****Re: cut off by spamhaus free use?

Wed Dec 5 21:50:16 GMT 2007

on 12/4/2007 5:44 PM Craig White spake the following:
> On Tue, 2007-12-04 at 20:26 -0500, Denis Beauchemin wrote:
>> Jeff Mills a Ã©crit :
>>>  
>>>   
>>>> If you can provide me with sample RBL blocks in Postfix, I'm 
>>>> sure I could make it work for you in no time.  Same for Exim 
>>>> if I get log entries.
>>>>
>>>> Denis
>>>>
>>>>     
>>> Debnis,
>>>
>>> Here are a couple of examples.
>>> If you need more, I can send.
>>>
>>>
>>> Dec  5 10:19:02 proxy2 postfix/smtpd[4526]: NOQUEUE: reject: RCPT from unknown[200.181.195.102]: 554 5.7.1 Service unavailable; Client host [200.181.195.102] blocked using cbl.abuseat.org; Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.181.195.102; from=<najib.Lockerby at chatanet.co.uk> to=<user at mydomain.com> proto=ESMTP helo=<201-40-92-107.cscgo701.dsl.brasiltelecom.net.br>
>>>
>>> Dec  5 10:18:46 proxy2 postfix/smtpd[5730]: NOQUEUE: reject: RCPT from 201-42-168-44.dsl.telesp.net.br[201.42.168.44]: 554 5.7.1 Service unavailable; Client host [201.42.168.44] blocked using list.dsbl.org; http://dsbl.org/listing?201.42.168.44; from=<agent at hush.com> to=<user at mydomain.com> proto=SMTP helo=<201-42-168-44.dsl.telesp.net.br>
>>>   
>> Jeff,
>>
>> The included version can catch your log lines AND my sendmail ones.
>>
>> Denis
>>
>> #!/bin/bash
>> #
>> # Script qui liste toutes les sources des RBL qui ont bloque au moins
>> # un message dans le fichier de log parcouru.
>> #
>> # DB
>>
>> if [[ -n "$1" ]]; then
>>     file="$1"
>> else
>>     file="/var/log/maillog"
>> fi
>> if [[ $file == ${file%.gz} ]]; then
>>     cmd="cat $file"
>> else
>>     cmd="zcat $file"
>> fi
>> # Postfix: Client host [200.181.195.102] blocked using cbl.abuseat.org;
>> # Sendmail: reject=554
>> $cmd | LANG=C egrep "reject=554| blocked using " | perl -ne '
>>   $h{$1}++ if /found in (.*?)\s*$/;
>>   $h{$1}++ if /Client host .*? blocked using (.*?);/;
>>   END{
>>     for $i (sort keys %h){
>>         $t += $h{$i};
>>     }
>>     for $i (sort keys %h){
>>         printf "%25s : %6d (%3d %%)\n", $i, $h{$i}, $h{$i}*100/$t;
>>     }
>>     printf "%25s : %d\n", "*** Total blocked conns", $t;
>>   }'
> ----
> yup - that worked for me (postfix)
> 
>           cbl.abuseat.org :   2241 ( 53 %)
>             list.dsbl.org :     84 (  1 %)
>          pbl.spamhaus.org :   1880 ( 44 %)
>          sbl.spamhaus.org :      4 (  0 %)
>   *** Total blocked conns : 4209
> 
> This whole thread has been useful, I'm obviously going to take another
> look at rbl's now.
> 
> Thanks
> 
> Craig
> 
I'm still playing with the regex's to match my log lines.
Time to do some reading.
-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!