>Below is my stats for today along with the script I'm running. The scripts
>is blocking tons of traffic, but I'm confused since (63.237.136.92)|
>(63.237.136.93)| are the OLD ip address before I moved the email servers
>last year.
you rejecting on old .map data (old, but still current
> I will update with the new IP addresses. Is the current script ?
>And also how can it work since
it can't work so doesn't work. you've been harvesting nothing since you
changed your IPs.
>imgate1# egrep "550 unknown user" -i /var/log/maillog | egrep 63.237.136 |
>wc -l
> 0
... because you aren't grepping for the right string, nor, apparently,
rejecting for unknown users, but rather just rejecting to "dead" accounts.
ie, harvesting IMail bounces, not IMGate rejects.
> 18017 RBL list.dsbl.org
> 44415 ACL to_recipients_dead
>
> 91564 TOTAL
>
>#!/bin/sh
># This script makes a .map file of non-exisitng recipients with
># a minimum of 5 bounces (controled by awk) per day
>grep "550 unknown user" -i /var/log/maillog | \
> egrep "
> (63.237.136.92)|
> (63.237.136.93)|
> " |\
> cut -d "<" -f 2 |\
> cut -d ">" -f 1 |\
> sort -f |\
> uniq -ic | \
> awk '{ if ($1 > 4) print $2 " 554 ACL to_recipients_bad"}' \
> >> /etc/postfix/to_recipients_bad.map
>
>sort -f < /etc/postfix/to_recipients_bad.map |\
> uniq -i > /etc/postfix/to_recipients_bad.map.tmp
>
>cp /etc/postfix/to_recipients_bad.map.tmp /etc/postfix/to_recipients_bad.map
>
>/usr/sbin/postmap /etc/postfix/to_recipients_bad.map
>
>exit 0
That script is same principle but is for harvesting unknown users to your
"dead" file after your mailbox server has has rejected (seen as a "bounce"
by postfix). That's better than nothing, but much better is to reject
unknown users at the MX, rather than wait for bounces from the mailbox server.
In either case, you then harvest the postfix unknown user reject lines for
the PTR-less IPs that send over a threshold.
Len
