Loading ...
Sorry, an error occurred while loading the content.

Re: Spam Prevention

Expand Messages
  • Ralf Hildebrandt
    ... uceprotect.net is outright insane. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin
    Message 1 of 14 , Aug 2 3:41 AM
    • 0 Attachment
      * Willy De la Court <wdl@...>:

      > > reject_rbl_client no-more-funn.moensted.dk
      > > reject_rbl_client bl.spamcop.net
      > > reject_rbl_client dnsbl-1.uceprotect.net
      > > reject_rbl_client dnsbl-2.uceprotect.net
      > > reject_rbl_client dnsbl-3.uceprotect.net
      > > reject_rbl_client dnsbl.sorbs.net
      > > reject_rbl_client bl.spamcannibal.org
      > > reject_rbl_client spam.dnsbl.sorbs.net
      > > reject_rbl_client zen.spamhaus.org
      > > reject_rbl_client b.barracudacentral.org
      > > permit
      > [SNIP]
      >
      > wow a lot of rbls. I used to use some of these but got a lot of complaints
      > so i'm sticking with just spamcop and spamhaus.

      uceprotect.net is outright insane.

      --
      Ralf Hildebrandt
      Geschäftsbereich IT | Abteilung Netzwerk
      Charité - Universitätsmedizin Berlin
      Campus Benjamin Franklin
      Hindenburgdamm 30 | D-12203 Berlin
      Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
      ralf.hildebrandt@... | http://www.charite.de
    • mouss
      ... useless. ... useless. you re checking your own domains and domains that will be rejected by reject_unauth_destination. ... it would avoid doing DNS queries
      Message 2 of 14 , Aug 2 3:44 AM
      • 0 Attachment
        Willy De la Court a écrit :
        > Hi all,
        >
        > Just a question about spam prevention and resource optimalisation.
        >
        > What is the best way to go. I have this as spam prevention at the moment.
        >
        > smtpd_helo_restrictions =
        > permit_mynetworks,
        > permit_sasl_authenticated,
        > reject_non_fqdn_hostname,
        > reject_invalid_hostname,
        > permit
        >
        > smtpd_sender_restrictions =
        > permit_mynetworks,
        > permit_sasl_authenticated,
        > reject_non_fqdn_sender,
        > reject_unknown_sender_domain,
        > permit
        >
        > smtpd_recipient_restrictions =
        > permit_mynetworks,
        > permit_sasl_authenticated,
        > reject_unauth_pipelining,

        useless.

        > reject_non_fqdn_recipient,
        > reject_unknown_recipient_domain,

        useless. you're checking your own domains and domains that will be
        rejected by reject_unauth_destination.

        > reject_unauth_destination,
        > reject_invalid_hostname,
        > reject_rbl_client bl.spamcop.net,
        > reject_rbl_client zen.spamhaus.org,
        > reject_unlisted_recipient,
        > check_policy_service inet:127.0.0.1:60000,
        > permit
        >
        > This mean that there are a number of tests before the actual recipient
        > address is tested, would it not be better to place the
        > reject_unlisted_recipient very early in the chain?

        it would avoid doing DNS queries when the recipient is invalid. This
        reduces the load of your server and that of DNSBL servers.

        see below for a better way to do your checks.

        > Or am I wrong here. In
        > placing the reject_unlisted_recipient earlier in the chain would I not make
        > it easier for dictionary attacks to succeed?

        Forget about dictionary attacks. The only spam that seems to target
        valid addresses only is "snowshoe spam", but then it won't be blocked by
        any of your checks. Other than that I keep seeing the same (invalid)
        addresses hit again and again.

        > The check_policy_server is the
        > postgrey implementation of http://postgrey.schweikert.ch/
        >
        > I added the reject_unlisted_recipient before the postgrey policy test
        > because I noticed unknown recipients being passed to the postgrey policy
        > test.
        >

        Make sure you have:

        unknown_local_recipient_reject_code = 550

        if this doesn't fix your problem, post a _new_ question, with infos as
        recommended in the DEBUG README.

        > Any comments would be welcome.
        >

        Assuming the default smtpd_delay_reject=yes, consider putting all your
        anti-spam checks under smtpd_recipient_restrictions.

        remove smtpd_helo_restrictions and smtpd_sender_restrictions, and set:

        smtpd_recipient_restrictions =
        reject_non_fqdn_sender
        reject_non_fqdn_recipient
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
        reject_unlisted_recipient
        reject_invalid_hostname
        reject_non_fqdn_hostname
        reject_rbl_client zen.spamhaus.org
        reject_rbl_client bl.spamcop.net
        reject_unknown_sender_domain
        check_policy_service inet:127.0.0.1:60000
      • Willy De la Court
        ... moment. ... [SNIP] ... [SNIP] ... Yes I v seen it too. ... policy ... Yep just checked it it s 550 ... I don;t have any problems with this configuration
        Message 3 of 14 , Aug 2 4:04 AM
        • 0 Attachment
          On Sun, 02 Aug 2009 12:44:56 +0200, mouss <mouss@...> wrote:
          > Willy De la Court a écrit :
          >> Hi all,
          >>
          >> Just a question about spam prevention and resource optimalisation.
          >>
          >> What is the best way to go. I have this as spam prevention at the
          moment.
          >>
          [SNIP]
          >> reject_unauth_pipelining,
          >
          > useless.
          >
          >> reject_non_fqdn_recipient,
          >> reject_unknown_recipient_domain,
          >
          > useless. you're checking your own domains and domains that will be
          > rejected by reject_unauth_destination.
          >
          [SNIP]
          >>
          >> This mean that there are a number of tests before the actual recipient
          >> address is tested, would it not be better to place the
          >> reject_unlisted_recipient very early in the chain?
          >
          > it would avoid doing DNS queries when the recipient is invalid. This
          > reduces the load of your server and that of DNSBL servers.
          >
          > see below for a better way to do your checks.
          >
          >> Or am I wrong here. In
          >> placing the reject_unlisted_recipient earlier in the chain would I not
          >> make
          >> it easier for dictionary attacks to succeed?
          >
          > Forget about dictionary attacks. The only spam that seems to target
          > valid addresses only is "snowshoe spam", but then it won't be blocked by
          > any of your checks. Other than that I keep seeing the same (invalid)
          > addresses hit again and again.

          Yes I'v seen it too.

          >
          >> The check_policy_server is the
          >> postgrey implementation of http://postgrey.schweikert.ch/
          >>
          >> I added the reject_unlisted_recipient before the postgrey policy test
          >> because I noticed unknown recipients being passed to the postgrey
          policy
          >> test.
          >>
          >
          > Make sure you have:
          >
          > unknown_local_recipient_reject_code = 550

          Yep just checked it it's 550

          >
          > if this doesn't fix your problem, post a _new_ question, with infos as
          > recommended in the DEBUG README.
          >
          I don;t have any problems with this configuration just wanted to know how
          to improve the stuff.

          >> Any comments would be welcome.
          >>
          >
          > Assuming the default smtpd_delay_reject=yes, consider putting all your
          > anti-spam checks under smtpd_recipient_restrictions.
          >

          Yes smtpd_delay_reject=yes

          > remove smtpd_helo_restrictions and smtpd_sender_restrictions, and set:
          >
          > smtpd_recipient_restrictions =
          > reject_non_fqdn_sender
          > reject_non_fqdn_recipient
          > permit_mynetworks
          > permit_sasl_authenticated
          > reject_unauth_destination
          > reject_unlisted_recipient
          > reject_invalid_hostname
          > reject_non_fqdn_hostname
          > reject_rbl_client zen.spamhaus.org
          > reject_rbl_client bl.spamcop.net
          > reject_unknown_sender_domain
          > check_policy_service inet:127.0.0.1:60000

          I'll see what results I get with these.

          Thx again for the explanation.

          --
          Simple things make people happy.
          Willy De la Court
          PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
          PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
        • Jon
          ... What tools are you using to generate your counts and get your output presented this way?
          Message 4 of 14 , Aug 2 2:04 PM
          • 0 Attachment
            Clunk Werclick wrote:
            >
            > ************************
            > PRE DNSBL 321
            > ........................
            > NO PTR 201
            > SPOOFING 120
            > RELAY ATTEMPTS 0
            > BLOCKED OTHER 0
            > WHITELISTED 4
            > ************************
            > BLOCKED DNSBL 287
            > ........................
            >

            What tools are you using to generate your counts and get your output
            presented this way?
          • Charles Sprickman
            ... [snip] ... I m still figuring things out, and have not really went very deep into spam prevention at this point. My question about the rbl rejects at the
            Message 5 of 14 , Aug 2 9:21 PM
            • 0 Attachment
              On Sun, 2 Aug 2009, Willy De la Court wrote:

              > On Sun, 02 Aug 2009 11:24:17 +0100, Clunk Werclick
              > <clunk.werclick@...> wrote:
              [snip]
              >> reject_rbl_client no-more-funn.moensted.dk
              >> reject_rbl_client bl.spamcop.net
              >> reject_rbl_client dnsbl-1.uceprotect.net
              >> reject_rbl_client dnsbl-2.uceprotect.net
              >> reject_rbl_client dnsbl-3.uceprotect.net
              >> reject_rbl_client dnsbl.sorbs.net
              >> reject_rbl_client bl.spamcannibal.org
              >> reject_rbl_client spam.dnsbl.sorbs.net
              >> reject_rbl_client zen.spamhaus.org
              >> reject_rbl_client b.barracudacentral.org
              >> permit
              > [SNIP]
              >
              > wow a lot of rbls. I used to use some of these but got a lot of complaints
              > so i'm sticking with just spamcop and spamhaus.

              I'm still figuring things out, and have not really went very deep into
              spam prevention at this point. My question about the rbl rejects at the
              smtp level is whether it's possible to only apply this to certain
              domains/accounts without resorting ot using a policy daemon. I'm guessing
              no, but that may just be my old qmail pessimism. :)

              Thanks,

              Charles

              >> ...
              >> Have much fun and remember some spam is nice. Especially in a baguette
              >> with some 'daddies' sauce
              >
              > Yep very nice.
              >
              > --
              > Simple things make people happy.
              > Willy De la Court
              > PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
              > PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
              > GMail <wdl1908@...>
              >
            • mouss
              ... if it depends on client, helo, sender or recipient, then you can use restriction classes.
              Message 6 of 14 , Aug 2 10:43 PM
              • 0 Attachment
                Charles Sprickman a écrit :
                > On Sun, 2 Aug 2009, Willy De la Court wrote:
                >
                >> On Sun, 02 Aug 2009 11:24:17 +0100, Clunk Werclick
                >> <clunk.werclick@...> wrote:
                > [snip]
                >>> reject_rbl_client no-more-funn.moensted.dk
                >>> reject_rbl_client bl.spamcop.net
                >>> reject_rbl_client dnsbl-1.uceprotect.net
                >>> reject_rbl_client dnsbl-2.uceprotect.net
                >>> reject_rbl_client dnsbl-3.uceprotect.net
                >>> reject_rbl_client dnsbl.sorbs.net
                >>> reject_rbl_client bl.spamcannibal.org
                >>> reject_rbl_client spam.dnsbl.sorbs.net
                >>> reject_rbl_client zen.spamhaus.org
                >>> reject_rbl_client b.barracudacentral.org
                >>> permit
                >> [SNIP]
                >>
                >> wow a lot of rbls. I used to use some of these but got a lot of
                >> complaints
                >> so i'm sticking with just spamcop and spamhaus.
                >
                > I'm still figuring things out, and have not really went very deep into
                > spam prevention at this point. My question about the rbl rejects at the
                > smtp level is whether it's possible to only apply this to certain
                > domains/accounts without resorting ot using a policy daemon. I'm
                > guessing no, but that may just be my old qmail pessimism. :)
                >

                if it depends on client, helo, sender or recipient, then you can use
                restriction classes.
              • Clunk Werclick
                ... A dirty little Perl script + cron. -- ... C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its attachments is intended only
                Message 7 of 14 , Aug 2 11:13 PM
                • 0 Attachment
                  On Sun, 2009-08-02 at 17:04 -0400, Jon wrote:
                  > Clunk Werclick wrote:
                  > >
                  > > ************************
                  > > PRE DNSBL 321
                  > > ........................
                  > > NO PTR 201
                  > > SPOOFING 120
                  > > RELAY ATTEMPTS 0
                  > > BLOCKED OTHER 0
                  > > WHITELISTED 4
                  > > ************************
                  > > BLOCKED DNSBL 287
                  > > ........................
                  > >
                  >
                  > What tools are you using to generate your counts and get your output
                  > presented this way?
                  A dirty little Perl script + cron.
                  --
                  -----------------------------------------------------------
                  C Werclick .Lot
                  Technical incompetent
                  Loyal Order Of The Teapot.

                  This e-mail and its attachments is intended only to be used as an e-mail
                  and an attachment. Any use of it for other purposes other than as an
                  e-mail and an attachment will not be covered by any warranty that may or
                  may not form part of this e-mail and attachment.
                • Willy De la Court
                  ... The logwatch package can do something similar. See example below. I stripped out some sections with sensitive information but you get the idea. ... ******
                  Message 8 of 14 , Aug 2 11:29 PM
                  • 0 Attachment
                    On Sun, 02 Aug 2009 17:04:17 -0400, Jon <jon_k@...> wrote:
                    > Clunk Werclick wrote:
                    >>
                    >> ************************
                    >> PRE DNSBL 321
                    >> ........................
                    >> NO PTR 201
                    >> SPOOFING 120
                    >> RELAY ATTEMPTS 0
                    >> BLOCKED OTHER 0
                    >> WHITELISTED 4
                    >> ************************
                    >> BLOCKED DNSBL 287
                    >> ........................
                    >>
                    >
                    > What tools are you using to generate your counts and get your output
                    > presented this way?

                    The logwatch package can do something similar.

                    See example below. I stripped out some sections with sensitive information
                    but you get the idea.

                    --------------------- Postfix Begin (detail=5) ------------------------

                    ****** Summary
                    *************************************************************************************

                    28.893M Bytes accepted 30,296,112
                    4.471M Bytes sent via SMTP 4,687,715
                    25.310M Bytes delivered 26,538,982
                    ======== ================================================

                    370 Accepted 1.79%
                    20326 Rejected 98.21%
                    -------- ------------------------------------------------
                    20696 Total 100.00%
                    ======== ================================================

                    124 5xx Reject relay denied 0.61%
                    5423 5xx Reject HELO/EHLO 26.68%
                    154 5xx Reject unknown user 0.76%
                    14625 5xx Reject RBL 71.95%
                    -------- ------------------------------------------------
                    20326 Total 5xx Rejects 100.00%
                    ======== ================================================

                    20 4xx Reject HELO/EHLO 2.11%
                    2 4xx Reject unknown user 0.21%
                    102 4xx Reject recipient address 10.75%
                    648 4xx Reject sender address 68.28%
                    158 4xx Reject unknown reverse client host 16.65%
                    19 4xx Reject RBL 2.00%
                    -------- ------------------------------------------------
                    949 Total 4xx Rejects 100.00%
                    ======== ================================================

                    14952 Connections made
                    5149 Connections lost (inbound)
                    14947 Disconnections
                    368 Removed from queue
                    334 Delivered
                    127 Sent via SMTP
                    10 Resent
                    2 Deferred
                    2 Deferrals
                    2 Bounced (remote)
                    2 Notifications sent

                    45 Timeout (inbound)
                    23 Illegal address syntax in SMTP command
                    56 Numeric hostname
                    7 SMTP dialog error
                    106 Excessive errors in SMTP dialog
                    3071 Hostname verification errors
                    1 Hostname validation errors


                    ****** Detail
                    **************************************************************************************

                    124 5xx Reject relay denied
                    -----------------------------------------------------------------
                    20 81.192.186.79 adsl-79-186-192-81.adsl.iam.net.ma
                    20 85.181.161.97 e181161097.adsl.alicedsl.de
                    20 95.110.96.169 g95-110-96-169.broadband.bashtel.ru
                    20 190.48.158.110 unknown
                    20 201.80.36.14 unknown
                    20 202.142.223.169 unknown
                    2 83.36.234.113 113.red-83-36-234.dynamicip.rima-tde.net
                    2 90.176.249.58 58.249.broadband9.iol.cz

                    5423 5xx Reject HELO/EHLO
                    --------------------------------------------------------------------
                    5423 Need fully-qualified hostname

                    154 5xx Reject unknown user
                    -----------------------------------------------------------------
                    154 Virtual mailbox table

                    14625 5xx Reject RBL
                    --------------------------------------------------------------------------
                    7959 bl.spamcop.net
                    6666 zen.spamhaus.org

                    20 4xx Reject HELO/EHLO
                    --------------------------------------------------------------------
                    20 Need fully-qualified hostname

                    2 4xx Reject unknown user
                    -----------------------------------------------------------------
                    2 Virtual mailbox table

                    102 4xx Reject recipient address
                    ------------------------------------------------------------

                    648 4xx Reject sender address
                    ---------------------------------------------------------------
                    648 Domain not found

                    5149 Connections lost (inbound)
                    --------------------------------------------------------------
                    3274 After DATA
                    1532 After RCPT
                    261 After CONNECT
                    26 After MAIL
                    26 After QUIT
                    15 After HELO
                    12 After EHLO
                    2 After UNKNOWN
                    1 After RSET

                    2 Deferrals
                    -------------------------------------------------------------------------------
                    2 4.1.1: Transient failure: Addressing status: Bad
                    destination mailbox address

                    2 Bounced (remote)
                    ------------------------------------------------------------------------
                    2 5.1.1: Permanent failure: Addressing status: Bad
                    destination mailbox address

                    2 Notifications sent
                    ----------------------------------------------------------------------
                    2 Non-delivery

                    45 Timeout (inbound)
                    -----------------------------------------------------------------------
                    16 After CONNECT
                    8 After RCPT
                    7 After DATA
                    7 After MAIL
                    5 After EHLO
                    2 After HELO

                    23 Illegal address syntax in SMTP command
                    --------------------------------------------------
                    23 MAIL

                    56 Numeric hostname
                    ------------------------------------------------------------------------
                    44 Resource data of MX record
                    12 Hostname

                    7 SMTP dialog error
                    -----------------------------------------------------------------------
                    7 Non-SMTP command

                    106 Excessive errors in SMTP dialog
                    ---------------------------------------------------------
                    81 After RCPT
                    25 After DATA

                    3071 Hostname verification errors
                    ------------------------------------------------------------
                    2851 No address associated with hostname
                    220 Address not listed for hostname

                    1 Hostname validation errors
                    --------------------------------------------------------------
                    1 misplaced delimiter: .



                    ======================================================================================================================
                    Delays Percentiles 0% 25% 50% 75%
                    90% 95% 98% 100%

                    ----------------------------------------------------------------------------------------------------------------------
                    1: Pre qmgr 0.000 0.020 0.050 0.250
                    0.542 0.988 1.400 522.000
                    2: In qmgr 0.000 0.000 0.000 0.010
                    0.010 0.010 0.010 0.020
                    3: Connection setup 0.000 0.000 0.000 0.080
                    0.180 0.280 0.487 2.700
                    4: Xmit time 0.010 0.050 0.230 0.570
                    1.200 1.680 3.092 4.300

                    ======================================================================================================================

                    ---------------------- Postfix End -------------------------



                    --
                    Simple things make people happy.
                    Willy De la Court
                    PGP Public Key at http://www.linux-lovers.be/download/public_key.asc
                    PGP Key fingerprint = 784E E18F 7F85 9C7C AC1A D5FB FE08 686C 37C7 A689
                  • Clunk Werclick
                    ... Yes, I use that too - but I like a quick summary on demand. -- ... C Werclick .Lot Technical incompetent Loyal Order Of The Teapot. This e-mail and its
                    Message 9 of 14 , Aug 2 11:45 PM
                    • 0 Attachment
                      On Mon, 2009-08-03 at 08:29 +0200, Willy De la Court wrote:
                      > On Sun, 02 Aug 2009 17:04:17 -0400, Jon <jon_k@...> wrote:
                      > > Clunk Werclick wrote:
                      > >>
                      > >> ************************
                      > >> PRE DNSBL 321
                      > >> ........................
                      > >> NO PTR 201
                      > >> SPOOFING 120
                      > >> RELAY ATTEMPTS 0
                      > >> BLOCKED OTHER 0
                      > >> WHITELISTED 4
                      > >> ************************
                      > >> BLOCKED DNSBL 287
                      > >> ........................
                      > >>
                      > >
                      > > What tools are you using to generate your counts and get your output
                      > > presented this way?
                      >
                      > The logwatch package can do something similar.
                      >
                      > See example below. I stripped out some sections with sensitive information
                      > but you get the idea.
                      >
                      > --------------------- Postfix Begin (detail=5) ------------------------
                      >
                      > ****** Summary
                      > *************************************************************************************
                      >
                      > 28.893M Bytes accepted 30,296,112
                      > 4.471M Bytes sent via SMTP 4,687,715
                      > 25.310M Bytes delivered 26,538,982
                      > ======== ================================================
                      >
                      > 370 Accepted 1.79%
                      > 20326 Rejected 98.21%
                      > -------- ------------------------------------------------
                      > 20696 Total 100.00%
                      > ======== ================================================
                      >
                      > 124 5xx Reject relay denied 0.61%
                      > 5423 5xx Reject HELO/EHLO 26.68%
                      > 154 5xx Reject unknown user 0.76%
                      > 14625 5xx Reject RBL 71.95%
                      > -------- ------------------------------------------------
                      > 20326 Total 5xx Rejects 100.00%
                      > ======== ================================================
                      >
                      > 20 4xx Reject HELO/EHLO 2.11%
                      > 2 4xx Reject unknown user 0.21%
                      > 102 4xx Reject recipient address 10.75%
                      > 648 4xx Reject sender address 68.28%
                      > 158 4xx Reject unknown reverse client host 16.65%
                      > 19 4xx Reject RBL 2.00%
                      > -------- ------------------------------------------------
                      > 949 Total 4xx Rejects 100.00%
                      > ======== ================================================
                      >
                      > 14952 Connections made
                      > 5149 Connections lost (inbound)
                      > 14947 Disconnections
                      > 368 Removed from queue
                      > 334 Delivered
                      > 127 Sent via SMTP
                      > 10 Resent
                      > 2 Deferred
                      > 2 Deferrals
                      > 2 Bounced (remote)
                      > 2 Notifications sent
                      >
                      > 45 Timeout (inbound)
                      > 23 Illegal address syntax in SMTP command
                      > 56 Numeric hostname
                      > 7 SMTP dialog error
                      > 106 Excessive errors in SMTP dialog
                      > 3071 Hostname verification errors
                      > 1 Hostname validation errors
                      >
                      >
                      > ****** Detail
                      > **************************************************************************************
                      >
                      > 124 5xx Reject relay denied
                      > -----------------------------------------------------------------
                      > 20 81.192.186.79 adsl-79-186-192-81.adsl.iam.net.ma
                      > 20 85.181.161.97 e181161097.adsl.alicedsl.de
                      > 20 95.110.96.169 g95-110-96-169.broadband.bashtel.ru
                      > 20 190.48.158.110 unknown
                      > 20 201.80.36.14 unknown
                      > 20 202.142.223.169 unknown
                      > 2 83.36.234.113 113.red-83-36-234.dynamicip.rima-tde.net
                      > 2 90.176.249.58 58.249.broadband9.iol.cz
                      >
                      > 5423 5xx Reject HELO/EHLO
                      > --------------------------------------------------------------------
                      > 5423 Need fully-qualified hostname
                      >
                      > 154 5xx Reject unknown user
                      > -----------------------------------------------------------------
                      > 154 Virtual mailbox table
                      >
                      > 14625 5xx Reject RBL
                      > --------------------------------------------------------------------------
                      > 7959 bl.spamcop.net
                      > 6666 zen.spamhaus.org
                      >
                      > 20 4xx Reject HELO/EHLO
                      > --------------------------------------------------------------------
                      > 20 Need fully-qualified hostname
                      >
                      > 2 4xx Reject unknown user
                      > -----------------------------------------------------------------
                      > 2 Virtual mailbox table
                      >
                      > 102 4xx Reject recipient address
                      > ------------------------------------------------------------
                      >
                      > 648 4xx Reject sender address
                      > ---------------------------------------------------------------
                      > 648 Domain not found
                      >
                      > 5149 Connections lost (inbound)
                      > --------------------------------------------------------------
                      > 3274 After DATA
                      > 1532 After RCPT
                      > 261 After CONNECT
                      > 26 After MAIL
                      > 26 After QUIT
                      > 15 After HELO
                      > 12 After EHLO
                      > 2 After UNKNOWN
                      > 1 After RSET
                      >
                      > 2 Deferrals
                      > -------------------------------------------------------------------------------
                      > 2 4.1.1: Transient failure: Addressing status: Bad
                      > destination mailbox address
                      >
                      > 2 Bounced (remote)
                      > ------------------------------------------------------------------------
                      > 2 5.1.1: Permanent failure: Addressing status: Bad
                      > destination mailbox address
                      >
                      > 2 Notifications sent
                      > ----------------------------------------------------------------------
                      > 2 Non-delivery
                      >
                      > 45 Timeout (inbound)
                      > -----------------------------------------------------------------------
                      > 16 After CONNECT
                      > 8 After RCPT
                      > 7 After DATA
                      > 7 After MAIL
                      > 5 After EHLO
                      > 2 After HELO
                      >
                      > 23 Illegal address syntax in SMTP command
                      > --------------------------------------------------
                      > 23 MAIL
                      >
                      > 56 Numeric hostname
                      > ------------------------------------------------------------------------
                      > 44 Resource data of MX record
                      > 12 Hostname
                      >
                      > 7 SMTP dialog error
                      > -----------------------------------------------------------------------
                      > 7 Non-SMTP command
                      >
                      > 106 Excessive errors in SMTP dialog
                      > ---------------------------------------------------------
                      > 81 After RCPT
                      > 25 After DATA
                      >
                      > 3071 Hostname verification errors
                      > ------------------------------------------------------------
                      > 2851 No address associated with hostname
                      > 220 Address not listed for hostname
                      >
                      > 1 Hostname validation errors
                      > --------------------------------------------------------------
                      > 1 misplaced delimiter: .
                      >
                      >
                      >
                      > ======================================================================================================================
                      > Delays Percentiles 0% 25% 50% 75%
                      > 90% 95% 98% 100%
                      >
                      > ----------------------------------------------------------------------------------------------------------------------
                      > 1: Pre qmgr 0.000 0.020 0.050 0.250
                      > 0.542 0.988 1.400 522.000
                      > 2: In qmgr 0.000 0.000 0.000 0.010
                      > 0.010 0.010 0.010 0.020
                      > 3: Connection setup 0.000 0.000 0.000 0.080
                      > 0.180 0.280 0.487 2.700
                      > 4: Xmit time 0.010 0.050 0.230 0.570
                      > 1.200 1.680 3.092 4.300
                      >
                      > ======================================================================================================================
                      >
                      > ---------------------- Postfix End -------------------------
                      >
                      >
                      Yes, I use that too - but I like a quick summary on demand.

                      --
                      -----------------------------------------------------------
                      C Werclick .Lot
                      Technical incompetent
                      Loyal Order Of The Teapot.

                      This e-mail and its attachments is intended only to be used as an e-mail
                      and an attachment. Any use of it for other purposes other than as an
                      e-mail and an attachment will not be covered by any warranty that may or
                      may not form part of this e-mail and attachment.
                    • Thomas
                      Hey, [..] ... See: You can use the scripts _without_ logwatch and get an instant summary of your mail.log. Cheers,
                      Message 10 of 14 , Aug 2 11:52 PM
                      • 0 Attachment
                        Hey,

                        [..]
                        > Yes, I use that too - but I like a quick summary on demand.
                        See: <http://www.mikecappella.com/logwatch/>
                        You can use the scripts _without_ logwatch and get an instant summary of
                        your mail.log.

                        Cheers,
                        Thomas
                      • Clunk Werclick
                        ... Indeed it does and that is interesting, thank you. My long term goal is to get my Perl to log, in single line; DATE/TIME INBOUND/OUTBOUND TO FROM SUBJECT
                        Message 11 of 14 , Aug 3 12:09 AM
                        • 0 Attachment
                          On Mon, 2009-08-03 at 16:52 +1000, Thomas wrote:
                          > Hey,
                          >
                          > [..]
                          > > Yes, I use that too - but I like a quick summary on demand.
                          > See: <http://www.mikecappella.com/logwatch/>
                          > You can use the scripts _without_ logwatch and get an instant summary of
                          > your mail.log.
                          >
                          > Cheers,
                          > Thomas
                          Indeed it does and that is interesting, thank you. My long term goal is
                          to get my Perl to log, in single line;

                          DATE/TIME INBOUND/OUTBOUND TO FROM SUBJECT SPAM SCORE IP

                          That is what I really would like to be able to do - but so far I do not
                          find a way that is easy or straightforward to bring all of this
                          information together in a single 'delivered' log. Rejected or dropped
                          mail is straightforward, but delivered mail seems to be harder to cobble
                          something together to give it, how do you say, 'the inside leg
                          measurements' ?

                          --
                          -----------------------------------------------------------
                          C Werclick .Lot
                          Technical incompetent
                          Loyal Order Of The Teapot.

                          This e-mail and its attachments is intended only to be used as an e-mail
                          and an attachment. Any use of it for other purposes other than as an
                          e-mail and an attachment will not be covered by any warranty that may or
                          may not form part of this e-mail and attachment.
                        Your message has been successfully submitted and would be delivered to recipients shortly.