Re: pflogsum don't count postscreen rejects

Fri, 29 Aug 2014 14:10:51 -0700

OK. postscreen logs are now parsed in the ELSE project. Made it according log examples provided in http://www.postfix.org/POSTSCREEN_README.html document. However there are some tiny differences between what's written in this document and the log format generated by my postfix 2.10.0-1.el6.x86_64 servers.
Also, I've observed that the NOQUEUE rejects log lines generated by postscreen are slightly different than the ones made by smtpd: I mean fields are the same (almost), but format is different (fields separated by comas for postscreen, instead of spaces for smtpd). Maybe recent versions of Postfix have the same logging format, or would it be possible to get the same one between both daemons (for ease of parser coding even if it's trivial)? An example: 

With postscreen:


2014-08-29T22:27:21.065488+02:00 smtp3 postfix/postscreen[17893]: 
NOQUEUE: reject: RCPT from [94.83.155.**]:25903: 550 5.7.1 Service 
unavailable; client [94.83.155.**] blocked using zen.spamhaus.org; 
from=<********@business.********>, to=<**********@*****.***>, 
proto=ESMTP, helo=<**********-static.83-94-b.business.***********.it>


With smtpd:


2014-08-29T22:03:37.177145+02:00 smtp3 postfix/smtpd[17837]: NOQUEUE: 
reject: RCPT from webmail.**********.org[213.30.156.**]: 450 4.7.1 
<**************@*********.***>: Recipient address rejected: Greylisting 
in action by GreyLSE v 0.9.18. Please come back later.; 
from=<**********@********.**> to=<**************@*********.***> 
proto=ESMTP helo=<mailhost.**********.org>




Any way, after one hour of data gathering, here below is a first sample 
of statistics given by a simple SQL request ran over 2 INCOMING Postfix 
servers:


 type_id |   type   | nb
---------+----------+----
       1 | DNSBL    | 93
       4 | PASS OLD |  7
       2 | PREGREET |  6
       3 | HANGUP   |  6
       5 | PASS NEW |  1

It's just incredible the number of emails dropped by DNSBL!!

Regards,
Nicolas HAHN

Le 29/08/2014 08:40, Nicolas HAHN a écrit :

Hello there,


I'll also take any material or log file snippet provided about 
postscreen to implement a parser in the ELSE project, and generate any 
usefull stats.


Regards,
Nicolas HAHN



Le 29/08/2014 01:57, Jim Seymour a écrit :

On Mon, 25 Aug 2014 16:12:12 +0200
"li...@rhsoft.net" <li...@rhsoft.net> wrote:


Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject:
RCPT from [119.75.11.68]:53210: 550 5.7.1 Service unavailable;
client [119.75.11.68] blocked using *****; from=<****>,
to=<mik...@outlook.it>, proto=ESMTP, helo=<jchzfsrgvu>

pflogsumm don't count postscreen RBL rejects
already using pflogsumm-1.1.5.tar.gz Beta

sadly mailgraph and logwatch also hide them :-(


Send me a log file snippet big enough to generate meaningful stats
and I'll look at adding it.

I haven't used postscreen, yet, so I haven't the data.  (Nor,
that being the case, have I seen the need.)

I've got some other things people have sent me I need to look to.  I
suppose it's about time pflogsumm got some attention.

Regards,
Jim





<<attachment: hahnn.vcf>>






















					Reply via email to