[Bro-Dev] question & meta-question regarding "path" field in smtp.log

Vern Paxson vern at icir.org
Sun Dec 18 23:39:49 PST 2011

[catching up]

> Hah, you're finding all of the places that I debated with myself for a
> long time.  I ended up adding the orig_h and resp_h for the current
> connection to the path field because I wanted an easy way to reliably
> find the address that originally sent the message.  If you are watching
> the actual message being sent from the MUA then it obviously won't have
> any received headers yet but it was handy to have the orig_h for the
> connection there anyway.
> Do you think we should cut those out?  It certainly made log processing
> easier when I added it.

Hmmm, I'm somewhat torn.  I'm not a big fan of synthesizing information
that looks just like information directly extracted from the application
dialog, but I appreciate your finding that doing so made the log processing
easier.  I guess as long as "path" is carefully defined to not suggest
it's simply the overt application dialog, then leaving this as it is seems
okay to me.


