What does it take to kill this [EMAIL PROTECTED] thing?!?! I have "64.118.89."
contained in my denysmtp.txt file, referenced by
denySMTPConnectionsFrom. I'm not using the "Always" field, on the
off-off chance I need to whitelist somebody on a blacklisted server. I
don't see how this is getting through sometimes - but it is.
BTW - many thanks Fritz for the log search capability. Don't know when
that crept in, but it's wonderful to be able to do it without going to SSH.
Following is a log exerpt for a search for '64.118.89.87', for just a
small period of time. How are some getting blocked, and some getting
through?
JJul-24-07 09:37:17 id-5037c15987 64.118.89.87 <[EMAIL PROTECTED]> recipient
delayed:
[EMAIL PROTECTED]
Jul-24-07 09:37:17 64.118.89.87 <[EMAIL PROTECTED]> is disconnected
Jul-24-07 09:49:12 Connection from 64.118.89.87:13898 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 10:02:43 Connection from 64.118.89.87:54155 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 10:09:43 Connection from 64.118.89.87:35156 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 10:27:19 Connected: 64.118.89.87:40847 -> 66.55.57.2:25 ->
66.55.57.2:10024
Jul-24-07 10:27:19 id-8039c6194 64.118.89.87 <[EMAIL PROTECTED]> adding new
triplet:
(64.118.89.0,[EMAIL PROTECTED],[EMAIL PROTECTED])
Jul-24-07 10:27:19 id-8039c6194 64.118.89.87 <[EMAIL PROTECTED]> recipient
delayed:
[EMAIL PROTECTED]
Jul-24-07 10:27:20 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> accepting
triplet:
(64.118.89.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) waited:
50m 3s
Jul-24-07 10:27:20 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 10:27:20 Completed DNSBL checks on 64.118.89.87
Jul-24-07 10:27:20 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Received-RWL: not listed (foxy.amfes.com: local policy)
rwl=none; client-ip=64.118.
89.87
Jul-24-07 10:27:26 [BlackHelo][scoring] id-8040c2133 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] scoring blacklisted HELO:
'mail.yonagreen.com'
Jul-24-07 10:27:26 [BlackHelo][scoring] id-8040c2133 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] deleting spamming whitelisted tuplet:
(64.118.89.0,yonagreen.com)
age: 6s
Jul-24-07 10:27:32 [SPF] id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Received-SPF: pass (foxy.amfes.com: domain of [EMAIL
PROTECTED] designates
64.118.89.87 as permitted sender) client-ip=64.118.89.87;
[EMAIL PROTECTED]
com; helo=mail.yonagreen.com;
Jul-24-07 10:27:32 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 10:27:32 Completed DNSBL checks on 64.118.89.87
Jul-24-07 10:27:32 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] DNSBL
Received-DNSBL: pass
Jul-24-07 10:27:32 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:Red 'remove'
Jul-24-07 10:27:32 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:SuspiciousAttachment ''
Jul-24-07 10:27:33 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] URIBL
Received-URIBL: pass
Jul-24-07 10:27:33 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
ClamAV: scanning 8561 bytes done OK
Jul-24-07 10:27:34 id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
ian Check Prob: 1.00000 => spam
Jul-24-07 10:27:34 [Bayesian] id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] Bayesian Spam
_1_DVD_Copy_Program_BANNED_Get_Your_Copy_Here_ ->
nocollect:red
Jul-24-07 10:27:34 [Bayesian] id-8040c2133 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] is disconnected
Jul-24-07 10:33:37 Connection from 64.118.89.87:26384 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 10:46:01 Connection from 64.118.89.87:56123 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 11:04:09 Connection from 64.118.89.87:2549 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 11:19:02 Connection from 64.118.89.87:53647 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 11:30:30 Connection from 64.118.89.87:15808 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 11:42:27 Connection from 64.118.89.87:51603 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 11:53:31 Connected: 64.118.89.87:13276 -> 66.55.57.2:25 ->
66.55.57.2:10024
Jul-24-07 11:53:32 id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> accepting
triplet:
(64.118.89.0,[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 1h
26m 13s
Jul-24-07 11:53:32 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 11:53:35 Completed DNSBL checks on 64.118.89.87
Jul-24-07 11:53:35 id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Received-RWL: not listed (foxy.amfes.com: local policy)
rwl=none; client-ip=64.118.
89.87
Jul-24-07 11:53:41 [BlackHelo][scoring] id-3211c10751 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] scoring blacklisted HELO:
'mail.yonagreen.com'
Jul-24-07 11:53:41 [BlackHelo][scoring] id-3211c10751 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] deleting spamming whitelisted tuplet:
(64.118.89.0,yonagreen.com)
age: 9s
Jul-24-07 11:53:53 [SPF] id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Received-SPF: pass (foxy.amfes.com: domain of [EMAIL
PROTECTED] designates
64.118.89.87 as permitted sender) client-ip=64.118.89.87;
[EMAIL PROTECTED]
com; helo=mail.yonagreen.com;
Jul-24-07 11:53:53 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 11:53:53 Completed DNSBL checks on 64.118.89.87
Jul-24-07 11:53:53 id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] DNSBL
Received-DNSBL: pass
Jul-24-07 11:53:53 id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:Red 'remove'
Jul-24-07 11:53:53 id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:SuspiciousAttachment ''
Jul-24-07 11:53:54 id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] URIBL
fail (Cache, yonagreen.com)
Jul-24-07 11:53:54 [URIBL] id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
com failed URIBL Get_a_Rich_Beautiful_Lawn_ -> nocollect:red
Jul-24-07 11:53:54 [URIBL] id-3211c10751 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
com is disconnected
Jul-24-07 11:55:08 Connection from 64.118.89.87:25706 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 12:09:16 Connection from 64.118.89.87:16877 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 12:21:44 Connection from 64.118.89.87:53338 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 12:39:45 Connection from 64.118.89.87:5531 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 12:56:36 Connection from 64.118.89.87:5666 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 13:15:17 Connection from 64.118.89.87:65502 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 13:21:22 Connected: 64.118.89.87:51044 -> 66.55.57.2:25 ->
66.55.57.2:10024
Jul-24-07 13:21:23 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> accepting
triplet: (64.118.89.0,
[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 3h 44m 6s
Jul-24-07 13:21:23 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 13:21:23 Completed DNSBL checks on 64.118.89.87
Jul-24-07 13:21:23 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Received-RWL: not listed (foxy.amfes.com: local policy)
rwl=none; client-ip=64.118.
89.87
Jul-24-07 13:21:32 [BlackHelo][scoring] id-8483c7657 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] scoring blacklisted HELO:
'mail.yonagreen.com'
Jul-24-07 13:21:32 [BlackHelo][scoring] id-8483c7657 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] deleting spamming whitelisted tuplet:
(64.118.89.0,yonagreen.com)
age: 9s
Jul-24-07 13:21:35 [SPF] id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Received-SPF: pass (foxy.amfes.com: domain of [EMAIL
PROTECTED] designates
64.118.89.87 as permitted sender) client-ip=64.118.89.87;
[EMAIL PROTECTED]
com; helo=mail.yonagreen.com;
Jul-24-07 13:21:35 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 13:21:36 Completed DNSBL checks on 64.118.89.87
Jul-24-07 13:21:36 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] DNSBL
Received-DNSBL: pass
Jul-24-07 13:21:36 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Regex:Red
'unsubscribe'
Jul-24-07 13:21:36 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:SuspiciousAttachment ''
Jul-24-07 13:21:36 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] URIBL
Received-URIBL: pass
Jul-24-07 13:23:24 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] ClamAV:
scanning 3123 bytes done OK
Jul-24-07 13:23:24 id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Bayesian
Check Prob: 1.00000 => spam
Jul-24-07 13:23:24 [Bayesian] id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Bayesian Spam
World_s_Smallest_R_C_Helicopter_Hottest_Toy_Of_The -> nocollect:red
Jul-24-07 13:23:24 [Bayesian] id-8483c7657 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
is disconnected
Jul-24-07 13:27:14 Connection from 64.118.89.87:27298 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 13:37:14 Connection from 64.118.89.87:33449 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 13:47:14 Connection from 64.118.89.87:25169 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 13:57:14 Connected: 64.118.89.87:14871 -> 66.55.57.2:25 ->
66.55.57.2:10024
Jul-24-07 13:57:14 id-0634c7961 64.118.89.87 <[EMAIL PROTECTED]> logging
64.118.89.87 score:75
BlacklistedHelo
Jul-24-07 13:57:14 id-0634c7961 64.118.89.87 <[EMAIL PROTECTED]> adding new
triplet:
(64.118.89.0,[EMAIL PROTECTED],[EMAIL PROTECTED])
Jul-24-07 13:57:14 id-0634c7961 64.118.89.87 <[EMAIL PROTECTED]> recipient
delayed: [EMAIL PROTECTED]
Jul-24-07 13:57:14 64.118.89.87 <[EMAIL PROTECTED]> is disconnected
Jul-24-07 14:07:30 Connection from 64.118.89.87:6806 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 14:17:29 Connection from 64.118.89.87:62026 rejected by
denySMTPConnectionsFrom: 64.
118.89.
Jul-24-07 14:27:29 Connected: 64.118.89.87:48024 -> 66.55.57.2:25 ->
66.55.57.2:10024
Jul-24-07 14:27:29 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> logging
64.118.89.87 score:75
BlacklistedHelo
Jul-24-07 14:27:29 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> accepting
triplet: (64.118.89.0,
[EMAIL PROTECTED],[EMAIL PROTECTED]) waited: 30m 15s
Jul-24-07 14:27:30 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 14:27:30 Completed DNSBL checks on 64.118.89.87
Jul-24-07 14:27:30 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Received-RWL: not listed (foxy.amfes.com: local policy)
rwl=none; client-ip=64.118.
89.87
Jul-24-07 14:27:39 [BlackHelo][scoring] id-2449c3289 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] scoring blacklisted HELO:
'mail.yonagreen.com'
Jul-24-07 14:27:39 [BlackHelo][scoring] id-2449c3289 64.118.89.87 <[EMAIL
PROTECTED]> to:
[EMAIL PROTECTED] deleting spamming whitelisted tuplet:
(64.118.89.0,yonagreen.com)
age: 10s
Jul-24-07 14:27:42 [SPF] id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Received-SPF: pass (foxy.amfes.com: domain of [EMAIL
PROTECTED] designates
64.118.89.87 as permitted sender) client-ip=64.118.89.87;
[EMAIL PROTECTED]
com; helo=mail.yonagreen.com;
Jul-24-07 14:27:42 Commencing DNSBL checks on 64.118.89.87
Jul-24-07 14:27:42 Completed DNSBL checks on 64.118.89.87
Jul-24-07 14:27:42 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] DNSBL
Received-DNSBL: pass
Jul-24-07 14:27:42 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Regex:Red
'unsubscribe'
Jul-24-07 14:27:42 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED]
Regex:SuspiciousAttachment ''
Jul-24-07 14:27:43 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] URIBL
Received-URIBL: pass
Jul-24-07 14:27:43 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] ClamAV:
scanning 3903 bytes done OK
Jul-24-07 14:27:43 id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to: [EMAIL
PROTECTED] Bayesian
Check Prob: 1.00000 => spam
Jul-24-07 14:27:43 [Bayesian] id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Bayesian Spam
Burn_100_calories_every_5_minutes_with_JumpSnap_ -> nocollect:red
Jul-24-07 14:27:43 [Bayesian] id-2449c3289 64.118.89.87 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
is disconnected
--
Daniel
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
