Loading ...
Sorry, an error occurred while loading the content.
 

Postfix logwatch script

Expand Messages
  • Greg Hackney
    Would anyone happen to have a modified /etc/log.d/scripts/services/postfix script that will match or ignore these types of otherwise Unmatched Entries
    Message 1 of 11 , Jul 1 9:33 AM
      Would anyone happen to have a modified
      "/etc/log.d/scripts/services/postfix" script
      that will match or ignore these types of otherwise "Unmatched Entries"
      entries
      on my FC3 box:

      NOQUEUE: reject: RCPT from unknown[220.90.18.237]: 554 Service unavailable; Client host [220.90.18.237] blocked using sbl-xbl.spamhaus.org; http://www.spamhaus.org/query/bl?ip=220.90.18.237; from=<ieyaeuyiaaaeyou@...> to=<radio@...> proto=SMTP helo=<7B434978>

      163062A44B4: reject: body <DIV><FONT face=3DArial size=3D2><A href=3D"http://www.envirowarqez.com"><IMG = from unknown[61.47.167.53]; from=<xywe@...> to=<radio@...> proto=SMTP helo=<netzero.com>: Message content rejected

      F36572A4677: reject: header From: Joe <blows@...> from camomile.cloud9.net[168.100.1.3]; from=<owner-postfix-users@...> to=<radio@...> proto=SMTP helo=<camomile.cloud9.net>: Message content rejected

      Jun 25 08:23:00 relay postfix/smtp[9405]: certificate verification failed for mx.flexmail.ifxnetworks.com: num=18:self signed certificate

      Jun 25 08:23:00 relay postfix/smtp[9405]: certificate peer name verification failed for mx.flexmail.ifxnetworks.com: CommonName mis-match: IFX Postmaster

      Jun 30 07:59:02 relay postfix/smtp[2482]: Server certificate could not be verified

      Jun 29 13:32:35 relay postfix/smtp[27342]: Unverified: subject_CN=mail125.messagelabs.com, issuer=MessageLabs

      Jun 29 15:23:48 relay postfix/scache[28130]: statistics: **ALL, a bunch of them**

      --
      Greg
    • Brad Schuetz
      ... Perfect, I ll point the author of the content filter to this thread. ... Thanks! -- Brad Schuetz
      Message 2 of 11 , Jul 1 11:15 AM
        Victor Duchovni wrote:
        > On Fri, Jun 30, 2006 at 08:53:05PM -0700, Brad Schuetz wrote:
        >
        >
        >> XCLIENT ADDR=127.0.0.1
        >> 220 mail.cimmeria.com ESMTP Postfix
        >> XFORWARD NAME=omnis-mail.omnis.com ADDR=216.239.128.28 HELO=omnis-mail.omnis.com PROTO=ESMTP SOURCE=REMOTE
        >> 250 2.0.0 Ok
        >> MAIL FROM:<brad@...> SIZE=539
        >> 403 4.5.1 Error: send HELO/EHLO first
        >>
        >
        > That's right, you need to send EHLO again after XCLIENT. XCLIENT
        > is a full reset back to the 220 banner.
        >
        Perfect, I'll point the author of the content filter to this thread.

        >
        >> now with postfix 2.3 snapshot 20060604
        >>
        >> XCLIENT ADDR=127.0.0.1
        >> 250 2.0.0 Ok
        >> XFORWARD NAME=omnis-mail.omnis.com ADDR=216.239.128.28
        >> HELO=omnis-mail.omnis.com
        >> 250 2.0.0 Ok
        >> MAIL FROM:<brad@...> SIZE=539
        >> 250 2.1.0 Ok
        >>
        >
        > Previous releases got this wrong, but it did not matter, before milter.
        >
        >
        Thanks!

        --
        Brad Schuetz
      • Wietse Venema
        Brad Schuetz: [ Charset ISO-8859-1 unsupported, converting... ] ... Second, ask them why they use xclient in the first place. xclient is for rule testing; it
        Message 3 of 11 , Jul 1 2:56 PM
          Brad Schuetz:
          [ Charset ISO-8859-1 unsupported, converting... ]
          > Victor Duchovni wrote:
          > > On Fri, Jun 30, 2006 at 08:53:05PM -0700, Brad Schuetz wrote:
          > >
          > >
          > >> XCLIENT ADDR=127.0.0.1
          > >> 220 mail.cimmeria.com ESMTP Postfix
          > >> XFORWARD NAME=omnis-mail.omnis.com ADDR=216.239.128.28 HELO=omnis-mail.omnis.com PROTO=ESMTP SOURCE=REMOTE
          > >> 250 2.0.0 Ok
          > >> MAIL FROM:<brad@...> SIZE=539
          > >> 403 4.5.1 Error: send HELO/EHLO first
          > >>
          > >
          > > That's right, you need to send EHLO again after XCLIENT. XCLIENT
          > > is a full reset back to the 220 banner.
          > >
          > Perfect, I'll point the author of the content filter to this thread.

          Second, ask them why they use xclient in the first place.

          xclient is for rule testing; it impersonates a client. There
          is no need for that with a content filter.

          Wietse
        Your message has been successfully submitted and would be delivered to recipients shortly.