Loading ...
Sorry, an error occurred while loading the content.

if postscreen blacklists an ip I'd like a to run a script

Expand Messages
  • Han Boetes
    Hi, I m using OpenBSD spamd before postscreen. I scripted a log tailing script which checks any new connection to a few rbls and if it s not on them I
    Message 1 of 9 , Nov 1, 2012
    • 0 Attachment
      Hi,

      I'm using OpenBSD spamd before postscreen. I scripted a log tailing script which checks any new connection to a few rbls and if it's not on them I whitelist the ip, bypassing further greyfiltering.

      After that postscreen gets to deal with whatever comes next. Now incase postscreen decides that the ip is a zombie it's being blacklisted by postscreen. In that case I'd like to hand the ip back to OpenBSD spamd.

      This can be done in various ways of course. I could script analysing the maillog, I could script checking the postscreen database or maybe postscreen could execute the command to blacklist the zombie.

      I think I prefer the last option since it's the most direct. How can I set that up?



      # Han

    • Wietse Venema
      ... Good luck with that. I would not invest development time for such a rare use case. Wietse
      Message 2 of 9 , Nov 1, 2012
      • 0 Attachment
        Han Boetes:
        > After that postscreen gets to deal with whatever comes next. Now incase
        > postscreen decides that the ip is a zombie it's being blacklisted by
        > postscreen. In that case I'd like to hand the ip back to OpenBSD spamd.

        Good luck with that. I would not invest development time for such
        a rare use case.

        Wietse
      • Jamie Paul Griffin
        / Wietse Venema wrote on Thu 1.Nov 12 at 7:48:44 -0400 / ... I use OpenBSD and decided to use either spamd or postscreen not both, since they do pretty much
        Message 3 of 9 , Nov 1, 2012
        • 0 Attachment
          / Wietse Venema wrote on Thu 1.Nov'12 at 7:48:44 -0400 /

          > Han Boetes:
          > > After that postscreen gets to deal with whatever comes next. Now incase
          > > postscreen decides that the ip is a zombie it's being blacklisted by
          > > postscreen. In that case I'd like to hand the ip back to OpenBSD spamd.
          >
          > Good luck with that. I would not invest development time for such
          > a rare use case.
          >
          > Wietse

          I use OpenBSD and decided to use either spamd or postscreen not both, since they do pretty much the same thing. I would just use postscreen TBH if you're using postfix. I think spamd is best used with sendmail in the OpenBSD base installation since it lacks a postscreen-type feature.
        • Han Boetes
          I think you have a point there. Let s see what happens. Maybe later on I will use spamd to annoy the zombies found by postscreen. To keep the logfiles clean
          Message 4 of 9 , Nov 1, 2012
          • 0 Attachment
            I think you have a point there. Let's see what happens. Maybe later on I will use spamd to annoy the zombies found by postscreen. To keep the logfiles clean and for sadistic reasons. ;-)

            BTW  how can I read this dbase?

            ~% postmap -s btree:/var/spool/postfix/postscreen/db
            1.2.3.4  1351857604;1351774804;1354363204;1354363204;1354363204;0
            1.2.3.5    1351782475;1351699675;1354288075;1354288075;1354288075;0
            1.2.3.6   1351718020;1351643615;1354223620;1354223620;1354223620;0
            _LAST_CACHE_CLEANUP_COMPLETED_  1351766276

            The long numbers are epoch dates, the 0 at the end is?




            On Thu, Nov 1, 2012 at 1:13 PM, Jamie Paul Griffin <jamie@...> wrote:
            / Wietse Venema wrote on Thu  1.Nov'12 at  7:48:44 -0400 /

            > Han Boetes:
            > > After that postscreen gets to deal with whatever comes next. Now incase
            > > postscreen decides that the ip is a zombie it's being blacklisted by
            > > postscreen. In that case I'd like to hand the ip back to OpenBSD spamd.
            >
            > Good luck with that. I would not invest development time for such
            > a rare use case.
            >
            >       Wietse

            I use OpenBSD and decided to use either spamd or postscreen not both, since they do pretty much the same thing. I would just use postscreen TBH if you're using postfix. I think spamd is best used with sendmail in the OpenBSD base installation since it lacks a postscreen-type feature.



            --



            # Han
          • Noel Jones
            ... The internal postscreen database is intentionally not documented, and may change without warning. If you re curious about what the fields are, read the
            Message 5 of 9 , Nov 1, 2012
            • 0 Attachment
              On 11/1/2012 8:55 AM, Han Boetes wrote:
              > I think you have a point there. Let's see what happens. Maybe later
              > on I will use spamd to annoy the zombies found by postscreen. To
              > keep the logfiles clean and for sadistic reasons. ;-)
              >
              > BTW how can I read this dbase?
              >
              > ~% postmap -s btree:/var/spool/postfix/postscreen/db
              > 1.2.3.4 1351857604;1351774804;1354363204;1354363204;1354363204;0
              > 1.2.3.5 1351782475;1351699675;1354288075;1354288075;1354288075;0
              > 1.2.3.6 1351718020;1351643615;1354223620;1354223620;1354223620;0
              > _LAST_CACHE_CLEANUP_COMPLETED_ 1351766276

              The internal postscreen database is intentionally not documented,
              and may change without warning.

              If you're curious about what the fields are, read the source code.
              That's about all the help you'll get on this.



              -- Noel Jones
            • Wietse Venema
              ... This correct. Postfix maintains forward and backward compatibility with great effort, but this effort is limited to what is promised by the documentation.
              Message 6 of 9 , Nov 1, 2012
              • 0 Attachment
                Noel Jones:
                > On 11/1/2012 8:55 AM, Han Boetes wrote:
                > > I think you have a point there. Let's see what happens. Maybe later
                > > on I will use spamd to annoy the zombies found by postscreen. To
                > > keep the logfiles clean and for sadistic reasons. ;-)
                > >
                > > BTW how can I read this dbase?
                > >
                > > ~% postmap -s btree:/var/spool/postfix/postscreen/db
                > > 1.2.3.4 1351857604;1351774804;1354363204;1354363204;1354363204;0
                > > 1.2.3.5 1351782475;1351699675;1354288075;1354288075;1354288075;0
                > > 1.2.3.6 1351718020;1351643615;1354223620;1354223620;1354223620;0
                > > _LAST_CACHE_CLEANUP_COMPLETED_ 1351766276
                >
                > The internal postscreen database is intentionally not documented,
                > and may change without warning.
                >
                > If you're curious about what the fields are, read the source code.
                > That's about all the help you'll get on this.

                This correct. Postfix maintains forward and backward compatibility
                with great effort, but this effort is limited to what is promised
                by the documentation.

                Undocumented details WILL CHANGE without notice, without compatibility
                safety nets, and without hand-holding.

                Wietse
              • Han Boetes
                I look with great fright upon the day that the format of that dbase will change. The mailflow on my private server will be completely undone! Anyway. No
                Message 7 of 9 , Nov 1, 2012
                • 0 Attachment
                  I look with great fright upon the day that the format of that dbase will change. The mailflow on my private server will be completely undone!

                  Anyway. No worries, I'll check the code and see what I can come up with.

                  It's just my silly wish to torture spambots a bit.


                  On Fri, Nov 2, 2012 at 12:27 AM, Wietse Venema <wietse@...> wrote:
                  Noel Jones:
                  > On 11/1/2012 8:55 AM, Han Boetes wrote:
                  > > I think you have a point there. Let's see what happens. Maybe later
                  > > on I will use spamd to annoy the zombies found by postscreen. To
                  > > keep the logfiles clean and for sadistic reasons. ;-)
                  > >
                  > > BTW  how can I read this dbase?
                  > >
                  > > ~% postmap -s btree:/var/spool/postfix/postscreen/db
                  > > 1.2.3.4  1351857604;1351774804;1354363204;1354363204;1354363204;0
                  > > 1.2.3.5    1351782475;1351699675;1354288075;1354288075;1354288075;0
                  > > 1.2.3.6   1351718020;1351643615;1354223620;1354223620;1354223620;0
                  > > _LAST_CACHE_CLEANUP_COMPLETED_  1351766276
                  >
                  > The internal postscreen database is intentionally not documented,
                  > and may change without warning.
                  >
                  > If you're curious about what the fields are, read the source code.
                  > That's about all the help you'll get on this.

                  This correct. Postfix maintains forward and backward compatibility
                  with great effort, but this effort is limited to what is promised
                  by the documentation.

                  Undocumented details WILL CHANGE without notice, without compatibility
                  safety nets, and without hand-holding.

                          Wietse



                  --



                  # Han
                • Jamie Paul Griffin
                  / Han Boetes wrote on Fri 2.Nov 12 at 6:08:20 +0100 / ... Just focus on keeping a secure well configured network then you won t need to bother with torturing
                  Message 8 of 9 , Nov 2, 2012
                  • 0 Attachment
                    / Han Boetes wrote on Fri 2.Nov'12 at 6:08:20 +0100 /

                    > I look with great fright upon the day that the format of that dbase will
                    > change. The mailflow on my private server will be completely undone!
                    >
                    > Anyway. No worries, I'll check the code and see what I can come up with.
                    >
                    > It's just my silly wish to torture spambots a bit.

                    Just focus on keeping a secure well configured network then you won't need to bother with torturing spambots. That time could be put to much better use i'm sure.
                  • Wietse Venema
                    ... Well that is your mistake, not mine. Wietse
                    Message 9 of 9 , Nov 2, 2012
                    • 0 Attachment
                      Han Boetes:
                      > I look with great fright upon the day that the format of that dbase will
                      > change. The mailflow on my private server will be completely undone!

                      Well that is your mistake, not mine.

                      Wietse
                    Your message has been successfully submitted and would be delivered to recipients shortly.