postfix + spamassassin

Jan Stary hans at stare.cz
Wed Apr 30 07:46:59 CEST 2008


> >>tak prave RFC to FQDN vyzaduje.
> > 
> > Nevyzaduje:
> > 
> >         These commands are used to identify the SMTP client to the
> >         SMTP server.  The argument field contains the fully-qualified
> >         domain name of the SMTP client if one is available.  In
                                           ^^^^^^^^^^^^^^^^^^^^
> >         situations in which the SMTP client system does not have a
> >         meaningful domain name (e.g., when its address is dynamically
> >         allocated and no reverse mapping record is available), the
> >         client SHOULD send an address literal (see section 4.1.3),
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >         optionally followed by information that will help to identify
            ^^^^^^^^^^
> >         the client system.
> > 
> > 
> >>Alespon dle 
> >>citaci z nekolika webu (to konkretni RFC jsem ted neprohledaval, lenost 
> >>je hrozna)
> >>"...parametr za HELO/EHLO bylo plně přeložitelné hostname (FQDN). Tuto 
> >>podmínku v SMTP protokolu popisuje RFC dokument 1123 sekce 5.2.5, RFC 
> >>821 sekce 4.1.1 a dále ještě RFC 2821."
> > 
> > 
> > http://www.ietf.org/rfc/rfc2821.txt
> > 
> >         obsoletes RFC 821, RFC 974, and updates RFC 1123
> >         (replaces the mail transport materials of RFC 1123).
> 
> Dobra, vyklad at si udela kazdy po svem, pro me je dulezity funkcni 
> vysledek :)

Proto mame RFC, aby kazdy nemel svuj "vyklad".

>     To bypass this barrier a special literal form
>     of the address is allowed as an alternative to a domain name.  For
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     IPv4 addresses, this form uses four small decimal integers separated
>     by dots and enclosed by brackets such as [123.255.37.2], which
>     indicates an (IPv4) Internet Address in sequence-of-octets form.

> Pokud k tomu pridam i popis z manualu Postfixu:

(coz je vuci RFC irelevantni)

> reject_non_fqdn_helo_hostname
>      Reject the request when the HELO or EHLO hostname is not in 
> fully-qualified domain form, as required by the RFC.

(Nicmene treba ja to taky odmitam.)

> reject_non_fqdn_sender
>      Reject the request when the MAIL FROM address is not in 
> fully-qualified domain form, as required by the RFC.
> 
> reject_non_fqdn_recipient
>      Reject the request when the RCPT TO address is not in 
> fully-qualified domain form, as required by the RFC.

To uz se HELO netyka vubec.

> Tak si troufnu klidne na tom "tvrdosijne trvat" a toho, kdo to 
> neposkytne, odmitnout.

To jsou dve ruzne veci; k tomu, abys takove klienty odmital, nemusis
trvat na necem, co neni pravda; proste je odmitnes, to je Tvoje
rozhodnuti (moje taky).

> Ostatne na netu jsou i daleko prisnejsi 
> mailservery, co vyzaduji pro EHLO / HELO hostname i existujici A / PTR 
> zaznamy a kdo vi co vsechno.

Ano, treba muj server tohle vsechno taky vyzaduje.
Coz nic nemeni na tom, ze RFC nevyzaduje FQDN HELO.

> >>Greylisted:              0
> >>RBL blocked:             0
> >>bad HELO blocked:        4740
> >>user unknown:            7118
> >>SPAM clean:              695
> >>SPAM spammy:             380
> >>SPAM quarantine:         0
> >>SPAM blocked:            2609
> >>delivered (local):       1794
> >>queued (to remote):      1377
> >>pop3ssl login:           1271
> >>pop3 login:              2500
> >>imapssl login:           186
> >>imap login:              191
> > 
> > 
> > Takove logy bych chtel; co je vyrabi?
> 
> Takovou statistiku vyrabim ja, pomerne jednoduchym awk scriptem, mozna 
> jsem ho tu uz i pred casem pastoval.
> 
> ----------------------------
> #!/bin/sh
> 
> awk -- '
> {
> 	if (/NOQUEUE: reject:.+Greylisted for/) { greylisted++ }
> 	if (/NOQUEUE: reject:.+blocked using/) { blocked++ }
> 	if (/Helo command rejected:/) { badhelo++ }
> 	if (/rejected: User unknown/) { unknown++ }
> 	if (/Passed CLEAN/) { clean++ }
> 	if (/Passed SPAMMY/) { spammy++ }
> 	if (/Blocked SPAM.+quarantine: /) { spamquarantine++ }
> 	if (/Blocked SPAM/ && !/quarantine: /) { blockspam++ }
> 	if (/delivered to maildir/) { delivered++ }
> 	if (/status=sent .+ Ok: queued/) { queued++ }
> 	if (/pop3d-ssl: LOGIN/) { pop3ssl++ }
> 	if (/pop3d: LOGIN/) { pop3++ }
> 	if (/imapd-ssl: LOGIN/) { imapssl++ }
> 	if (/imapd: LOGIN/) { imap++ }
> } END {
> 	printf("%-20s\t %i\n", "Greylisted:", greylisted)
> 	printf("%-20s\t %i\n", "RBL blocked:", blocked)
> 	printf("%-20s\t %i\n", "bad HELO blocked:", badhelo)
> 	printf("%-20s\t %i\n", "user unknown:", unknown)
> 	printf("%-20s\t %i\n", "SPAM clean:", clean)
> 	printf("%-20s\t %i\n", "SPAM spammy:", spammy)
> 	printf("%-20s\t %i\n", "SPAM quarantine:", spamquarantine)
> 	printf("%-20s\t %i\n", "SPAM blocked:", blockspam)
> 	printf("%-20s\t %i\n", "delivered (local):", delivered)
> 	printf("%-20s\t %i\n", "queued (to remote):", queued)
> 	printf("%-20s\t %i\n", "pop3ssl login:", pop3ssl)
> 	printf("%-20s\t %i\n", "pop3 login:", pop3)
> 	printf("%-20s\t %i\n", "imapssl login:", imapssl)
> 	printf("%-20s\t %i\n", "imap login:", imap)
> }' /var/log/maillog
> ----------------------------

Najs - asi si to upravim a nahradim tim pflogsumm.

	Dik

		H.




More information about the Users-l mailing list