I used to get some useful Logwatch info when I was
running FC3:
--------------------- sendmail Begin ------------------------
Bytes Transferred: 2586485
Messages Sent: 510
Total recipients: 513
508 messages scanned by MIMEDefang
Top relays (recipients/connections - min 10 rcpts, max 50 lines):
184/184: hormel.redhat.com [209.132.177.30]
127/127: notorious.mozilla.org [63.245.208.166]
59/59: lists-outbound.sourceforge.net [66.35.250.225]
39/39: hermes.apache.org [209.237.227.199]
25/25: gabe.freedesktop.org [131.252.208.82]
20/20: at1-old.physik.fu-berlin.de [160.45.32.86]
Client quit before communicating:
125.171.160.88 : 1 Time(s)
**Unmatched Entries**
Milter: connect: host=[125.189.20.41], addr=125.189.20.41, temp failing
commands: 10 Time(s)
Milter: connect: host=adsl-072-149-154-062.sip.bhm.bellsouth.net,
addr=72.149.154.62, rejecting commands: 5 Time(s)
Milter: connect: host=201-254-21-254.speedy.com.ar, addr=201.254.21.254,
rejecting commands: 5 Time(s)
Milter: connect: host=[201.123.52.24], addr=201.123.52.24, temp failing
commands: 3 Time(s)
Milter: connect: host=[218.8.230.34], addr=218.8.230.34, rejecting commands:
2 Time(s)
Milter: connect: host=[203.90.176.65], addr=203.90.176.65, rejecting
commands: 2 Time(s)
Milter: connect: host=[222.122.179.236], addr=222.122.179.236, rejecting
commands: 2 Time(s)
Milter: connect: host=[219.131.178.84], addr=219.131.178.84, rejecting
commands: 2 Time(s)
Milter: connect: host=c-24-6-31-66.hsd1.ca.comcast.net, addr=24.6.31.66,
rejecting commands: 2 Time(s)
Milter: connect: host=223.Red-88-3-113.dynamicIP.rima-tde.net,
addr=88.3.113.223, rejecting commands: 2 Time(s)
rejecting connections on daemon TLSMTA: 5 children, max 5: 2 Time(s)
Milter: connect: host=[218.7.192.82], addr=218.7.192.82, rejecting commands:
2 Time(s)
Milter: connect: host=[203.90.176.195], addr=203.90.176.195, rejecting
commands: 2 Time(s)
Milter: connect: host=[218.7.192.144], addr=218.7.192.144, rejecting
commands: 2 Time(s)
Milter: connect: host=[222.169.5.167], addr=222.169.5.167, rejecting
commands: 2 Time(s)
Milter: connect: host=[60.11.213.205], addr=60.11.213.205, rejecting
commands: 2 Time(s)
rejecting connections on daemon MTA-v4: 5 children, max 5: 2 Time(s)
Milter: connect: host=[60.218.38.130], addr=60.218.38.130, rejecting
commands: 2 Time(s)
Milter: connect: host=[222.169.5.236], addr=222.169.5.236, rejecting
commands: 2 Time(s)
Milter: connect: host=[222.168.117.36], addr=222.168.117.36, rejecting
commands: 2 Time(s)
Milter: connect: host=[222.172.20.81], addr=222.172.20.81, rejecting
commands: 2 Time(s)
Milter: connect: host=[222.169.5.27], addr=222.169.5.27, rejecting commands:
2 Time(s)
Milter: connect: host=[222.102.149.126], addr=222.102.149.126, rejecting
commands: 2 Time(s)
Milter: connect: host=[222.169.5.250], addr=222.169.5.250, rejecting
commands: 2 Time(s)
Milter: connect: host=34.190.36.72.reverse.layeredtech.com,
addr=72.36.190.34, rejecting commands: 1 Time(s)
Milter: connect: host=adsl-63-202-84-10.dsl.snfc21.pacbell.net,
addr=63.202.84.10, rejecting commands: 1 Time(s)
Milter: connect: host=pool-138-89-174-105.mad.east.verizon.net,
addr=138.89.174.105, rejecting commands: 1 Time(s)
Milter: connect: host=user-0cdv0fb.cable.mindspring.com,
addr=24.223.129.235, rejecting commands: 1 Time(s)
Milter: connect: host=156-46-28.dial.terra.cl, addr=200.28.46.156, rejecting
commands: 1 Time(s)
Milter: connect: host=mailhost.terra.es, addr=213.4.149.12, rejecting
commands: 1 Time(s)
Milter: connect: host=218-167-70-42.dynamic.hinet.net, addr=218.167.70.42,
rejecting commands: 1 Time(s)
Milter: connect: host=pool-70-21-9-42.res.east.verizon.net, addr=70.21.9.42,
rejecting commands: 1 Time(s)
Milter: connect: host=c-65-96-2-170.hsd1.ma.comcast.net, addr=65.96.2.170,
rejecting commands: 1 Time(s)
Milter: connect: host=[210.92.145.150], addr=210.92.145.150, rejecting
commands: 1 Time(s)
Milter: connect: host=pc-178-101-86-200.cm.vtr.net, addr=200.86.101.178,
rejecting commands: 1 Time(s)
Milter: connect: host=host-81-190-163-123.gorzow.mm.pl, addr=81.190.163.123,
rejecting commands: 1 Time(s)
Milter: connect: host=[87.110.157.103], addr=87.110.157.103, rejecting
commands: 1 Time(s)
Milter: connect: host=pool-68-238-249-240.phlapa.fios.verizon.net,
addr=68.238.249.240, rejecting commands: 1 Time(s)
Milter: connect: host=pool-71-115-197-118.spknwa.dsl-w.verizon.net,
addr=71.115.197.118, rejecting commands: 1 Time(s)
Milter: connect: host=softbank219019248019.bbtec.net, addr=219.19.248.19,
rejecting commands: 1 Time(s)
Milter: connect: host=[221.199.50.192], addr=221.199.50.192, temp failing
commands: 1 Time(s)
Milter: connect: host=61-230-68-120.dynamic.hinet.net, addr=61.230.68.120,
rejecting commands: 1 Time(s)
Milter: connect: host=[221.204.154.63], addr=221.204.154.63, rejecting
commands: 1 Time(s)
Milter: connect: host=e181094160.adsl.alicedsl.de, addr=85.181.94.160,
rejecting commands: 1 Time(s)
Milter: connect: host=pool-71-162-93-90.bstnma.east.verizon.net,
addr=71.162.93.90, rejecting commands: 1 Time(s)
Milter: connect: host=[218.9.243.243], addr=218.9.243.243, rejecting
commands: 1 Time(s)
Milter: connect: host=61-216-242-19.dynamic.hinet.net, addr=61.216.242.19,
rejecting commands: 1 Time(s)
Milter: connect: host=[222.62.149.243], addr=222.62.149.243, rejecting
commands: 1 Time(s)
Milter: connect: host=59-105-7-183.adsl.dynamic.seed.net.tw,
addr=59.105.7.183, rejecting commands: 1 Time(s)
Milter: connect: host=static-68-236-166-224.ny325.east.verizon.net,
addr=68.236.166.224, rejecting commands: 1 Time(s)
Milter: connect: host=cpe-24-27-124-116.houston.res.rr.com,
addr=24.27.124.116, rejecting commands: 1 Time(s)
Milter: connect: host=68-64-138-179.clspco.adelphia.net, addr=68.64.138.179,
rejecting commands: 1 Time(s)
rejecting commands from blk-224-252-183.eastlink.ca [24.224.252.183] due to
pre-greeting traffic: 1 Time(s)
Milter: connect: host=61-216-245-117.dynamic.hinet.net, addr=61.216.245.117,
rejecting commands: 1 Time(s)
Milter: connect: host=dsl85-105-61849.ttnet.net.tr, addr=85.105.241.153,
rejecting commands: 1 Time(s)
Milter: helo=71.36.29.88, reject=554 5.7.1 Incorrect format for
address-literal: 1 Time(s)
Milter: connect: host=customer201-216-213.82.iplannetworks.net,
addr=201.216.213.82, rejecting commands: 1 Time(s)
Milter: connect: host=[211.113.191.86], addr=211.113.191.86, rejecting
commands: 1 Time(s)
Milter: connect: host=[125.171.160.88], addr=125.171.160.88, temp failing
commands: 1 Time(s)
---------------------- sendmail End -------------------------
Then I upgraded the OS to FC5 (but kept everything else
the same), and now I hardly get anything useful at all:
--------------------- sendmail Begin ------------------------
**Unmatched Entries**
Milter delete (noop): header: X-Spam-Score: 309 Time(s)
ruleset=check_relay, arg1=adsl-068-016-118-091.sip.bct.bellsouth.net,
arg2=68.16.118.91, relay=adsl-068-016-118-091.sip.bct.bellsouth.net
[68.16.118.91], reject=421 4.3.2 Connection rate limit exceeded.: 7 Time(s)
ruleset=check_relay, arg1=[222.168.117.181], arg2=222.168.117.181,
relay=[222.168.117.181], reject=421 4.3.2 Connection rate limit exceeded.: 3
Time(s)
ruleset=check_relay, arg1=[60.17.197.37], arg2=60.17.197.37,
relay=[60.17.197.37], reject=421 4.3.2 Connection rate limit exceeded.: 3
Time(s)
ruleset=check_relay, arg1=[219.150.11.186], arg2=219.150.11.186,
relay=[219.150.11.186], reject=421 4.3.2 Connection rate limit exceeded.: 3
Time(s)
Milter: helo=localhost, reject=554 5.7.1 Oh, that's original: 2 Time(s)
ruleset=check_relay, arg1=[218.61.190.33], arg2=218.61.190.33,
relay=[218.61.190.33], reject=421 4.3.2 Connection rate limit exceeded.: 1
Time(s)
ruleset=check_relay, arg1=h69-128-95-234.69-128.unk.tds.net,
arg2=69.128.95.234, relay=h69-128-95-234.69-128.unk.tds.net [69.128.95.234],
reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
Milter: helo=192.168.2.99, reject=554 5.7.1 Incorrect format for
address-literal: 1 Time(s)
ruleset=check_relay, arg1=[203.90.176.120], arg2=203.90.176.120,
relay=[203.90.176.120], reject=421 4.3.2 Connection rate limit exceeded.: 1
Time(s)
ruleset=check_relay, arg1=mercury.email.starband.net, arg2=148.78.247.34,
relay=mercury.email.starband.net [148.78.247.34], reject=421 4.3.2 Connection
rate limit exceeded.: 1 Time(s)
ruleset=check_relay, arg1=[222.168.117.233], arg2=222.168.117.233,
relay=[222.168.117.233], reject=421 4.3.2 Connection rate limit exceeded.: 1
Time(s)
ruleset=check_relay, arg1=[218.25.204.72], arg2=218.25.204.72,
relay=[218.25.204.72], reject=421 4.3.2 Connection rate limit exceeded.: 1
Time(s)
ruleset=check_relay, arg1=[221.212.147.216], arg2=221.212.147.216,
relay=[221.212.147.216], reject=421 4.3.2 Connection rate limit exceeded.: 1
Time(s)
ruleset=check_relay, arg1=[218.61.62.193], arg2=218.61.62.193,
relay=[218.61.62.193], reject=421 4.3.2 Connection rate limit exceeded.: 1
Time(s)
ruleset=check_relay, arg1=svarog.email.starband.net, arg2=148.78.247.55,
relay=svarog.email.starband.net [148.78.247.55], reject=421 4.3.2 Connection
rate limit exceeded.: 1 Time(s)
---------------------- sendmail End -------------------------
But I should be seeing a lot more than that, obviously. All of
previous "Milter: connect:" lines are missing.
Doing a quick check by hand:
# cat /var/log/maillog.1 | grep '^Dec 23' | grep Milter: | sed
's/^.*Milter:/Milter:/' | sort | uniq
Milter: connect: host=[125.183.201.107], addr=125.183.201.107, rejecting
commands
Milter: connect: host=16-247.91.219.static.youtele.com, addr=219.91.247.16,
rejecting commands
Milter: connect: host=201-0-14-27.dsl.telesp.net.br, addr=201.0.14.27,
rejecting commands
Milter: connect: host=[203.81.233.146], addr=203.81.233.146, rejecting commands
Milter: connect: host=[203.90.176.120], addr=203.90.176.120, rejecting commands
Milter: connect: host=[210.82.77.190], addr=210.82.77.190, rejecting commands
Milter: connect: host=[211.60.120.152], addr=211.60.120.152, rejecting commands
Milter: connect: host=[218.25.204.72], addr=218.25.204.72, rejecting commands
Milter: connect: host=[218.61.190.33], addr=218.61.190.33, rejecting commands
Milter: connect: host=[218.61.62.193], addr=218.61.62.193, rejecting commands
Milter: connect: host=[219.150.11.186], addr=219.150.11.186, rejecting commands
Milter: connect: host=[219.150.11.208], addr=219.150.11.208, rejecting commands
Milter: connect: host=[219.157.164.8], addr=219.157.164.8, rejecting commands
Milter: connect: host=[219.159.108.234], addr=219.159.108.234, rejecting
commands
Milter: connect: host=[221.209.181.54], addr=221.209.181.54, rejecting commands
Milter: connect: host=[221.209.181.71], addr=221.209.181.71, rejecting commands
Milter: connect: host=[221.212.147.216], addr=221.212.147.216, rejecting
commands
Milter: connect: host=[222.168.117.181], addr=222.168.117.181, rejecting
commands
Milter: connect: host=[222.168.117.233], addr=222.168.117.233, rejecting
commands
Milter: connect: host=48-28-137-85.user.auna.net, addr=85.137.28.48, rejecting
commands
Milter: connect: host=[58.121.83.4], addr=58.121.83.4, rejecting commands
Milter: connect: host=[58.54.20.78], addr=58.54.20.78, rejecting commands
Milter: connect: host=[58.61.119.2], addr=58.61.119.2, rejecting commands
Milter: connect: host=[58.62.96.83], addr=58.62.96.83, rejecting commands
Milter: connect: host=59-112-85-112.dynamic.hinet.net, addr=59.112.85.112,
rejecting commands
Milter: connect: host=[60.17.197.37], addr=60.17.197.37, rejecting commands
Milter: connect: host=[61.2.196.12], addr=61.2.196.12, rejecting commands
Milter: connect: host=[64.207.28.106], addr=64.207.28.106, temp failing
commandsMilter: connect: host=[80.77.10.183], addr=80.77.10.183, rejecting
commands
Milter: connect: host=[82.194.44.59], addr=82.194.44.59, rejecting commands
Milter: connect: host=[84.229.150.17], addr=84.229.150.17, rejecting commands
Milter: connect: host=adsl-068-016-118-091.sip.bct.bellsouth.net,
addr=68.16.118.91, rejecting commands
Milter: connect: host=bb3.starline.ee, addr=217.159.217.215, rejecting commands
Milter: connect: host=client-201.240.130.133.speedy.net.pe,
addr=201.240.130.133, rejecting commands
Milter: connect: host=cpe-024-074-051-142.carolina.res.rr.com,
addr=24.74.51.142, rejecting commands
Milter: connect: host=cpe-66-61-92-199.midsouth.res.rr.com, addr=66.61.92.199,
rejecting commands
Milter: connect: host=cpe-66-91-234-86.san.res.rr.com, addr=66.91.234.86,
rejecting commands
Milter: connect: host=Dial2-RAS8-39.eot.com, addr=209.81.124.101, temp failing
commands
Milter: connect: host=dsl54005B79.pool.t-online.hu, addr=84.0.91.121, rejecting
commands
Milter: connect: host=dsl.dynamic859983205.ttnet.net.tr, addr=85.99.83.205,
rejecting commands
Milter: connect: host=host147-36-static.59-217-b.business.telecomitalia.it,
addr=217.59.36.147, rejecting commands
Milter: connect: host=host-86-107-37-20.bizartelecom.ro, addr=86.107.37.20,
rejecting commands
Milter: connect: host=IGLD-84-229-187-193.inter.net.il, addr=84.229.187.193,
rejecting commands
Milter: connect: host=indium.virtudevelopment.be, addr=207.44.130.26, rejecting
commands
Milter: connect: host=mail.hostingsupport.com, addr=64.182.192.194, temp
failing commands
Milter: connect: host=p508AE43C.dip.t-dialin.net, addr=80.138.228.60, rejecting
commands
Milter: connect: host=pD9E57D11.dip.t-dialin.net, addr=217.229.125.17,
rejecting commands
Milter: connect: host=pool-72-69-95-54.chi01.dsl-w.verizon.net,
addr=72.69.95.54, rejecting commands
Milter: connect: host=ppp77-109.dsl-chn.eth.net, addr=61.11.77.109, rejecting
commands
Milter: connect: host=ppp79-11.dsl-chn.eth.net, addr=61.11.79.11, rejecting
commands
Milter: connect: host=tdev144-136.codetel.net.do, addr=200.88.144.136,
rejecting commands
Milter: data, reject=554 5.7.1 Message rejected; scored too high on the Spam
test.
Milter: helo=192.168.2.99, reject=554 5.7.1 Incorrect format for
address-literalMilter: helo=localhost, reject=554 5.7.1 Oh, that's original
So... Anyone know what might have changed to stop logwatch from
gathering as much useful information? Did one of the log formats
change in either Sendmail or MdF that might cause it to not be
grepped out properly by logwatch?
Of course, that wouldn't have stopped Logwatch from gathering the
useful summary information that it used to about top relays,
volumes handled, etc.
Thanks,
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
