Log search / information
Posted by Martin Helms on 04 November 2013 14:16

Table of Contents

  1. Storage period
  2. Access
  3. Delay
  4. Information logged
  5. Classifications


All email connections (spam and not spam) to a domain are logged to the logging server. To make sure a connection can be logged, the "RCP TO" information needs to have been received. Connections are generally only temporarily or permanently rejected after receiving this "RCPT TO" data, to ensure all connections being available from the logging system. Connections may not be logged when ratelimiting is applied because of a flood of connections from a certain IP, or when the sending server is violating certain requirements from the RFC 5321.


Storage period

The connections logged are accessible for up to 28 days. Optionally it's possible to store the logging for a longer time, this can be configured in Spampanel.



The logs can be easily downloaded or searched from the webinterface.



The logging data is processed every 10 minutes on all filtering nodes. The average delay for the connections to be visible in the log search is therefore 5 minutes.


Information logged

The information logged is collected before the DATA of the email has been processed:

  • Date/time
  • Server (email ID)
  • Sender hostname/IP
  • Sender address
  • Recipient address
  • Classification


We have a page dedicated to the explanation of our classifications which are seen in the log search here.

(1 vote(s))
Not helpful

Comments (0)
Post a new comment
Full Name: