Sam:
I notice that when "courierd" logs to syslog, quite often (usually with SPAM)
the DNS entry in the logged message is a random 7-character name:
isolar:1:50 [/] # egrep 201.229.207.84 /var/log/syslog | grep dns
Feb 25 14:50:50 isolar courierd: [ID 702911 mail.info]
newmsg,id=00088941.4B86FEC7.0000415D: dns; f9wl0v2 ([::ffff:201.229.207.84])
I was assuming that these entries like "f9wl0v2" and the like were inserted by
"courierd" into the log message when the IP address had no associated inverse
PTR record in the DNS. But this particular example does have one:
isolar:1:51 [/] # nslookup 201.229.207.84 | grep Name
Name: tdev207-84.codetel.net.do
So I am curious why the "courierd" syslog message did not say
Feb 25 14:50:50 isolar courierd: [ID 702911 mail.info]
newmsg,id=00088941.4B86FEC7.0000415D: dns; tdev207-84.codetel.net.do
([::ffff:201.229.207.84])
This behavior is making me wonder if the "f9wl0v2" might not be in the original
message itself, which could potentially be filterable, or if Courier is
self-generating these entries (which end up in the "Received:" header on disk).
I'm seeing an unbelievable increase in SPAM volume on my little personal
Courier server and anything I can use to pre-filter is a big help.
- Greg
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
