postfix + spamassassin
Miroslav Lachman
000.fbsd at quip.cz
Tue Apr 29 23:37:43 CEST 2008
Jan Stary wrote:
> On Apr 29 16:29:45, Miroslav Lachman wrote:
>
>>Marian Cerny wrote:
>>
>>
>>>On 2008-04-29 15:38 +0200, Ciernik Tomas wrote:
>>>
>>>>Pri pouziti reject_non_fqdn_helo_hostname treba byt opatrny - napriklad taky
>>>>MS Outlook pouzije ako helo len nazov pocitaca, nie jeho domenu, takze na
>>>>zaklade tohto pravidla sa s nim postfix odmietne bavit.
>>>
>>>Pre uzivatelov tam mam permit_sasl_authenticated, takze to by nemuselo
>>>vadit, ze odmieta len nazov pocitaca. Ja osobne to
>>>reject_non_fqdn_helo_hostname ale nepouzivam. Myslim, ze som to tam
>>>nedal preto, ze to podla RFC helo nemusi byt FQDN, aj ked to si niesom
>>>isty... zaoberal som sa tym uz davno.
>>
>>Presne tak, pri pouziti permit_sasl_authenticated to uzivatele pusti, at
>>ma HELO jakekoliv, tudiz to zadnym Outlookum problemy nezpusobi.
>>Co jsem se dival po netu,
>
>
> (ehm)
>
>
>>tak prave RFC to FQDN vyzaduje.
>
>
> Nevyzaduje:
>
> These commands are used to identify the SMTP client to the
> SMTP server. The argument field contains the fully-qualified
> domain name of the SMTP client if one is available. In
> situations in which the SMTP client system does not have a
> meaningful domain name (e.g., when its address is dynamically
> allocated and no reverse mapping record is available), the
> client SHOULD send an address literal (see section 4.1.3),
> optionally followed by information that will help to identify
> the client system.
>
>
>>Alespon dle
>>citaci z nekolika webu (to konkretni RFC jsem ted neprohledaval, lenost
>>je hrozna)
>>"...parametr za HELO/EHLO bylo plně přeložitelné hostname (FQDN). Tuto
>>podmínku v SMTP protokolu popisuje RFC dokument 1123 sekce 5.2.5, RFC
>>821 sekce 4.1.1 a dále ještě RFC 2821."
>
>
> http://www.ietf.org/rfc/rfc2821.txt
>
> obsoletes RFC 821, RFC 974, and updates RFC 1123
> (replaces the mail transport materials of RFC 1123).
Dobra, vyklad at si udela kazdy po svem, pro me je dulezity funkcni
vysledek :)
rfc2821
2.3.5 Domain
The domain name, as described in this document and in [22], is the
entire, fully-qualified name (often referred to as an "FQDN"). A
domain name that is not in FQDN form is no more than a local alias.
Local aliases MUST NOT appear in any SMTP transaction.
3.2 Client Initiation
In the EHLO command the host sending the command identifies itself;
the command may be interpreted as saying "Hello, I am <domain>" (and,
in the case of EHLO, "and I support service extension requests").
4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
Syntax:
ehlo = "EHLO" SP Domain CRLF
helo = "HELO" SP Domain CRLF
4.1.3 Address Literals
To bypass this barrier a special literal form
of the address is allowed as an alternative to a domain name. For
IPv4 addresses, this form uses four small decimal integers separated
by dots and enclosed by brackets such as [123.255.37.2], which
indicates an (IPv4) Internet Address in sequence-of-octets form.
Pokud k tomu pridam i popis z manualu Postfixu:
reject_non_fqdn_helo_hostname
Reject the request when the HELO or EHLO hostname is not in
fully-qualified domain form, as required by the RFC.
reject_non_fqdn_sender
Reject the request when the MAIL FROM address is not in
fully-qualified domain form, as required by the RFC.
reject_non_fqdn_recipient
Reject the request when the RCPT TO address is not in
fully-qualified domain form, as required by the RFC.
Tak si troufnu klidne na tom "tvrdosijne trvat" a toho, kdo to
neposkytne, odmitnout. Ostatne na netu jsou i daleko prisnejsi
mailservery, co vyzaduji pro EHLO / HELO hostname i existujici A / PTR
zaznamy a kdo vi co vsechno.
>>Greylisted: 0
>>RBL blocked: 0
>>bad HELO blocked: 4740
>>user unknown: 7118
>>SPAM clean: 695
>>SPAM spammy: 380
>>SPAM quarantine: 0
>>SPAM blocked: 2609
>>delivered (local): 1794
>>queued (to remote): 1377
>>pop3ssl login: 1271
>>pop3 login: 2500
>>imapssl login: 186
>>imap login: 191
>
>
> Takove logy bych chtel; co je vyrabi?
Takovou statistiku vyrabim ja, pomerne jednoduchym awk scriptem, mozna
jsem ho tu uz i pred casem pastoval.
----------------------------
#!/bin/sh
awk -- '
{
if (/NOQUEUE: reject:.+Greylisted for/) { greylisted++ }
if (/NOQUEUE: reject:.+blocked using/) { blocked++ }
if (/Helo command rejected:/) { badhelo++ }
if (/rejected: User unknown/) { unknown++ }
if (/Passed CLEAN/) { clean++ }
if (/Passed SPAMMY/) { spammy++ }
if (/Blocked SPAM.+quarantine: /) { spamquarantine++ }
if (/Blocked SPAM/ && !/quarantine: /) { blockspam++ }
if (/delivered to maildir/) { delivered++ }
if (/status=sent .+ Ok: queued/) { queued++ }
if (/pop3d-ssl: LOGIN/) { pop3ssl++ }
if (/pop3d: LOGIN/) { pop3++ }
if (/imapd-ssl: LOGIN/) { imapssl++ }
if (/imapd: LOGIN/) { imap++ }
} END {
printf("%-20s\t %i\n", "Greylisted:", greylisted)
printf("%-20s\t %i\n", "RBL blocked:", blocked)
printf("%-20s\t %i\n", "bad HELO blocked:", badhelo)
printf("%-20s\t %i\n", "user unknown:", unknown)
printf("%-20s\t %i\n", "SPAM clean:", clean)
printf("%-20s\t %i\n", "SPAM spammy:", spammy)
printf("%-20s\t %i\n", "SPAM quarantine:", spamquarantine)
printf("%-20s\t %i\n", "SPAM blocked:", blockspam)
printf("%-20s\t %i\n", "delivered (local):", delivered)
printf("%-20s\t %i\n", "queued (to remote):", queued)
printf("%-20s\t %i\n", "pop3ssl login:", pop3ssl)
printf("%-20s\t %i\n", "pop3 login:", pop3)
printf("%-20s\t %i\n", "imapssl login:", imapssl)
printf("%-20s\t %i\n", "imap login:", imap)
}' /var/log/maillog
----------------------------
Neni to nic super, asi to neni ani moc presne, ale je to jednoduche a
rychle. (a ani by to nemuselo byt zabaleno jako *.sh script, ale to uz
je holt muj zvyk)
Mirek
More information about the Users-l
mailing list