>-----Message d'origine-----
>De : [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] la part de Dale Qualls
>Envoy=E9 : mercredi 30 avril 2008 14:28
>=C0 : [email protected]
>Objet : [xmail] Re: glst issue with trips not being recognized
>
>
>Thanks for your response, Francis, I appreciate it.
>Am I missing something? Is there a specific glst log that I can't=20
>find? I don't see any options in the docs that suggest it. =20
>/var/log/messages doesn't hold anything. I thought only the smtp logs =
>would hold the data (the EFILTER entries signifying the rejection).
>
For the logs', I speaked about 'Xmail filters log' not glst logs (it =
don't
generate any) :)
xmail filters logs are enabled with xmail cmd line parameter "-Qg"
After enabled it and restart xmail, you should found =
"filter-yyyymmddhhmm"
files in <mailroot>/logs directory.
In the filter log, on each line just before the last quotted string is =
the
value returned by glst
A rejected glst line (retry later) should be like this one :
"from_email" "to_email" "to_ip" "from_ip" "date time"
"pre-data" "" "0" "3" "glst;--mfile;tmpmailfilepath;"
(here glst return value is "3", meaning reject)
A accepted glst line (continue) should be like this one :
"from_email" "to_email" "to_ip" "from_ip" "date time"
"pre-data" "" "0" "0" "glst;--mfile;tmpmailfilepath;"
(here glst return value is "0", meaning pass/continue process)
>I'm also a bit confused on the xnet entries and I hope someone=20
>can shed=20
>some light on this. Maybe I'm just IP stupid, but in my glst.conf=20
>(which admittedly I compiled from other examples on the web) I have=20
>these entries.
>
>xnet=3D64.233.184.0,255.255.255.0
>xnet=3D65.82.241.160,255.255.255.255
>xnet=3D217.158.50.178,255.255.255.255
>
>If adding new entries, how would you determine the subnet to=20
>use? Wouldn't the broadcast (255.255.255.255) handle it? I=20
>find it strange that two class A addresses are using different =
subnets.
>
Simply consider xnet syntax as :
xnet=3DNetwork_IP,Network_Mask
So, if you want to only 'xnet' ONE specific Ip, use :
xnet=3DTheIpToExcludeFromGlst,255.255.255.255
:)
>In the mnet entries I'm also confused. How is the subnet=20
>determined (or found) here?
>
>mnet=3D65.52.0.0,255.255.255.0,255.252.0.0
>mnet=3D64.4.0.0,255.255.255.0,255.255.192.0
>
'mnet' syntax :
mnet=3DNetwork_Ip,Matching_Network_Mask,Glst_Network_Mask
So consider a mnet as two networks definitions :
Matching Network to apply this mnet entry : Network_Ip with mask
Matching_Network_Mask
Resulting Network after applying this mnet entry : Network_Ip with
Glst_Network_Mask
For this mnet rule "mnet=3D65.52.0.0,255.255.255.0,255.252.0.0" you get =
:
For any input ip from 65.52.0.x range ('matched' with 65.52.0.0 mask
255.255.255.0), apply the second mask to obtain the resulting ip that =
will
be entered in glst database so here 65.52.0.0 (65.52.0.x (original ip)
masked with 255.252.0.0)
If where is NO other rule for 65.53 to 65.55 networks, this rule is =
just
'strange' but functionnal.
If where is another active mnet using 65.53 to 65.55 networks like this =
one
"65.54.0.0,255.255.255.0,255.252.0.0" the resulting ip will be =
65.52.0.0
too, 'mapping' from one network to another. If it's not the same ip =
owner,
this could be a problem (bypass glst).
The rule mnet=3D65.52.0.0,255.255.255.0,255.255.0.0 will do exaclty the =
same
think without this 'cross networks' problem.
Except very rare cases, the 'Glst_Network_Mask' is at least same or =
more
'restrictive' than the 'Matching_Network_Mask'
>Wow, after looking at these I just had the realization that I'm not IP =
>stupid, just IP ignorant...
>
>Thanks!
>
Francis
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
