With respect to the new map, has anyone come up with a script to get a list
of valid email addresses from your mail servers? Including a method on the
script to handle the nice [EMAIL PROTECTED] --> [EMAIL PROTECTED]
mappings.
I am thinking of doing a scan of recieved email addresses in the logs to
generate the domain email addresses, the other could be obtained via a quick
perl script grabbing the userid from the passwd file and tag the domain on
to it.
Terry
----- Original Message -----
From: "Len Conrad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 18, 2003 8:12 PM
Subject: [IMGate] Re: check_recipient_maps
>
> So, how's everybody getting along with check_recipient_maps?
>
>
> Here's spam-stats.pl for an IMGate I admin and I turned on
> check_recipient_maps which the first real filter in the restrictions list,
> at 11 AM this morning:
>
> 1 ETRN Mail theft attempt
> 3 ACL mta_clients_onedict
> 3 ACL to_recipients_white
> 4 SMTP invalid [EMAIL PROTECTED]
> 4 ACL from_senders_clueless
> 8 ACL mta_clients_relay
> 13 ACL to_local_recipients unknown recipient
> 26 SMTP invalid [EMAIL PROTECTED]
> 34 SMTP Exceeded Hard Error Limit after MAIL
> 59 ACL mta_clients_pipel (pipelining)
> 84 ACL body checks
> 87 ACL helo_hostnames
> 136 ACL mta_clients_senders_regexp
> 145 ACL unauthorized relay
> 234 ACL header checks
> 248 ACL from_senders_nxdomain
> 464 ACL mta_clients_bogus
> 583 SMTP Exceeded Hard Error Limit after DATA
> 843 ACL from_senders_black
> 959 ACL mta_clients_slet
> 1036 SMTP sender address verification in progress
> 1213 SMTP unauthorized pipelining
> 1252 ACL mta_clients_blaksender
> 1646 RBL rbl-plus.mail-abuse.org
> 2030 ACL from_senders_regexp
> 5546 ACL to_recipients_dead
> 5710 SMTP sender address undeliverable
> 6157 SMTP Exceeded Hard Error Limit after RCPT
> 6573 DNS no A/MX for @sender.domain
> 6907 ACL mta_clients_dead
> 7667 ACL from_senders_slet
> 7668 DNS timeout for MTA PTR hostname (forged @sender.domain)
> 7674 ACL from_senders_black_regexp
> 12348 ACL mta_clients_bw
> 13516 ACL [EMAIL PROTECTED]
> 13837 DNS nxdomain for MTA PTR hostname (forged @sender.domain)
> 16609 SMTP sender address unverifiable
> 23535 ACL to_relay_recipients unknown recipient <<<<<
> 39053 ACL to_recipients_repexp ( will now goto to_relay_recipients)
> =========================================
> 183915 TOTAL
>
>
> so, it's another important feature for postfix and IMGate. and harvesting
> the ip's and sender.domains of the to_relay_recipients will be, as before,
> a very good source of new rules.
>
> And here's a 2 new lines for spam-stats.pl to catch the new
> check_recipient_maps log lines wraps:
>
> elsif (/unknown in relay recipient/i) { $count{"ACL to_relay_recipients
> unknown recipient"}++ }
>
> elsif (/unknown in local recipient/i) { $count{"ACL to_local_recipients
> unknown recipient"}++ }
>
> Len
>
>
>
