Am 21.05.2011 02:45, schrieb pf at alt-ctrl-del.org: > >>>>> Datum: Sat, 21 May 2011 00:57:23 +0200 >>>>> Von: Reindl Harald<h.rei...@thelounge.net> >>>>> Organisation: the lounge interactive design >>>>> An: Mailing-List postfix<postfix-users@postfix.org> >>>>> >>>>> i need a little help >>>>> >>>>> the following line should filter spam to ivalid rcpt works fine, see >>>>> first log-message, but is there any way to exclude lines that also >>>>> contains "too large" to see them in the messagelog (2nd line)? >>>>> >>>>> :msg, contains, "RCPT from unknown[10.0.0.20]" ~ >>>> No, it matches mail from a specific local IP without fcrdns hostname. >>>> It says nothing about spam. >>> It does because this is a spam-firewall-appliance with FQRDNS delivering >>> to an explicit port without dns lookups, i search a way to filter only >>> "unknown in local recipient table" with rsyslog BUT ONLY if the sender >>> is 10.0.0.20 because it spams the log in a way you see no real problems >>> >>> but if have no idea if and how a logical and here is possible >>> >>>>> May 21 00:47:23 mail postfix/smtpd[2005]: >>>>> NOQUEUE: reject: RCPT from unknown[10.0.0.20]: >>>>> 550 5.1.1<inva...@example.com>: Recipient address rejected: >>>>> User unknown in local recipient table; >>>>> >>>>> from=<postmas...@barracudanetworks.com> to=<inva...@example.com> >>>>> May 21 00:42:20 mail postfix/smtpd[2005]: >>>>> NOQUEUE: reject: RCPT from unknown[10.0.0.20]: >>>>> 552 5.7.1<va...@example.com>: Recipient address rejected: >>>>> Message too large, recipient va...@example.com would exceed size limits >>>>> at this time; >>>>> from=<postmas...@barracudanetworks.com> to=<va...@example.com >> If all your incoming mail is scanned by the machine on that IP, why does it >> matter that it comes from that IP ? >> > > :msg, regex, "10.0.0.20.*User unknown" ~
GREAT - THANK YOU
signature.asc
Description: OpenPGP digital signature
