Re: [qmailtoaster] Spamdyke Statistics error

[Brent Gardner]

On 12/19/2012 12:56 AM, Giuseppe Perna wrote:
Hello,
thanks for you replay.
@4000000050d172131ddcbcbc tcpserver: ok 8032
mail.server.it:192.168.xx.xx:25 :176.28.51.172::44551
@4000000050d17214148dbddc tcpserver: status: 26/100
@4000000050d17214148dc5ac tcpserver: pid 8033 from 88.135.xx.xx
@4000000050d17214148dc5ac tcpserver: ok 8033
mail.server.it:192.168.xx.xx:25 :88.135.155.180::39332
@4000000050d172153b18325c CHKUSER accepted sender: from
<i...@poste.it::>  remote
<xtrahost.picadorltd.eu:unknown:82.113.145.166>  rcpt<>  : sender
accepted
@4000000050d172153b183644 DENIED_GRAYLISTED from: i...@poste.it to:
aff...@dominio.it origin_ip: 82.113.145.166 origin_rdns:
xtrahost.picadorltd.eu auth: (unknown)
@4000000050d17216091ed0e4 tcpserver: end 7687 status 0
@4000000050d17216091ed8b4 tcpserver: status: 25/100
@4000000050d1721632cbe60c DENIED_RDNS_RESOLVE from: uffi...@bper.it
to: webmas...@comune.it origin_ip: 72.245.192.117 origin_rdns:
h-72-245-192-117.snfccasy.static.covad.net auth: (unknown)
@4000000050d1721709685d04 tcpserver: status: 26/100
@4000000050d1721709698db4 tcpserver: pid 8038 from 151.1.244.162
@4000000050d17217096a35ac tcpserver: ok 8038
mail.server.it:192.168.xx.xx:25 :151.1.244.162::40328
@4000000050d172170eb9a164 tcpserver: end 7903 status 0
@4000000050d172170eb9a54c tcpserver: status: 25/100






@4000000050d1722c180fe3a4 DENIED_RDNS_MISSING from:
formazi...@dirittoitalia.it to: bradamantepicare...@diominio.it
origin_ip: 151.13.210.218 origin_rdns: (unknown) auth: (unknown)
@4000000050d1722c1feb034c tcpserver: end 8132 status 0
@4000000050d1722c1feb0b1c tcpserver: status: 31/100
@4000000050d1722c24d5c57c tcpserver: status: 32/100
@4000000050d1722c24d5c964 tcpserver: pid 8134 from 151.13.210.218
@4000000050d1722c24d5cd4c tcpserver: ok 8134
mail.server.it:192.168.xx.xx:25 :151.13.210.218::52216
@4000000050d1722c2b4f68f4 DENIED_RDNS_RESOLVE from:
vir...@grupocuina.com to: ute...@dominio.it origin_ip: 122.143.143.199
origin_rdns: 199.143.143.122.adsl-pool.jlccptt.net.cn auth: (unknown)
@4000000050d1722d00e170e4 DENIED_RDNS_MISSING from:
formazi...@dirittoitalia.it to: ute...@dominio.it origin_ip:
151.13.210.218 origin_rdns: (unknown) auth: (unknown)
@4000000050d1722d0948de84 tcpserver: end 8134 status 0
@4000000050d1722d0948e26c tcpserver: status: 31/100
@4000000050d1722d0edd03fc tcpserver: status: 32/100
@4000000050d1722d0edd07e4 tcpserver: pid 8136 from 151.13.210.218
@4000000050d1722d0edd0bcc tcpserver: ok 8136
mail.server.it:192.168.70.198:25 :151.13.210.218::52217
@4000000050d1722d1ffb1494 tcpserver: end 8109 status 0
@4000000050d1722d1ffb187c tcpserver: status: 31/100
@4000000050d1722d26513a1c DENIED_RDNS_MISSING from:
formazi...@dirittoitalia.it to: ute...@comune.it origin_ip:
151.13.210.218 origin_rdns: (unknown) auth: (unknown)



rpm -qa |grep qmail

qmail-toaster-1.03-1.3.15
qmailadmin-toaster-1.2.11-1.3.4
qmailtoaster-plus-0.3.0-1.4.4
qmail-pop3d-toaster-1.03-1.3.15
qmailmrtg-toaster-4.2-1.3.3



qmailctl stat

authlib: up (pid 23868) 2296 seconds
clamd: up (pid 23869) 2296 seconds
imap4: up (pid 23916) 2296 seconds
imap4-ssl: up (pid 23871) 2296 seconds
pop3: up (pid 23855) 2297 seconds
pop3-ssl: up (pid 23888) 2296 seconds
send: up (pid 23889) 2296 seconds
smtp: up (pid 23854) 2296 seconds
spamd: up (pid 23890) 2296 seconds
submission: up (pid 23899) 2296 seconds
authlib/log: up (pid 23862) 2297 seconds
clamd/log: up (pid 23870) 2296 seconds
imap4/log: up (pid 23917) 2296 seconds
imap4-ssl/log: up (pid 23872) 2296 seconds
pop3/log: up (pid 23853) 2297 seconds
pop3-ssl/log: up (pid 23882) 2296 seconds
send/log: up (pid 23895) 2296 seconds
smtp/log: up (pid 23867) 2296 seconds
spamd/log: up (pid 23877) 2296 seconds
submission/log: up (pid 23887) 2296 seconds



Interesting.

These lines appear to be Spamdyke log entries:

@4000000050d172153b183644 DENIED_GRAYLISTED from: i...@poste.it to: 
aff...@dominio.it origin_ip: 82.113.145.166 origin_rdns: 
xtrahost.picadorltd.eu auth: (unknown)
@4000000050d1721632cbe60c DENIED_RDNS_RESOLVE from: uffi...@bper.it to: 
webmas...@comune.it origin_ip: 72.245.192.117 origin_rdns: 
h-72-245-192-117.snfccasy.static.covad.net auth: (unknown)
@4000000050d1722c180fe3a4 DENIED_RDNS_MISSING from: 
formazi...@dirittoitalia.it to: bradamantepicare...@diominio.it 
origin_ip: 151.13.210.218 origin_rdns: (unknown) auth: (unknown)
@4000000050d1722c2b4f68f4 DENIED_RDNS_RESOLVE from: 
vir...@grupocuina.com to: ute...@dominio.it origin_ip: 122.143.143.199 
origin_rdns: 199.143.143.122.adsl-pool.jlccptt.net.cn auth: (unknown)
@4000000050d1722d00e170e4 DENIED_RDNS_MISSING from: 
formazi...@dirittoitalia.it to: ute...@dominio.it origin_ip: 
151.13.210.218 origin_rdns: (unknown) auth: (unknown)
@4000000050d1722d26513a1c DENIED_RDNS_MISSING from: 
formazi...@dirittoitalia.it to: ute...@comune.it origin_ip: 
151.13.210.218 origin_rdns: (unknown) auth: (unknown)


But they're missing the spamdyke[<pid>]: component.

Here's some examples from one of my machines:

@4000000050d1e8df3aebf23c spamdyke[13723]: FILTER_RDNS_RESOLVE ip: 
173.44.176.116 rdns: wrht116.sigmalimit.com
@4000000050d1e8e00b382394 spamdyke[13723]: DENIED_RDNS_RESOLVE from: 
heinr...@yourdailypromo.co.uk to: us...@example.com origin_ip: 
173.44.176.116 origin_rdns: wrht116.sigmalimit.com auth: (unknown) 
encryption: (none)
@4000000050d1e8e22b6d939c spamdyke[13725]: FILTER_RBL_MATCH ip: 
222.229.22.33 rbl: zen.spamhaus.org
@4000000050d1e8e435fecac4 spamdyke[13725]: DENIED_RBL_MATCH from: 
inkwellw...@east2west.info to: us...@example.com origin_ip: 
222.229.22.33 origin_rdns: s33.22.229.222.fls.vectant.ne.jp auth: 
(unknown) encryption: (none)


Not sure what would cause this.  Here's entries from my spamdyke.conf 
which control logging:

log-level=verbose
log-target=stderr


Brent Gardner



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com