Datum: Sat, 21 May 2011 00:57:23 +0200
Von: Reindl Harald<h.rei...@thelounge.net>
Organisation: the lounge interactive design
An: Mailing-List postfix<postfix-users@postfix.org>
i need a little help
the following line should filter spam to ivalid rcpt works fine, see
first log-message, but is there any way to exclude lines that also
contains "too large" to see them in the messagelog (2nd line)?
:msg, contains, "RCPT from unknown[10.0.0.20]" ~
No, it matches mail from a specific local IP without fcrdns hostname.
It says nothing about spam.
It does because this is a spam-firewall-appliance with FQRDNS delivering
to an explicit port without dns lookups, i search a way to filter only
"unknown in local recipient table" with rsyslog BUT ONLY if the sender
is 10.0.0.20 because it spams the log in a way you see no real problems
but if have no idea if and how a logical and here is possible
May 21 00:47:23 mail postfix/smtpd[2005]:
NOQUEUE: reject: RCPT from unknown[10.0.0.20]:
550 5.1.1<inva...@example.com>: Recipient address rejected:
User unknown in local recipient table;
from=<postmas...@barracudanetworks.com> to=<inva...@example.com>
May 21 00:42:20 mail postfix/smtpd[2005]:
NOQUEUE: reject: RCPT from unknown[10.0.0.20]:
552 5.7.1<va...@example.com>: Recipient address rejected:
Message too large, recipient va...@example.com would exceed size limits at this
time;
from=<postmas...@barracudanetworks.com> to=<va...@example.com
If all your incoming mail is scanned by the machine on that IP, why does
it matter that it comes from that IP ?
:msg, regex, "10.0.0.20.*User unknown" ~
