On 8/17/09 12:43 PM, Michael Orlitzky wrote:
LuKreme wrote:
I looked at the various rejections for the last 31 days, and I noticed
that my unknown/HELO is very very high and my RBL is very very low.
5xx Reject relay denied 0.08%
5xx Reject HELO/EHLO 45.97%
5xx Reject DATA 0.01%
5xx Reject unknown user 47.47%
5xx Reject recipient address 0.00%
5xx Reject sender address 0.11%
5xx Reject client host 1.07%
5xx Reject RBL 5.29%
5xx Reject header 0.01%
--------------------------------------------------
Total 5xx Rejects 100.00%
looking at some other stats I've been able to find, I am seeing
numbers more like 20/1/70 where I have 46/47/5
What version of postfix-logwatch is this? A quick check of the ChangeLog
suggests that versions prior to 2007-02-14 might not distinguish
warn_if_reject messages from true reject messages.
The "5xx Reject" format of the output above was implemented in version
1.36.13pre5:
2007-11-14 (version: 1.36.13pre5)
- New: Rejects can now be categorized by reject reply code. A new
option/variable "reject_reply_patterns" is a list of reject reply
code regular expressions, which are used for categorizing rejects.
This feature allows, for example, distinguishing 421 transmission
channel closes from 45x errors. (eg. 450 mailbox unavailable, 451
local processing errors, 452 insufficient storage). The default
list is: "5.. 4.. Warn" which creates three groups of rejects:
permanent rejects, temporary failures, and reject warnings (as in
warn_if_reject). Requested by: Noel Jones
so there is no doubt that warn_if_reject's would appear in a separate
section (as would 4xx temp rejects, also not shown).
Since you include,
warn_if_reject reject_unknown_client_hostname
The OP didn't show any Warn Reject sections, so we can't infer when any
warn_if_reject was appended to reject_unknown_client_hostname. All we
can infer is that there were some 5xx reject_unknown_client_hostname's
in the log for the period analyzed.
in your smtpd_recipient_restrictions, that could explain the difference
you're seeing.
If the OPs question was about why the apparent discrepancy between
postfix-logwatch and the "other stats" generated from the unmentioned
stats tools, who can say without more data. Perhaps a representative
sample of log lines and direct comparison against the other tools would
help clarify any confusion.
--
Mike
