Logging bandwidth usage with PF
Misc list: I'm trying to figure out a way to log and analyze bandwidth usage passing through my PF gateway. It's doing NAT for ~60 users. Here are the pertinent logging rules; rdr pass log on $ext_if proto tcp to port smtp - $host rdr pass log on $ext_if proto tcp to port www - $host rdr pass log on $ext_if proto tcp to port pop3 - $host rdr pass log on $ext_if proto tcp to port 1494 - $host rdr pass log on $ext_if proto tcp to port 3389 - $host pass out log keep state I've tried analyzing pflogs using ethereal/wireshark but could not get specifics about IP's and connection rates from it. I've also looked at ntop and pftop, which looks good for real-time monitoring but I don't think they apply for what I'm trying to do. I'd like to generate a sorted list of top bandwidth hogs and their IP addresses. Thanks. Joel
spamd blacklists
So where do I find Bob Beck's spamd list?
sendmail and Undeliverables
I've recently setup an access list with the following: To:mydomain.com REJECT To:[EMAIL PROTECTED] OK To:[EMAIL PROTECTED] OK etcetera, which has really helped in reducing the amount of DSN reports I receive. (Thanks to Claus A_mann for the suggestion) I'm still getting a couple here and there and I'm trying to figure out how to prevent them as it concerns me a little. Here is a sample: Your message did not reach some or all of the intended recipients. Subject: Returned mail: see transcript for details Sent: 2/28/2006 11:58 AM The following recipient(s) could not be reached: [EMAIL PROTECTED] on 3/1/2006 4:46 PM The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. mfg.mydomain.com #5.1.1 SMTP; 550 RCPT TO:[EMAIL PROTECTED] User unknown I'm concerned that sendmail is even accepting these messages as they have nothing to do with my domain and I don't know how to prevent this behavior, any info on this subject would be appreciated, thank you.
sendmail DSN reports
I have a mail filter gateway setup running sendmail, smtp-vilter and spamassassin. All incoming mail gets delivered to this machine before being passed onto an exchange server. My issue is whenever a spammer sends mail to a bogus user at my real domain, I get a DSN from the sendmail box because exchange is configured to only accept email for accounts that actually exist. I'm considering the -N never option of sendmail but I wanted to run it by the list first because I know not sending notifications isn't the best idea. Any other things I can do to resolve this problem? Thanks. -jg
ADSL and PPPoA
Hello, I'm trying to replace a USR router with a BSD one. The USR router is getting its IP, Gateway, and DNS from the ISP supplied modem currently. When trying to setup the BSD firewall/router on the ADSL connection from ns4all in the Netherlands, it does get an IP address assigned via dhcp-spoofing (the modem's address is 10.0.0.138 by default). I do not get a default gateway though, and after looking at the default gateway of the USR router prior to switching, it was on a entirely different network. I'm wondering if anyone has any suggestions to get this working. The IP address issued is a 82.92.239.xx address and the default gateway is 195.190.249.xx which makes no sense to me. Thanks, Joel
Re: ADSL and PPPoA
On 2/27/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/02/27 16:02, Joel Gudknecht wrote: I'm trying to replace a USR router with a BSD one. The USR router is getting ns4all in the Netherlands, it does get an IP address assigned via dhcp-spoofing (the modem's address is 10.0.0.138 by default). I do not get a default gateway though, and after looking at the default gateway of the USR router prior to switching, it was on a entirely different network. Is it receiving a netmask such that it ARPs for the whole internet? 'ifconfig -a' and 'netstat -rn' output might help. 10.0.0.138 sounds like a speedtouch and can probably be configured more sensibly though... The netmask is 255.0.0.0 and yes, it's a speedtouch. What part would you recommend reconfiguring? I had a look at the web-interface and nothing jumped out that I should have changed. I'm trying to avoid having to mess with pppoe in userland if at all possible.
smtp-vilter + spamassassin Subject header rewrites
Does the smtp-vilter.conf line spam-subject-prefix=*SPAM* override spamassassins rewrite_header subject ***SPAM*** (from /etc/mail/spamassassin/local.cf) because I never see the subject being modified by spamassassin? Thanks, -JG