Hi All,
I'm beginning to add better log analysis for postscreen logging to
pflogsumm.
First of all: Here's the list of postscreen status messages I have:
BLACKLISTED
COMMAND COUNT LIMIT from
COMMAND LENGTH LIMIT from
COMMAND PIPELINING from
COMMAND TIME LIMIT from
CONNECT
DISCONNECT
DNSBL rank ... for
DROP
HANGUP after ... in tests (before|after) SMTP handshake
NON-SMTP COMMAND from
NOQUEUE: reject: CONNECT from ... all server ports busy
NOQUEUE: reject: CONNECT from ... too many connections
PREGREET ... after ... from
reject: connect from ... all screening ports busy
reject: RCPT from
Is this all of them?
Secondly: Does the occurrence of any of them, following a CONNECT
message, imply the connection has been dropped by postscreen? (Need to
know this for the purpose of determining connection times.)
Lastly: Of the list above I have samples for all except:
COMMAND LENGTH LIMIT from
DROP
NOQUEUE: reject: CONNECT from .+ all server ports busy
reject: connect from .+ all screening ports busy
If anybody has any log data they'd be willing to share with me
(complete stanzas, connect through disconnect, only, please), I'd
surely appreciate them.
My policy regarding log data (from the pflogsumm FAQ):
25. Sending Logfile Samples
Here's the deal with whatever you may send me in the way of
log samples:
. Obfuscate them if you want. But take care not alter
them in such a manner that they're not accurate wrt the
"realism" of the data, make sure the field formatting
is not altered, and that the order of the log entries
is not altered.
. The world is an unsafe place for your data, no matter
where it might reside. But I'll do my level best to
ensure that your data does not fall into the hands
of others.
. If you want, I'll PGP-encrypt the data when it's not in
use.
. You can PGP-encrypt it when you send it to me if you're
concerned. My PGP public key can be found on my Web
site and at the PGP public key servers.
. If you want, I'll delete the sample data when the work
is done. But I would *like* to keep it around for
future regression-testing. It's your call. Let me
know.
The best way to get them to me is to upload them into the "incoming"
directory on my FTP server. Files uploaded there are anonymous. They
cannot be listed or downloaded by anybody. They *can* be
over-written, though, so use a unique filename.
Thanks In Advance,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
