On Sun, Mar 13, 2011 at 11:01 AM, Ralf Hildebrandt
<ralf.hildebra...@charite.de> wrote:
> * Larry Vaden <va...@texoma.net>:
>> Hello postfix-users,
>>
>> For a selected time period today, the postfix/postscreen DNSBL rank
>> log entries are summarized as:
>
> By which tool?
Hi Ralf,
Sorry about the subject line; I hit the send key before I should
have, of course.
grep "postfix/postscreen.*DNSBL rank" /var/log/maillog | awk '{print
$6" "$7" "$8}' | sort | uniq -c
>> 1744 DNSBL rank 2
>> 12458 DNSBL rank 3
>> 5113 DNSBL rank 4
>> 1099 DNSBL rank 5
>> 1 DNSBL rank 7
>>
>> Q1: Given the postscreen invocation in main.cf below the sig, what is
>> the meaning of DNSBL rank 7?
>
> Please find the corresponding log line, so we can check this.
This is the one on which this query was filed:
[root@mx4 ~]# zcat /var/log/maillog.1.gz | grep "DNSBL rank 7"
Mar 12 00:33:35 mx4 postfix/postscreen[2698]: DNSBL rank 7 for
[190.232.251.197]:19890
Here's a fresh one on today's business:
[root@mx4 ~]# grep -i "DNSBL rank 6" /var/log/maillog
Mar 13 10:53:51 mx4 postfix/postscreen[2698]: DNSBL rank 6 for
[151.56.102.63]:19289
>> Further, "blocked using" is summarized as follows:
>>
>> 54.6% blocked using b.barracudacentral.org;
>> 12.1% blocked using bl.spamcop.net;
>> 3.8% blocked using spamtrap.trblspam.com;
>> 29.5% blocked using zen.spamhaus.org;
>>
>> Q2: Is a "blocked using" entry written for each DNSBL for which there
>> is a hit? If not, how is it determined which DNSBL will get credit?
>
> That depends on the tool summarizing the log.
My question relates to the raw postfix log file; to be clearer,
s/written/written by postfix/g. In other words, without a tool.
>> postscreen_dnsbl_threshold = 2
>> postscreen_dnsbl_sites = zen.spamhaus.org*2
>> bl.spamcop.net*1 b.barracudacentral.org*1 spamtrap.trblspam.com*1
>
> That should add up to a maximum of 5 unless a client IP can be listed
> multiple times in one dnsbl (?)
Yes, so the 6s and 7s are interesting and the basis for this query.
I would like to thank the author of postscreen --- who was that?
In order to decrease the load on the DNSBLs, is it possible to ask for
consideration of adding as options some of the checks that can be done
before DNSBL checks? The one that comes to mind immediately is for a
missing rDNS.
> --
> Ralf Hildebrandt
> Geschäftsbereich IT | Abteilung Netzwerk
> Charité - Universitätsmedizin Berlin
> Campus Benjamin Franklin
> Hindenburgdamm 30 | D-12203 Berlin
> Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
> ralf.hildebra...@charite.de | http://www.charite.de
kind regards/ldv
--
Larry Vaden, CoFounder
Internet Texoma, Inc.
Serving Rural Texomaland Since 1995
We Care About Your Connection!
