Loading ...
Sorry, an error occurred while loading the content.

Re: Spam Prevention

Expand Messages
  • Willy De la Court
    On Sun, 02 Aug 2009 11:24:17 +0100, Clunk Werclick ... [SNIP] ... In ... policy ... This one seems interesting. Need to try it out. ... The nospoof is a big
    Message 1 of 14 , Aug 2, 2009
    • 0 Attachment
      On Sun, 02 Aug 2009 11:24:17 +0100, Clunk Werclick
      <clunk.werclick@...> wrote:
      > On Sun, 2009-08-02 at 11:56 +0200, Willy De la Court wrote:
      >> Hi all,
      >>
      >> Just a question about spam prevention and resource optimalisation.
      >>
      [SNIP]
      >>
      >> This mean that there are a number of tests before the actual recipient
      >> address is tested, would it not be better to place the
      >> reject_unlisted_recipient very early in the chain? Or am I wrong here.
      In
      >> placing the reject_unlisted_recipient earlier in the chain would I not
      >> make
      >> it easier for dictionary attacks to succeed? The check_policy_server is
      >> the
      >> postgrey implementation of http://postgrey.schweikert.ch/
      >>
      >> I added the reject_unlisted_recipient before the postgrey policy test
      >> because I noticed unknown recipients being passed to the postgrey
      policy
      >> test.
      >>
      >> Any comments would be welcome.
      > Hello Willy,
      >
      > It depends on how aggressive you wish to be. Looking at the last half an
      > hour in my logs, the statistics show my blocking going on. The big fishy
      > is 'No PTR' (in words of another no reverse DNS at all) then followed by
      > spoof attempts (bob@... to bob@...).
      >
      > I block both of these types before passing to a big list of dnsbl's -
      > but they may not be entirely suitable in production and it depends upon
      > your BOFH mentality/level -v- your users complaining;
      >
      >
      > smtpd_sender_restrictions =
      > permit_mynetworks
      > permit_sasl_authenticated
      > reject_unauth_destination
      > reject_unknown_reverse_client_hostname

      This one seems interesting. Need to try it out.

      > check_sender_access hash:/etc/postfix/nospoof

      The nospoof is a big nono for me.

      > reject_rbl_client no-more-funn.moensted.dk
      > reject_rbl_client bl.spamcop.net
      > reject_rbl_client dnsbl-1.uceprotect.net
      > reject_rbl_client dnsbl-2.uceprotect.net
      > reject_rbl_client dnsbl-3.uceprotect.net
      > reject_rbl_client dnsbl.sorbs.net
      > reject_rbl_client bl.spamcannibal.org
      > reject_rbl_client spam.dnsbl.sorbs.net
      > reject_rbl_client zen.spamhaus.org
      > reject_rbl_client b.barracudacentral.org
      > permit
      [SNIP]

      wow a lot of rbls. I used to use some of these but got a lot of complaints
      so i'm sticking with just spamcop and spamhaus.

      > ...
      > Have much fun and remember some spam is nice. Especially in a baguette
      > with some 'daddies' sauce

      Yep very nice.

      --
      Simple things make people happy.
      Willy De la Court
      PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
      PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
      GMail <wdl1908@...>
    • Ralf Hildebrandt
      ... uceprotect.net is outright insane. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin
      Message 2 of 14 , Aug 2, 2009
      • 0 Attachment
        * Willy De la Court <wdl@...>:

        > > reject_rbl_client no-more-funn.moensted.dk
        > > reject_rbl_client bl.spamcop.net
        > > reject_rbl_client dnsbl-1.uceprotect.net
        > > reject_rbl_client dnsbl-2.uceprotect.net
        > > reject_rbl_client dnsbl-3.uceprotect.net
        > > reject_rbl_client dnsbl.sorbs.net
        > > reject_rbl_client bl.spamcannibal.org
        > > reject_rbl_client spam.dnsbl.sorbs.net
        > > reject_rbl_client zen.spamhaus.org
        > > reject_rbl_client b.barracudacentral.org
        > > permit
        > [SNIP]
        >
        > wow a lot of rbls. I used to use some of these but got a lot of complaints
        > so i'm sticking with just spamcop and spamhaus.

        uceprotect.net is outright insane.

        --
        Ralf Hildebrandt
        Geschäftsbereich IT | Abteilung Netzwerk
        Charité - Universitätsmedizin Berlin
        Campus Benjamin Franklin
        Hindenburgdamm 30 | D-12203 Berlin
        Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
        ralf.hildebrandt@... | http://www.charite.de
      • mouss
        ... useless. ... useless. you re checking your own domains and domains that will be rejected by reject_unauth_destination. ... it would avoid doing DNS queries
        Message 3 of 14 , Aug 2, 2009
        • 0 Attachment
          Willy De la Court a écrit :
          > Hi all,
          >
          > Just a question about spam prevention and resource optimalisation.
          >
          > What is the best way to go. I have this as spam prevention at the moment.
          >
          > smtpd_helo_restrictions =
          > permit_mynetworks,
          > permit_sasl_authenticated,
          > reject_non_fqdn_hostname,
          > reject_invalid_hostname,
          > permit
          >
          > smtpd_sender_restrictions =
          > permit_mynetworks,
          > permit_sasl_authenticated,
          > reject_non_fqdn_sender,
          > reject_unknown_sender_domain,
          > permit
          >
          > smtpd_recipient_restrictions =
          > permit_mynetworks,
          > permit_sasl_authenticated,
          > reject_unauth_pipelining,

          useless.

          > reject_non_fqdn_recipient,
          > reject_unknown_recipient_domain,

          useless. you're checking your own domains and domains that will be
          rejected by reject_unauth_destination.

          > reject_unauth_destination,
          > reject_invalid_hostname,
          > reject_rbl_client bl.spamcop.net,
          > reject_rbl_client zen.spamhaus.org,
          > reject_unlisted_recipient,
          > check_policy_service inet:127.0.0.1:60000,
          > permit
          >
          > This mean that there are a number of tests before the actual recipient
          > address is tested, would it not be better to place the
          > reject_unlisted_recipient very early in the chain?

          it would avoid doing DNS queries when the recipient is invalid. This
          reduces the load of your server and that of DNSBL servers.

          see below for a better way to do your checks.

          > Or am I wrong here. In
          > placing the reject_unlisted_recipient earlier in the chain would I not make
          > it easier for dictionary attacks to succeed?

          Forget about dictionary attacks. The only spam that seems to target
          valid addresses only is "snowshoe spam", but then it won't be blocked by
          any of your checks. Other than that I keep seeing the same (invalid)
          addresses hit again and again.

          > The check_policy_server is the
          > postgrey implementation of http://postgrey.schweikert.ch/
          >
          > I added the reject_unlisted_recipient before the postgrey policy test
          > because I noticed unknown recipients being passed to the postgrey policy
          > test.
          >

          Make sure you have:

          unknown_local_recipient_reject_code = 550

          if this doesn't fix your problem, post a _new_ question, with infos as
          recommended in the DEBUG README.

          > Any comments would be welcome.
          >

          Assuming the default smtpd_delay_reject=yes, consider putting all your
          anti-spam checks under smtpd_recipient_restrictions.

          remove smtpd_helo_restrictions and smtpd_sender_restrictions, and set:

          smtpd_recipient_restrictions =
          reject_non_fqdn_sender
          reject_non_fqdn_recipient
          permit_mynetworks
          permit_sasl_authenticated
          reject_unauth_destination
          reject_unlisted_recipient
          reject_invalid_hostname
          reject_non_fqdn_hostname
          reject_rbl_client zen.spamhaus.org
          reject_rbl_client bl.spamcop.net
          reject_unknown_sender_domain
          check_policy_service inet:127.0.0.1:60000
        • Willy De la Court
          ... moment. ... [SNIP] ... [SNIP] ... Yes I v seen it too. ... policy ... Yep just checked it it s 550 ... I don;t have any problems with this configuration
          Message 4 of 14 , Aug 2, 2009
          • 0 Attachment
            On Sun, 02 Aug 2009 12:44:56 +0200, mouss <mouss@...> wrote:
            > Willy De la Court a écrit :
            >> Hi all,
            >>
            >> Just a question about spam prevention and resource optimalisation.
            >>
            >> What is the best way to go. I have this as spam prevention at the
            moment.
            >>
            [SNIP]
            >> reject_unauth_pipelining,
            >
            > useless.
            >
            >> reject_non_fqdn_recipient,
            >> reject_unknown_recipient_domain,
            >
            > useless. you're checking your own domains and domains that will be
            > rejected by reject_unauth_destination.
            >
            [SNIP]
            >>
            >> This mean that there are a number of tests before the actual recipient
            >> address is tested, would it not be better to place the
            >> reject_unlisted_recipient very early in the chain?
            >
            > it would avoid doing DNS queries when the recipient is invalid. This
            > reduces the load of your server and that of DNSBL servers.
            >
            > see below for a better way to do your checks.
            >
            >> Or am I wrong here. In
            >> placing the reject_unlisted_recipient earlier in the chain would I not
            >> make
            >> it easier for dictionary attacks to succeed?
            >
            > Forget about dictionary attacks. The only spam that seems to target
            > valid addresses only is "snowshoe spam", but then it won't be blocked by
            > any of your checks. Other than that I keep seeing the same (invalid)
            > addresses hit again and again.

            Yes I'v seen it too.

            >
            >> The check_policy_server is the
            >> postgrey implementation of http://postgrey.schweikert.ch/
            >>
            >> I added the reject_unlisted_recipient before the postgrey policy test
            >> because I noticed unknown recipients being passed to the postgrey
            policy
            >> test.
            >>
            >
            > Make sure you have:
            >
            > unknown_local_recipient_reject_code = 550

            Yep just checked it it's 550

            >
            > if this doesn't fix your problem, post a _new_ question, with infos as
            > recommended in the DEBUG README.
            >
            I don;t have any problems with this configuration just wanted to know how
            to improve the stuff.

            >> Any comments would be welcome.
            >>
            >
            > Assuming the default smtpd_delay_reject=yes, consider putting all your
            > anti-spam checks under smtpd_recipient_restrictions.
            >

            Yes smtpd_delay_reject=yes

            > remove smtpd_helo_restrictions and smtpd_sender_restrictions, and set:
            >
            > smtpd_recipient_restrictions =
            > reject_non_fqdn_sender
            > reject_non_fqdn_recipient
            > permit_mynetworks
            > permit_sasl_authenticated
            > reject_unauth_destination
            > reject_unlisted_recipient
            > reject_invalid_hostname
            > reject_non_fqdn_hostname
            > reject_rbl_client zen.spamhaus.org
            > reject_rbl_client bl.spamcop.net
            > reject_unknown_sender_domain
            > check_policy_service inet:127.0.0.1:60000

            I'll see what results I get with these.

            Thx again for the explanation.

            --
            Simple things make people happy.
            Willy De la Court
            PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
            PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
          • Jon
            ... What tools are you using to generate your counts and get your output presented this way?
            Message 5 of 14 , Aug 2, 2009
            • 0 Attachment
              Clunk Werclick wrote:
              >
              > ************************
              > PRE DNSBL 321
              > ........................
              > NO PTR 201
              > SPOOFING 120
              > RELAY ATTEMPTS 0
              > BLOCKED OTHER 0
              > WHITELISTED 4
              > ************************
              > BLOCKED DNSBL 287
              > ........................
              >

              What tools are you using to generate your counts and get your output
              presented this way?
            • Charles Sprickman
              ... [snip] ... I m still figuring things out, and have not really went very deep into spam prevention at this point. My question about the rbl rejects at the
              Message 6 of 14 , Aug 2, 2009
              • 0 Attachment
                On Sun, 2 Aug 2009, Willy De la Court wrote:

                > On Sun, 02 Aug 2009 11:24:17 +0100, Clunk Werclick
                > <clunk.werclick@...> wrote:
                [snip]
                >> reject_rbl_client no-more-funn.moensted.dk
                >> reject_rbl_client bl.spamcop.net
                >> reject_rbl_client dnsbl-1.uceprotect.net
                >> reject_rbl_client dnsbl-2.uceprotect.net
                >> reject_rbl_client dnsbl-3.uceprotect.net
                >> reject_rbl_client dnsbl.sorbs.net
                >> reject_rbl_client bl.spamcannibal.org
                >> reject_rbl_client spam.dnsbl.sorbs.net
                >> reject_rbl_client zen.spamhaus.org
                >> reject_rbl_client b.barracudacentral.org
                >> permit
                > [SNIP]
                >
                > wow a lot of rbls. I used to use some of these but got a lot of complaints
                > so i'm sticking with just spamcop and spamhaus.

                I'm still figuring things out, and have not really went very deep into
                spam prevention at this point. My question about the rbl rejects at the
                smtp level is whether it's possible to only apply this to certain
                domains/accounts without resorting ot using a policy daemon. I'm guessing
                no, but that may just be my old qmail pessimism. :)

                Thanks,

                Charles

                >> ...
                >> Have much fun and remember some spam is nice. Especially in a baguette
                >> with some 'daddies' sauce
                >
                > Yep very nice.
                >
                > --
                > Simple things make people happy.
                > Willy De la Court
                > PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
                > PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
                > GMail <wdl1908@...>
                >
              • mouss
                ... if it depends on client, helo, sender or recipient, then you can use restriction classes.
                Message 7 of 14 , Aug 2, 2009
                • 0 Attachment
                  Charles Sprickman a écrit :
                  > On Sun, 2 Aug 2009, Willy De la Court wrote:
                  >
                  >> On Sun, 02 Aug 2009 11:24:17 +0100, Clunk Werclick
                  >> <clunk.werclick@...> wrote:
                  > [snip]
                  >>> reject_rbl_client no-more-funn.moensted.dk
                  >>> reject_rbl_client bl.spamcop.net
                  >>> reject_rbl_client dnsbl-1.uceprotect.net
                  >>> reject_rbl_client dnsbl-2.uceprotect.net
                  >>> reject_rbl_client dnsbl-3.uceprotect.net
                  >>> reject_rbl_client dnsbl.sorbs.net
                  >>> reject_rbl_client bl.spamcannibal.org
                  >>> reject_rbl_client spam.dnsbl.sorbs.net
                  >>> reject_rbl_client zen.spamhaus.org
                  >>> reject_rbl_client b.barracudacentral.org
                  >>> permit
                  >> [SNIP]
                  >>
                  >> wow a lot of rbls. I used to use some of these but got a lot of
                  >> complaints
                  >> so i'm sticking with just spamcop and spamhaus.
                  >
                  > I'm still figuring things out, and have not really went very deep into
                  > spam prevention at this point. My question about the rbl rejects at the
                  > smtp level is whether it's possible to only apply this to certain
                  > domains/accounts without resorting ot using a policy daemon. I'm
                  > guessing no, but that may just be my old qmail pessimism. :)
                  >

                  if it depends on client, helo, sender or recipient, then you can use
                  restriction classes.
                • Clunk Werclick
                  ... A dirty little Perl script + cron. -- ... C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only
                  Message 8 of 14 , Aug 2, 2009
                  • 0 Attachment
                    On Sun, 2009-08-02 at 17:04 -0400, Jon wrote:
                    > Clunk Werclick wrote:
                    > >
                    > > ************************
                    > > PRE DNSBL 321
                    > > ........................
                    > > NO PTR 201
                    > > SPOOFING 120
                    > > RELAY ATTEMPTS 0
                    > > BLOCKED OTHER 0
                    > > WHITELISTED 4
                    > > ************************
                    > > BLOCKED DNSBL 287
                    > > ........................
                    > >
                    >
                    > What tools are you using to generate your counts and get your output
                    > presented this way?
                    A dirty little Perl script + cron.
                    --
                    -----------------------------------------------------------
                    C Werclick .Lot
                    Technical incompetent
                    Loyal Order Of The Teapot.

                    This e-mail and its attachments is intended only to be used as an e-mail
                    and an attachment. Any use of it for other purposes other than as an
                    e-mail and an attachment will not be covered by any warranty that may or
                    may not form part of this e-mail and attachment.
                  • Willy De la Court
                    ... The logwatch package can do something similar. See example below. I stripped out some sections with sensitive information but you get the idea. ... ******
                    Message 9 of 14 , Aug 2, 2009
                    • 0 Attachment
                      On Sun, 02 Aug 2009 17:04:17 -0400, Jon <jon_k@...> wrote:
                      > Clunk Werclick wrote:
                      >>
                      >> ************************
                      >> PRE DNSBL 321
                      >> ........................
                      >> NO PTR 201
                      >> SPOOFING 120
                      >> RELAY ATTEMPTS 0
                      >> BLOCKED OTHER 0
                      >> WHITELISTED 4
                      >> ************************
                      >> BLOCKED DNSBL 287
                      >> ........................
                      >>
                      >
                      > What tools are you using to generate your counts and get your output
                      > presented this way?

                      The logwatch package can do something similar.

                      See example below. I stripped out some sections with sensitive information
                      but you get the idea.

                      --------------------- Postfix Begin (detail=5) ------------------------

                      ****** Summary
                      *************************************************************************************

                      28.893M Bytes accepted 30,296,112
                      4.471M Bytes sent via SMTP 4,687,715
                      25.310M Bytes delivered 26,538,982
                      ======== ================================================

                      370 Accepted 1.79%
                      20326 Rejected 98.21%
                      -------- ------------------------------------------------
                      20696 Total 100.00%
                      ======== ================================================

                      124 5xx Reject relay denied 0.61%
                      5423 5xx Reject HELO/EHLO 26.68%
                      154 5xx Reject unknown user 0.76%
                      14625 5xx Reject RBL 71.95%
                      -------- ------------------------------------------------
                      20326 Total 5xx Rejects 100.00%
                      ======== ================================================

                      20 4xx Reject HELO/EHLO 2.11%
                      2 4xx Reject unknown user 0.21%
                      102 4xx Reject recipient address 10.75%
                      648 4xx Reject sender address 68.28%
                      158 4xx Reject unknown reverse client host 16.65%
                      19 4xx Reject RBL 2.00%
                      -------- ------------------------------------------------
                      949 Total 4xx Rejects 100.00%
                      ======== ================================================

                      14952 Connections made
                      5149 Connections lost (inbound)
                      14947 Disconnections
                      368 Removed from queue
                      334 Delivered
                      127 Sent via SMTP
                      10 Resent
                      2 Deferred
                      2 Deferrals
                      2 Bounced (remote)
                      2 Notifications sent

                      45 Timeout (inbound)
                      23 Illegal address syntax in SMTP command
                      56 Numeric hostname
                      7 SMTP dialog error
                      106 Excessive errors in SMTP dialog
                      3071 Hostname verification errors
                      1 Hostname validation errors


                      ****** Detail
                      **************************************************************************************

                      124 5xx Reject relay denied
                      -----------------------------------------------------------------
                      20 81.192.186.79 adsl-79-186-192-81.adsl.iam.net.ma
                      20 85.181.161.97 e181161097.adsl.alicedsl.de
                      20 95.110.96.169 g95-110-96-169.broadband.bashtel.ru
                      20 190.48.158.110 unknown
                      20 201.80.36.14 unknown
                      20 202.142.223.169 unknown
                      2 83.36.234.113 113.red-83-36-234.dynamicip.rima-tde.net
                      2 90.176.249.58 58.249.broadband9.iol.cz

                      5423 5xx Reject HELO/EHLO
                      --------------------------------------------------------------------
                      5423 Need fully-qualified hostname

                      154 5xx Reject unknown user
                      -----------------------------------------------------------------
                      154 Virtual mailbox table

                      14625 5xx Reject RBL
                      --------------------------------------------------------------------------
                      7959 bl.spamcop.net
                      6666 zen.spamhaus.org

                      20 4xx Reject HELO/EHLO
                      --------------------------------------------------------------------
                      20 Need fully-qualified hostname

                      2 4xx Reject unknown user
                      -----------------------------------------------------------------
                      2 Virtual mailbox table

                      102 4xx Reject recipient address
                      ------------------------------------------------------------

                      648 4xx Reject sender address
                      ---------------------------------------------------------------
                      648 Domain not found

                      5149 Connections lost (inbound)
                      --------------------------------------------------------------
                      3274 After DATA
                      1532 After RCPT
                      261 After CONNECT
                      26 After MAIL
                      26 After QUIT
                      15 After HELO
                      12 After EHLO
                      2 After UNKNOWN
                      1 After RSET

                      2 Deferrals
                      -------------------------------------------------------------------------------
                      2 4.1.1: Transient failure: Addressing status: Bad
                      destination mailbox address

                      2 Bounced (remote)
                      ------------------------------------------------------------------------
                      2 5.1.1: Permanent failure: Addressing status: Bad
                      destination mailbox address

                      2 Notifications sent
                      ----------------------------------------------------------------------
                      2 Non-delivery

                      45 Timeout (inbound)
                      -----------------------------------------------------------------------
                      16 After CONNECT
                      8 After RCPT
                      7 After DATA
                      7 After MAIL
                      5 After EHLO
                      2 After HELO

                      23 Illegal address syntax in SMTP command
                      --------------------------------------------------
                      23 MAIL

                      56 Numeric hostname
                      ------------------------------------------------------------------------
                      44 Resource data of MX record
                      12 Hostname

                      7 SMTP dialog error
                      -----------------------------------------------------------------------
                      7 Non-SMTP command

                      106 Excessive errors in SMTP dialog
                      ---------------------------------------------------------
                      81 After RCPT
                      25 After DATA

                      3071 Hostname verification errors
                      ------------------------------------------------------------
                      2851 No address associated with hostname
                      220 Address not listed for hostname

                      1 Hostname validation errors
                      --------------------------------------------------------------
                      1 misplaced delimiter: .



                      ======================================================================================================================
                      Delays Percentiles 0% 25% 50% 75%
                      90% 95% 98% 100%

                      ----------------------------------------------------------------------------------------------------------------------
                      1: Pre qmgr 0.000 0.020 0.050 0.250
                      0.542 0.988 1.400 522.000
                      2: In qmgr 0.000 0.000 0.000 0.010
                      0.010 0.010 0.010 0.020
                      3: Connection setup 0.000 0.000 0.000 0.080
                      0.180 0.280 0.487 2.700
                      4: Xmit time 0.010 0.050 0.230 0.570
                      1.200 1.680 3.092 4.300

                      ======================================================================================================================

                      ---------------------- Postfix End -------------------------



                      --
                      Simple things make people happy.
                      Willy De la Court
                      PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
                      PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
                    • Clunk Werclick
                      ... Yes, I use that too - but I like a quick summary on demand. -- ... C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its
                      Message 10 of 14 , Aug 2, 2009
                      • 0 Attachment
                        On Mon, 2009-08-03 at 08:29 +0200, Willy De la Court wrote:
                        > On Sun, 02 Aug 2009 17:04:17 -0400, Jon <jon_k@...> wrote:
                        > > Clunk Werclick wrote:
                        > >>
                        > >> ************************
                        > >> PRE DNSBL 321
                        > >> ........................
                        > >> NO PTR 201
                        > >> SPOOFING 120
                        > >> RELAY ATTEMPTS 0
                        > >> BLOCKED OTHER 0
                        > >> WHITELISTED 4
                        > >> ************************
                        > >> BLOCKED DNSBL 287
                        > >> ........................
                        > >>
                        > >
                        > > What tools are you using to generate your counts and get your output
                        > > presented this way?
                        >
                        > The logwatch package can do something similar.
                        >
                        > See example below. I stripped out some sections with sensitive information
                        > but you get the idea.
                        >
                        > --------------------- Postfix Begin (detail=5) ------------------------
                        >
                        > ****** Summary
                        > *************************************************************************************
                        >
                        > 28.893M Bytes accepted 30,296,112
                        > 4.471M Bytes sent via SMTP 4,687,715
                        > 25.310M Bytes delivered 26,538,982
                        > ======== ================================================
                        >
                        > 370 Accepted 1.79%
                        > 20326 Rejected 98.21%
                        > -------- ------------------------------------------------
                        > 20696 Total 100.00%
                        > ======== ================================================
                        >
                        > 124 5xx Reject relay denied 0.61%
                        > 5423 5xx Reject HELO/EHLO 26.68%
                        > 154 5xx Reject unknown user 0.76%
                        > 14625 5xx Reject RBL 71.95%
                        > -------- ------------------------------------------------
                        > 20326 Total 5xx Rejects 100.00%
                        > ======== ================================================
                        >
                        > 20 4xx Reject HELO/EHLO 2.11%
                        > 2 4xx Reject unknown user 0.21%
                        > 102 4xx Reject recipient address 10.75%
                        > 648 4xx Reject sender address 68.28%
                        > 158 4xx Reject unknown reverse client host 16.65%
                        > 19 4xx Reject RBL 2.00%
                        > -------- ------------------------------------------------
                        > 949 Total 4xx Rejects 100.00%
                        > ======== ================================================
                        >
                        > 14952 Connections made
                        > 5149 Connections lost (inbound)
                        > 14947 Disconnections
                        > 368 Removed from queue
                        > 334 Delivered
                        > 127 Sent via SMTP
                        > 10 Resent
                        > 2 Deferred
                        > 2 Deferrals
                        > 2 Bounced (remote)
                        > 2 Notifications sent
                        >
                        > 45 Timeout (inbound)
                        > 23 Illegal address syntax in SMTP command
                        > 56 Numeric hostname
                        > 7 SMTP dialog error
                        > 106 Excessive errors in SMTP dialog
                        > 3071 Hostname verification errors
                        > 1 Hostname validation errors
                        >
                        >
                        > ****** Detail
                        > **************************************************************************************
                        >
                        > 124 5xx Reject relay denied
                        > -----------------------------------------------------------------
                        > 20 81.192.186.79 adsl-79-186-192-81.adsl.iam.net.ma
                        > 20 85.181.161.97 e181161097.adsl.alicedsl.de
                        > 20 95.110.96.169 g95-110-96-169.broadband.bashtel.ru
                        > 20 190.48.158.110 unknown
                        > 20 201.80.36.14 unknown
                        > 20 202.142.223.169 unknown
                        > 2 83.36.234.113 113.red-83-36-234.dynamicip.rima-tde.net
                        > 2 90.176.249.58 58.249.broadband9.iol.cz
                        >
                        > 5423 5xx Reject HELO/EHLO
                        > --------------------------------------------------------------------
                        > 5423 Need fully-qualified hostname
                        >
                        > 154 5xx Reject unknown user
                        > -----------------------------------------------------------------
                        > 154 Virtual mailbox table
                        >
                        > 14625 5xx Reject RBL
                        > --------------------------------------------------------------------------
                        > 7959 bl.spamcop.net
                        > 6666 zen.spamhaus.org
                        >
                        > 20 4xx Reject HELO/EHLO
                        > --------------------------------------------------------------------
                        > 20 Need fully-qualified hostname
                        >
                        > 2 4xx Reject unknown user
                        > -----------------------------------------------------------------
                        > 2 Virtual mailbox table
                        >
                        > 102 4xx Reject recipient address
                        > ------------------------------------------------------------
                        >
                        > 648 4xx Reject sender address
                        > ---------------------------------------------------------------
                        > 648 Domain not found
                        >
                        > 5149 Connections lost (inbound)
                        > --------------------------------------------------------------
                        > 3274 After DATA
                        > 1532 After RCPT
                        > 261 After CONNECT
                        > 26 After MAIL
                        > 26 After QUIT
                        > 15 After HELO
                        > 12 After EHLO
                        > 2 After UNKNOWN
                        > 1 After RSET
                        >
                        > 2 Deferrals
                        > -------------------------------------------------------------------------------
                        > 2 4.1.1: Transient failure: Addressing status: Bad
                        > destination mailbox address
                        >
                        > 2 Bounced (remote)
                        > ------------------------------------------------------------------------
                        > 2 5.1.1: Permanent failure: Addressing status: Bad
                        > destination mailbox address
                        >
                        > 2 Notifications sent
                        > ----------------------------------------------------------------------
                        > 2 Non-delivery
                        >
                        > 45 Timeout (inbound)
                        > -----------------------------------------------------------------------
                        > 16 After CONNECT
                        > 8 After RCPT
                        > 7 After DATA
                        > 7 After MAIL
                        > 5 After EHLO
                        > 2 After HELO
                        >
                        > 23 Illegal address syntax in SMTP command
                        > --------------------------------------------------
                        > 23 MAIL
                        >
                        > 56 Numeric hostname
                        > ------------------------------------------------------------------------
                        > 44 Resource data of MX record
                        > 12 Hostname
                        >
                        > 7 SMTP dialog error
                        > -----------------------------------------------------------------------
                        > 7 Non-SMTP command
                        >
                        > 106 Excessive errors in SMTP dialog
                        > ---------------------------------------------------------
                        > 81 After RCPT
                        > 25 After DATA
                        >
                        > 3071 Hostname verification errors
                        > ------------------------------------------------------------
                        > 2851 No address associated with hostname
                        > 220 Address not listed for hostname
                        >
                        > 1 Hostname validation errors
                        > --------------------------------------------------------------
                        > 1 misplaced delimiter: .
                        >
                        >
                        >
                        > ======================================================================================================================
                        > Delays Percentiles 0% 25% 50% 75%
                        > 90% 95% 98% 100%
                        >
                        > ----------------------------------------------------------------------------------------------------------------------
                        > 1: Pre qmgr 0.000 0.020 0.050 0.250
                        > 0.542 0.988 1.400 522.000
                        > 2: In qmgr 0.000 0.000 0.000 0.010
                        > 0.010 0.010 0.010 0.020
                        > 3: Connection setup 0.000 0.000 0.000 0.080
                        > 0.180 0.280 0.487 2.700
                        > 4: Xmit time 0.010 0.050 0.230 0.570
                        > 1.200 1.680 3.092 4.300
                        >
                        > ======================================================================================================================
                        >
                        > ---------------------- Postfix End -------------------------
                        >
                        >
                        Yes, I use that too - but I like a quick summary on demand.

                        --
                        -----------------------------------------------------------
                        C Werclick .Lot
                        Technical incompetent
                        Loyal Order Of The Teapot.

                        This e-mail and its attachments is intended only to be used as an e-mail
                        and an attachment. Any use of it for other purposes other than as an
                        e-mail and an attachment will not be covered by any warranty that may or
                        may not form part of this e-mail and attachment.
                      • Thomas
                        Hey, [..] ... See: You can use the scripts _without_ logwatch and get an instant summary of your mail.log. Cheers,
                        Message 11 of 14 , Aug 2, 2009
                        • 0 Attachment
                          Hey,

                          [..]
                          > Yes, I use that too - but I like a quick summary on demand.
                          See: <http://www.mikecappella.com/logwatch/>
                          You can use the scripts _without_ logwatch and get an instant summary of
                          your mail.log.

                          Cheers,
                          Thomas
                        • Clunk Werclick
                          ... Indeed it does and that is interesting, thank you. My long term goal is to get my Perl to log, in single line; DATE/TIME INBOUND/OUTBOUND TO FROM SUBJECT
                          Message 12 of 14 , Aug 3, 2009
                          • 0 Attachment
                            On Mon, 2009-08-03 at 16:52 +1000, Thomas wrote:
                            > Hey,
                            >
                            > [..]
                            > > Yes, I use that too - but I like a quick summary on demand.
                            > See: <http://www.mikecappella.com/logwatch/>
                            > You can use the scripts _without_ logwatch and get an instant summary of
                            > your mail.log.
                            >
                            > Cheers,
                            > Thomas
                            Indeed it does and that is interesting, thank you. My long term goal is
                            to get my Perl to log, in single line;

                            DATE/TIME INBOUND/OUTBOUND TO FROM SUBJECT SPAM SCORE IP

                            That is what I really would like to be able to do - but so far I do not
                            find a way that is easy or straightforward to bring all of this
                            information together in a single 'delivered' log. Rejected or dropped
                            mail is straightforward, but delivered mail seems to be harder to cobble
                            something together to give it, how do you say, 'the inside leg
                            measurements' ?

                            --
                            -----------------------------------------------------------
                            C Werclick .Lot
                            Technical incompetent
                            Loyal Order Of The Teapot.

                            This e-mail and its attachments is intended only to be used as an e-mail
                            and an attachment. Any use of it for other purposes other than as an
                            e-mail and an attachment will not be covered by any warranty that may or
                            may not form part of this e-mail and attachment.
                          Your message has been successfully submitted and would be delivered to recipients shortly.