postfix + spamassassin

Miroslav Lachman 000.fbsd at quip.cz
Tue Apr 29 23:37:43 CEST 2008


Jan Stary wrote:
> On Apr 29 16:29:45, Miroslav Lachman wrote:
> 
>>Marian Cerny wrote:
>>
>>
>>>On 2008-04-29 15:38 +0200, Ciernik Tomas wrote:
>>>
>>>>Pri pouziti reject_non_fqdn_helo_hostname treba byt opatrny - napriklad taky
>>>>MS Outlook pouzije ako helo len nazov pocitaca, nie jeho domenu, takze na 
>>>>zaklade tohto pravidla sa s nim postfix odmietne bavit.
>>>
>>>Pre uzivatelov tam mam permit_sasl_authenticated, takze to by nemuselo
>>>vadit, ze odmieta len nazov pocitaca. Ja osobne to
>>>reject_non_fqdn_helo_hostname ale nepouzivam. Myslim, ze som to tam
>>>nedal preto, ze to podla RFC helo nemusi byt FQDN, aj ked to si niesom
>>>isty... zaoberal som sa tym uz davno.
>>
>>Presne tak, pri pouziti permit_sasl_authenticated to uzivatele pusti, at 
>>ma HELO jakekoliv, tudiz to zadnym Outlookum problemy nezpusobi.
>>Co jsem se dival po netu,
> 
> 
> (ehm)
> 
> 
>>tak prave RFC to FQDN vyzaduje.
> 
> 
> Nevyzaduje:
> 
>         These commands are used to identify the SMTP client to the
>         SMTP server.  The argument field contains the fully-qualified
>         domain name of the SMTP client if one is available.  In
>         situations in which the SMTP client system does not have a
>         meaningful domain name (e.g., when its address is dynamically
>         allocated and no reverse mapping record is available), the
>         client SHOULD send an address literal (see section 4.1.3),
>         optionally followed by information that will help to identify
>         the client system.
> 
> 
>>Alespon dle 
>>citaci z nekolika webu (to konkretni RFC jsem ted neprohledaval, lenost 
>>je hrozna)
>>"...parametr za HELO/EHLO bylo plně přeložitelné hostname (FQDN). Tuto 
>>podmínku v SMTP protokolu popisuje RFC dokument 1123 sekce 5.2.5, RFC 
>>821 sekce 4.1.1 a dále ještě RFC 2821."
> 
> 
> http://www.ietf.org/rfc/rfc2821.txt
> 
>         obsoletes RFC 821, RFC 974, and updates RFC 1123
>         (replaces the mail transport materials of RFC 1123).

Dobra, vyklad at si udela kazdy po svem, pro me je dulezity funkcni 
vysledek :)

rfc2821
2.3.5 Domain

    The domain name, as described in this document and in [22], is the
    entire, fully-qualified name (often referred to as an "FQDN").  A
    domain name that is not in FQDN form is no more than a local alias.
    Local aliases MUST NOT appear in any SMTP transaction.

3.2 Client Initiation

    In the EHLO command the host sending the command identifies itself;
    the command may be interpreted as saying "Hello, I am <domain>" (and,
    in the case of EHLO, "and I support service extension requests").

4.1.1.1  Extended HELLO (EHLO) or HELLO (HELO)
    Syntax:
       ehlo            = "EHLO" SP Domain CRLF
       helo            = "HELO" SP Domain CRLF

4.1.3 Address Literals
    To bypass this barrier a special literal form
    of the address is allowed as an alternative to a domain name.  For
    IPv4 addresses, this form uses four small decimal integers separated
    by dots and enclosed by brackets such as [123.255.37.2], which
    indicates an (IPv4) Internet Address in sequence-of-octets form.

Pokud k tomu pridam i popis z manualu Postfixu:
reject_non_fqdn_helo_hostname
     Reject the request when the HELO or EHLO hostname is not in 
fully-qualified domain form, as required by the RFC.

reject_non_fqdn_sender
     Reject the request when the MAIL FROM address is not in 
fully-qualified domain form, as required by the RFC.

reject_non_fqdn_recipient
     Reject the request when the RCPT TO address is not in 
fully-qualified domain form, as required by the RFC.

Tak si troufnu klidne na tom "tvrdosijne trvat" a toho, kdo to 
neposkytne, odmitnout. Ostatne na netu jsou i daleko prisnejsi 
mailservery, co vyzaduji pro EHLO / HELO hostname i existujici A / PTR 
zaznamy a kdo vi co vsechno.

>>Greylisted:              0
>>RBL blocked:             0
>>bad HELO blocked:        4740
>>user unknown:            7118
>>SPAM clean:              695
>>SPAM spammy:             380
>>SPAM quarantine:         0
>>SPAM blocked:            2609
>>delivered (local):       1794
>>queued (to remote):      1377
>>pop3ssl login:           1271
>>pop3 login:              2500
>>imapssl login:           186
>>imap login:              191
> 
> 
> Takove logy bych chtel; co je vyrabi?

Takovou statistiku vyrabim ja, pomerne jednoduchym awk scriptem, mozna 
jsem ho tu uz i pred casem pastoval.

----------------------------
#!/bin/sh

awk -- '
{
	if (/NOQUEUE: reject:.+Greylisted for/) { greylisted++ }
	if (/NOQUEUE: reject:.+blocked using/) { blocked++ }
	if (/Helo command rejected:/) { badhelo++ }
	if (/rejected: User unknown/) { unknown++ }
	if (/Passed CLEAN/) { clean++ }
	if (/Passed SPAMMY/) { spammy++ }
	if (/Blocked SPAM.+quarantine: /) { spamquarantine++ }
	if (/Blocked SPAM/ && !/quarantine: /) { blockspam++ }
	if (/delivered to maildir/) { delivered++ }
	if (/status=sent .+ Ok: queued/) { queued++ }
	if (/pop3d-ssl: LOGIN/) { pop3ssl++ }
	if (/pop3d: LOGIN/) { pop3++ }
	if (/imapd-ssl: LOGIN/) { imapssl++ }
	if (/imapd: LOGIN/) { imap++ }
} END {
	printf("%-20s\t %i\n", "Greylisted:", greylisted)
	printf("%-20s\t %i\n", "RBL blocked:", blocked)
	printf("%-20s\t %i\n", "bad HELO blocked:", badhelo)
	printf("%-20s\t %i\n", "user unknown:", unknown)
	printf("%-20s\t %i\n", "SPAM clean:", clean)
	printf("%-20s\t %i\n", "SPAM spammy:", spammy)
	printf("%-20s\t %i\n", "SPAM quarantine:", spamquarantine)
	printf("%-20s\t %i\n", "SPAM blocked:", blockspam)
	printf("%-20s\t %i\n", "delivered (local):", delivered)
	printf("%-20s\t %i\n", "queued (to remote):", queued)
	printf("%-20s\t %i\n", "pop3ssl login:", pop3ssl)
	printf("%-20s\t %i\n", "pop3 login:", pop3)
	printf("%-20s\t %i\n", "imapssl login:", imapssl)
	printf("%-20s\t %i\n", "imap login:", imap)
}' /var/log/maillog
----------------------------

Neni to nic super, asi to neni ani moc presne, ale je to jednoduche a 
rychle. (a ani by to nemuselo byt zabaleno jako *.sh script, ale to uz 
je holt muj zvyk)

Mirek



More information about the Users-l mailing list