", | |
"karma.neighbors", | |
"data.headers.fail" | |
], | |
"history": -2, | |
"total_connects": "18", | |
"neighbors": -409 | |
}, | |
"relay": { | |
"skip": [ | |
"acl(unlisted)" | |
] | |
}, | |
"access": {}, | |
"dnsbl": {}, | |
"spf": { | |
"scope": "mfrom", | |
"result": "Pass", | |
"domain": "bounce.email.newegg.com" | |
}, | |
"avg": { | |
"pass": [ | |
"clean" | |
] | |
}, | |
"spamassassin": { | |
"headers": { | |
"Level": "", | |
"ASN": "AS22606 199.122.125.0/24", | |
"Status": "No, score=-5.5 required=5.0 autolearn=no autolearn_force=no", | |
"DCC": "dmv.com: spamassassin.tnpi.net 1181; Body=1 Fuz1=many Fuz2=124", | |
"Checker-Version": "SpamAssassin 3.4.0 (2014-02-07) on\r\n\tspamassassin.tnpi.net", | |
"Tests": "BAYES_00,DCC_CHECK,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,\r\n\tHTML_IMAGE_RATIO_02,HTML_MESSAGE,LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,\r\n\tRCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,\r\n\tSPF_PASS,T_RP_MATCHES_RCVD" | |
}, | |
"line0": "SPAMD/1.1 0 EX_OK", | |
"flag": "No", | |
"score": "-5.5", | |
"hits": "-5.5", | |
"reqd": "5.0", | |
"tests": "BAYES_00,DCC_CHECK,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,\r\n\tHTML_IMAGE_RATIO_02,HTML_MESSAGE,LOTS_OF_MONEY,RCVD_IN_DNSWL_NONE,\r\n\tRCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,\r\n\tSPF_PASS,T_RP_MATCHES_RCVD" | |
}, | |
"p0f": { | |
"query": "199.122.125.180", | |
"first_seen": 1430896265, | |
"last_seen": 1430896265, | |
"total_conn": 1, | |
"distance": 10, | |
"os_name": "Linux", | |
"os_flavor": "2.6.x", | |
"link_type": "Ethernet or modem" | |
}, | |
"fcrdns": { | |
"pass": [ | |
"fcrdns", | |
"is_generic_rdns" | |
], | |
"fcrdns": [ | |
"mta2.email.newegg.com" | |
], | |
"ptr_names": [ | |
"mta2.email.newegg.com" | |
], | |
"ptr_multidomain": false, | |
"has_rdns": true, | |
"ptr_name_has_ips": true, | |
"ptr_name_to_ip": [ | |
{ | |
"k": "mta2.email.newegg.com", | |
"v": [ | |
"199.122.125.180" | |
] | |
} | |
] | |
}, | |
"geoip": { | |
"asn": "22606", | |
"org": "ExactTarget, Inc.", | |
"continent": "NA", | |
"country": "US", | |
"region": "IN", | |
"city": "Indianapolis", | |
"ll": [ | |
39.772400000000005, | |
-86.16 | |
], | |
"distance": "1201" | |
}, | |
"asn": { | |
"asn": "22606", | |
"org": "ExactTarget, Inc." | |
}, | |
"uribl": {}, | |
"helo": { | |
"pass": [ | |
"match_re", | |
"bare_ip", | |
"dynamic", | |
"big_co(not)", | |
"literal_mismatch", | |
"valid_hostname", | |
"rdns_match", | |
"forward_dns" | |
], | |
"helo_host": "mta2.email.newegg.com", | |
"ips": [ | |
"199.122.125.180" | |
] | |
}, | |
"bounce": { | |
"isa": "no" | |
}, | |
"clamd": { | |
"pass": [ | |
"clean" | |
] | |
}, | |
"queue/smtp_forward": { | |
"pass": [ | |
[ | |
"ok 1430896268 qp 36754" | |
] | |
] | |
}, | |
"queue": { | |
"pass": [ | |
"ok 1430896268 qp 36754 (DC04AD71-3C14-40D3-9F7B-5946C996CE83.1)" | |
] | |
}, | |
"is_resolvable": { | |
"pass": [ | |
"has_a_records" | |
] | |
}, | |
"in_host_list": { | |
"msg": [ | |
"mail_from!local", | |
"rcpt!local" | |
] | |
}, | |
"qmail_deliverable": { | |
"pass": [ | |
"rcpt.vpopmail dir" | |
], | |
"msg": [ | |
"mail_from.not local", | |
"sock: 127.0.0.6:8998" | |
] | |
}, | |
"headers": { | |
"pass": [ | |
"duplicate", | |
"missing", | |
"invalid_date", | |
"Return-Path", | |
"direct-to-mx(2)", | |
"from_match(domain,fcrdns)" | |
], | |
"fail": [ | |
"UA", | |
"MLM" | |
] | |
}, | |
"dmarc": { | |
"pass": [ | |
" (p=none d=email.gap.com)" | |
], | |
"dmarc": "pass", | |
"disposition": "none", | |
"dkim": "fail", | |
"spf": "pass" | |
}, | |
"timestamp": "2015-05-06T07:11:08.047Z", | |
"txn": { | |
"mail_from": "<bounce-20_HTML-1928603-17859-6167206-881@bounce.email.newegg.com>", | |
"rcpts": [ | |
"<*****@***PH**O.COM>" | |
], | |
"rcpt_count": { | |
"accept": 1, | |
"tempfail": 0, | |
"reject": 0 | |
}, | |
"header": { | |
"From": "\"Newegg.com\" <Promo@email.newegg.com>", | |
"To": "<*****@***PH**O.COM>", | |
"Subject": "Double Deluxe Deals: $119.99 21.5\" 1080p LED-LCD Monitor, $49.99 WD 1TB 7200RPM HDD" | |
} | |
}, | |
"local_ip": "127.0.0.30", | |
"local_port": 25, | |
"remote_ip": "199.122.125.180", | |
"remote_host": "mta2.email.newegg.com", | |
"remote_port": 46552, | |
"greeting": "EHLO", | |
"hello_host": "mta2.email.newegg.com", | |
"relaying": false, | |
"esmtp": true, | |
"using_tls": false, | |
"rcpt_count": { | |
"accept": 1, | |
"tempfail": 0, | |
"reject": 0 | |
}, | |
"msg_count": { | |
"accept": 1, | |
"tempfail": 0, | |
"reject": 0 | |
}, | |
"duration": 2.763 | |
}, | |
"fields": { | |
"timestamp": [ | |
1430896268047 | |
] | |
}, | |
"sort": [ | |
1430896268047 | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment