>#first, don't match smtp and biz under rr.com
>/(smtp.*|biz)\.rr\.com/ DUNNO
>
>I ran the following trying to look for other possible valid outbound MTAs
>(search for PTR *.rr.com with [EMAIL PROTECTED]
>(note: I put USER in place of actual email addresses here... No sense in me
>posting other people's addresses to a mailing list)
>
># zegrep -i '\.rr\.com.*4tuple.*from=<[EMAIL PROTECTED]>'
>/var/log/maillog.0.gz | awk '{print $10" "$17}' | sort -f | uniq -I
4tuple is fine, but if it is only one path out of smtpd restrictions. Any
ng "OK" in any restriction before 4tuple restriction will not show up in
4tuple.
The most complete PTR data is in the "smtpd.* connect from" since that's
before any restrictions.
zgrep -i "smtpd.* connect from" /var/log/maillog.1.gz | awk '{print $8}' |
sort -f | uniq -ic | sort -t[ -k2 | less
>Connected to ms-smtp-02.rdc-kc.rr.com.
>220 ms-smtp-02.rdc-kc.rr.com ESMTP Welcome to Road Runner. WARNING: *** FOR
>AUTHORIZED USE ONLY! ***
this is probably "relay for my rr networks" restriction
>Based on banners it looks like RR likes to put either 'welcome to roadruner'
>or the 'warning' with 3 astrericks on either side...
>So the hawaii also looks legit, but isnt covered by the (smtp|biz).
>Based on my run here It looks like
>
>/mls.*.hawaii\.rr\.com/ DUNNO
>
>Should also be added
ok, thanks.
>Len maybe you can do some pulls like this on one of your high traffic
>systems?
I'll try
Len
