****Re: ****Re: cut off by spamhaus free use?

[Craig White]

On Tue, 2007-12-04 at 21:11 -0500, Denis Beauchemin wrote:
> Craig White a écrit :
> > On Tue, 2007-12-04 at 20:26 -0500, Denis Beauchemin wrote:
> >   
> >> Jeff Mills a écrit :
> >>     
> >>>  
> >>>   
> >>>       
> >>>> If you can provide me with sample RBL blocks in Postfix, I'm 
> >>>> sure I could make it work for you in no time.  Same for Exim 
> >>>> if I get log entries.
> >>>>
> >>>> Denis
> >>>>
> >>>>     
> >>>>         
> >>> Debnis,
> >>>
> >>> Here are a couple of examples.
> >>> If you need more, I can send.
> >>>
> >>>
> >>> Dec  5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from=<najib.Lockerby at chatanet.co.uk> to=<user at mydomain.com> proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br>
> >>>
> >>> Dec  5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from=<agent at hush.com> to=<user at mydomain.com> proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br>
> >>>   
> >>>       
> >> Jeff,
> >>
> >> The included version can catch your log lines AND my sendmail ones.
> >>
> >> Denis
> >>
> >> #!/bin/bash
> >> #
> >> # Script qui liste toutes les sources des RBL qui ont bloque au moins
> >> # un message dans le fichier de log parcouru.
> >> #
> >> # DB
> >>
> >> if [[ -n "$1" ]]; then
> >>     file="$1"
> >> else
> >>     file="/var/log/maillog"
> >> fi
> >> if [[ $file == ${file%.gz} ]]; then
> >>     cmd="cat $file"
> >> else
> >>     cmd="zcat $file"
> >> fi
> >> # Postfix: Client host [200.181.195.102] blocked using cbl.abuseat.org;
> >> # Sendmail: reject=554
> >> $cmd | LANG=C egrep "reject=554| blocked using " | perl -ne '
> >>   $h{$1}++ if /found in (.*?)\s*$/;
> >>   $h{$1}++ if /Client host .*? blocked using (.*?);/;
> >>   END{
> >>     for $i (sort keys %h){
> >>         $t += $h{$i};
> >>     }
> >>     for $i (sort keys %h){
> >>         printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t;
> >>     }
> >>     printf "%25s : %d\n", "*** Total blocked conns", $t;
> >>   }'
> >>     
> > ----
> > yup - that worked for me (postfix)
> >
> >           cbl.abuseat.org :   2241 ( 53 %)
> >             list.dsbl.org :     84 (  1 %)
> >          pbl.spamhaus.org :   1880 ( 44 %)
> >          sbl.spamhaus.org :      4 (  0 %)
> >   *** Total blocked conns : 4209
> >
> > This whole thread has been useful, I'm obviously going to take another
> > look at rbl's now.
> >
> > Thanks
> >
> > Craig
> >
> >   
> Glad I could help others.
> 
> If you want a nicer output, change the last printf for:
> 
>     printf "%25s : %6d\n", "*** Total blocked conns", $t;
> 
> And if you happen to have numbers in tens of millions, change both %6d 
> to %7d or %8d to accomodate bigger numbers.
----
of course by the time you need %8d, you're already cut-off by zenhaus

;-)

Craig