pflogsum don't count postscreen rejects

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

pflogsum don't count postscreen rejects

lists@rhsoft.net
Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject: RCPT from [119.75.11.68]:53210: 550 5.7.1
Service unavailable; client [119.75.11.68] blocked using *****; from=<****>, to=<[hidden email]>, proto=ESMTP,
helo=<jchzfsrgvu>

pflogsumm don't count postscreen RBL rejects
already using pflogsumm-1.1.5.tar.gz Beta

sadly mailgraph and logwatch also hide them :-(
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

lists@rhsoft.net


Am 25.08.2014 um 16:36 schrieb Stephen Satchell:

> On 08/25/2014 07:12 AM, [hidden email] wrote:
>> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject: RCPT from [119.75.11.68]:53210: 550 5.7.1
>> Service unavailable; client [119.75.11.68] blocked using *****; from=<****>, to=<[hidden email]>, proto=ESMTP,
>> helo=<jchzfsrgvu>
>>
>> pflogsumm don't count postscreen RBL rejects
>> already using pflogsumm-1.1.5.tar.gz Beta
>>
>> sadly mailgraph and logwatch also hide them :-(
>>
>
> I'm seeing "relay denied" in LogWatch for all those attempt to
> [hidden email], and I'm seeing the RLB rejects, but not summarized,
> in logwatch, too.

no, that are others because that below is from a testing
server with only postscreen RBL rejects since only zombies
because until now no MX pointing there


 --------------------- Postfix Begin ------------------------

    8.268K  Bytes accepted                               8,466
    8.268K  Bytes sent via SMTP                          8,466
 ========   ==================================================

        2   Accepted                                   100.00%
 --------   --------------------------------------------------
        2   Total                                      100.00%
 ========   ==================================================

        2   Removed from queue
        2   Sent via SMTP
        4   Postscreen

        2   Postfix start
        1   Postfix stop
        6   Postfix refresh
 ---------------------- Postfix End -------------------------


it would belong somewhere here which is from a different server
the problem is pretty sure the processname "postscreen" instead
"smtpd" in the logs

 ========   ==================================================

        2   5xx Reject sender address                   50.00%
        2   5xx Reject client host                      50.00%
 --------   --------------------------------------------------
        4   Total 5xx Rejects                          100.00%
 ========   ==================================================


> Nice this about open-source software, you can contribute useful code
> snippets to the upstream and have a chance of having them incorporated.
>
> (I'm trying to think how I would want to summarize RBL rejects anyway.
> Summarize by blocker and IP address?)

besides i am not a perl programmer i would like them simply
counted in "rejected" the same way as it would happen
with RBL's without postscreen

pflogsumm also don't count any reject
________________________________________

Postfix log summaries for Aug 25

Grand Totals
------------
messages

     11   received
     11   delivered
      0   forwarded
      0   deferred
      0   bounced
      0   rejected (0%)
      0   reject warnings
      0   held
      0   discarded (0%)

 304373   bytes received
 304373   bytes delivered
      3   senders
      3   sending hosts/domains
      2   recipients
      2   recipient hosts/domains
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Benny Pedersen-2
In reply to this post by lists@rhsoft.net
On 25. aug. 2014 16.13.01 "[hidden email]" <[hidden email]> wrote:

> sadly mailgraph and logwatch also hide them :-(

Mailgraph in git have postscreen
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Quanah Gibson-Mount-3
In reply to this post by lists@rhsoft.net
--On Monday, August 25, 2014 5:12 PM +0200 [hidden email] wrote:

> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject: RCPT
> from [119.75.11.68]:53210: 550 5.7.1 Service unavailable; client
> [119.75.11.68] blocked using *****; from=<****>, to=<[hidden email]>,
> proto=ESMTP, helo=<jchzfsrgvu>
>
> pflogsumm don't count postscreen RBL rejects
> already using pflogsumm-1.1.5.tar.gz Beta
>
> sadly mailgraph and logwatch also hide them :-(

If you file a bug for postfix-logwatch with the pertinent info, I'll see
what I can do about adding it.

--Quanah

--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

lists@rhsoft.net


Am 25.08.2014 um 23:42 schrieb Quanah Gibson-Mount:

> --On Monday, August 25, 2014 5:12 PM +0200 [hidden email] wrote:
>
>> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject: RCPT
>> from [119.75.11.68]:53210: 550 5.7.1 Service unavailable; client
>> [119.75.11.68] blocked using *****; from=<****>, to=<[hidden email]>,
>> proto=ESMTP, helo=<jchzfsrgvu>
>>
>> pflogsumm don't count postscreen RBL rejects
>> already using pflogsumm-1.1.5.tar.gz Beta
>>
>> sadly mailgraph and logwatch also hide them :-(
>
> If you file a bug for postfix-logwatch with the pertinent info, I'll see what I can do about adding it.

could you please post a link to the uptream bugtracker
i happily file bugs upstream and post corss references there

downstream bugreports for Fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1133357
https://bugzilla.redhat.com/show_bug.cgi?id=1133356


Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Quanah Gibson-Mount-3
--On Tuesday, August 26, 2014 1:05 AM +0200 [hidden email] wrote:

>
>
> Am 25.08.2014 um 23:42 schrieb Quanah Gibson-Mount:
>> --On Monday, August 25, 2014 5:12 PM +0200 [hidden email] wrote:
>>
>>> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject: RCPT
>>> from [119.75.11.68]:53210: 550 5.7.1 Service unavailable; client
>>> [119.75.11.68] blocked using *****; from=<****>, to=<[hidden email]>,
>>> proto=ESMTP, helo=<jchzfsrgvu>
>>>
>>> pflogsumm don't count postscreen RBL rejects
>>> already using pflogsumm-1.1.5.tar.gz Beta
>>>
>>> sadly mailgraph and logwatch also hide them :-(
>>
>> If you file a bug for postfix-logwatch with the pertinent info, I'll see
>> what I can do about adding it.
>
> could you please post a link to the uptream bugtracker
> i happily file bugs upstream and post corss references there

<https://sourceforge.net/p/logreporters/bugs/?source=navbar>

--Quanah


--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

lists@rhsoft.net

Am 26.08.2014 um 00:12 schrieb Quanah Gibson-Mount:

> --On Tuesday, August 26, 2014 1:05 AM +0200 [hidden email] wrote:
>
>> Am 25.08.2014 um 23:42 schrieb Quanah Gibson-Mount:
>>> --On Monday, August 25, 2014 5:12 PM +0200 [hidden email] wrote:
>>>
>>>> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject: RCPT
>>>> from [119.75.11.68]:53210: 550 5.7.1 Service unavailable; client
>>>> [119.75.11.68] blocked using *****; from=<****>, to=<[hidden email]>,
>>>> proto=ESMTP, helo=<jchzfsrgvu>
>>>>
>>>> pflogsumm don't count postscreen RBL rejects
>>>> already using pflogsumm-1.1.5.tar.gz Beta
>>>>
>>>> sadly mailgraph and logwatch also hide them :-(
>>>
>>> If you file a bug for postfix-logwatch with the pertinent info, I'll see
>>> what I can do about adding it.
>>
>> could you please post a link to the uptream bugtracker
>> i happily file bugs upstream and post corss references there
>
> <https://sourceforge.net/p/logreporters/bugs/?source=navbar>

done: https://sourceforge.net/p/logreporters/bugs/3/
also cross linked at https://bugzilla.redhat.com/show_bug.cgi?id=1133357
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Jim Seymour-2
In reply to this post by lists@rhsoft.net
On Mon, 25 Aug 2014 16:12:12 +0200
"[hidden email]" <[hidden email]> wrote:

> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject:
> RCPT from [119.75.11.68]:53210: 550 5.7.1 Service unavailable;
> client [119.75.11.68] blocked using *****; from=<****>,
> to=<[hidden email]>, proto=ESMTP, helo=<jchzfsrgvu>
>
> pflogsumm don't count postscreen RBL rejects
> already using pflogsumm-1.1.5.tar.gz Beta
>
> sadly mailgraph and logwatch also hide them :-(
>

Send me a log file snippet big enough to generate meaningful stats
and I'll look at adding it.

I haven't used postscreen, yet, so I haven't the data.  (Nor,
that being the case, have I seen the need.)

I've got some other things people have sent me I need to look to.  I
suppose it's about time pflogsumm got some attention.

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

lists@rhsoft.net

Am 29.08.2014 um 01:57 schrieb Jim Seymour:

> On Mon, 25 Aug 2014 16:12:12 +0200
> "[hidden email]" <[hidden email]> wrote:
>
>> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject:
>> RCPT from [119.75.11.68]:53210: 550 5.7.1 Service unavailable;
>> client [119.75.11.68] blocked using *****; from=<****>,
>> to=<[hidden email]>, proto=ESMTP, helo=<jchzfsrgvu>
>>
>> pflogsumm don't count postscreen RBL rejects
>> already using pflogsumm-1.1.5.tar.gz Beta
>>
>> sadly mailgraph and logwatch also hide them
>
> Send me a log file snippet big enough to generate meaningful stats
> and I'll look at adding it.
>
> I haven't used postscreen, yet, so I haven't the data.  (Nor,
> that being the case, have I seen the need.)
>
> I've got some other things people have sent me I need to look to.  I
> suppose it's about time pflogsumm got some attention
attached - IMHO it's only the processname

i have a perl script from 2006 producing that stats
below which really surprised me

dnsbl.thelounge.net            8
dul.dnsbl.sorbs.net            7
=================================
Total DNSBL rejections:        15


postscreen-log.txt (14K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Wietse Venema
In reply to this post by Jim Seymour-2
Jim Seymour:
> Send me a log file snippet big enough to generate meaningful stats
> and I'll look at adding it.

I have 3.5 years of maillog lying around. I'll try to
dig up a sample of each postscreen logging record.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Nicolas HAHN
In reply to this post by Jim Seymour-2
Hello there,

I'll also take any material or log file snippet provided about
postscreen to implement a parser in the ELSE project, and generate any
usefull stats.

Regards,
Nicolas HAHN



Le 29/08/2014 01:57, Jim Seymour a écrit :

> On Mon, 25 Aug 2014 16:12:12 +0200
> "[hidden email]" <[hidden email]> wrote:
>
>> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject:
>> RCPT from [119.75.11.68]:53210: 550 5.7.1 Service unavailable;
>> client [119.75.11.68] blocked using *****; from=<****>,
>> to=<[hidden email]>, proto=ESMTP, helo=<jchzfsrgvu>
>>
>> pflogsumm don't count postscreen RBL rejects
>> already using pflogsumm-1.1.5.tar.gz Beta
>>
>> sadly mailgraph and logwatch also hide them :-(
>>
> Send me a log file snippet big enough to generate meaningful stats
> and I'll look at adding it.
>
> I haven't used postscreen, yet, so I haven't the data.  (Nor,
> that being the case, have I seen the need.)
>
> I've got some other things people have sent me I need to look to.  I
> suppose it's about time pflogsumm got some attention.
>
> Regards,
> Jim


hahnn.vcf (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Sven Hoexter
In reply to this post by Jim Seymour-2
On Thu, Aug 28, 2014 at 07:57:40PM -0400, Jim Seymour wrote:

Hey Jim,

> I've got some other things people have sent me I need to look to.  I
> suppose it's about time pflogsumm got some attention.

In case you manage to put something together before November I could
upload it in time for the next Debian stable release freeze. I guess
that would be appreciated by some people. :)

Cheers,
Sven
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Nicolas HAHN
In reply to this post by Nicolas HAHN
OK. postscreen logs are now parsed in the ELSE project. Made it
according log examples provided in
http://www.postfix.org/POSTSCREEN_README.html document. However there
are some tiny differences between what's written in this document and
the log format generated by my postfix 2.10.0-1.el6.x86_64 servers.

Also, I've observed that the NOQUEUE rejects log lines generated by
postscreen are slightly different than the ones made by smtpd: I mean
fields are the same (almost), but format is different (fields separated
by comas for postscreen, instead of spaces for smtpd). Maybe recent
versions of Postfix have the same logging format, or would it be
possible to get the same one between both daemons (for ease of parser
coding even if it's trivial)? An example:

With postscreen:

2014-08-29T22:27:21.065488+02:00 smtp3 postfix/postscreen[17893]:
NOQUEUE: reject: RCPT from [94.83.155.**]:25903: 550 5.7.1 Service
unavailable; client [94.83.155.**] blocked using zen.spamhaus.org;
from=<********@business.********>, to=<**********@*****.***>,
proto=ESMTP, helo=<**********-static.83-94-b.business.***********.it>

With smtpd:

2014-08-29T22:03:37.177145+02:00 smtp3 postfix/smtpd[17837]: NOQUEUE:
reject: RCPT from webmail.**********.org[213.30.156.**]: 450 4.7.1
<**************@*********.***>: Recipient address rejected: Greylisting
in action by GreyLSE v 0.9.18. Please come back later.;
from=<**********@********.**> to=<**************@*********.***>
proto=ESMTP helo=<mailhost.**********.org>


Any way, after one hour of data gathering, here below is a first sample
of statistics given by a simple SQL request ran over 2 INCOMING Postfix
servers:

  type_id |   type   | nb
---------+----------+----
        1 | DNSBL    | 93
        4 | PASS OLD |  7
        2 | PREGREET |  6
        3 | HANGUP   |  6
        5 | PASS NEW |  1

It's just incredible the number of emails dropped by DNSBL!!

Regards,
Nicolas HAHN

Le 29/08/2014 08:40, Nicolas HAHN a écrit :

> Hello there,
>
> I'll also take any material or log file snippet provided about
> postscreen to implement a parser in the ELSE project, and generate any
> usefull stats.
>
> Regards,
> Nicolas HAHN
>
>
>
> Le 29/08/2014 01:57, Jim Seymour a écrit :
>> On Mon, 25 Aug 2014 16:12:12 +0200
>> "[hidden email]" <[hidden email]> wrote:
>>
>>> Aug 25 14:55:15 mail-gw postfix/postscreen[29302]: NOQUEUE: reject:
>>> RCPT from [119.75.11.68]:53210: 550 5.7.1 Service unavailable;
>>> client [119.75.11.68] blocked using *****; from=<****>,
>>> to=<[hidden email]>, proto=ESMTP, helo=<jchzfsrgvu>
>>>
>>> pflogsumm don't count postscreen RBL rejects
>>> already using pflogsumm-1.1.5.tar.gz Beta
>>>
>>> sadly mailgraph and logwatch also hide them :-(
>>>
>> Send me a log file snippet big enough to generate meaningful stats
>> and I'll look at adding it.
>>
>> I haven't used postscreen, yet, so I haven't the data.  (Nor,
>> that being the case, have I seen the need.)
>>
>> I've got some other things people have sent me I need to look to.  I
>> suppose it's about time pflogsumm got some attention.
>>
>> Regards,
>> Jim
>


hahnn.vcf (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: pflogsum don't count postscreen rejects

Jim Seymour-2
In reply to this post by Sven Hoexter
On Fri, 29 Aug 2014 14:50:26 +0200
Sven Hoexter <[hidden email]> wrote:

> On Thu, Aug 28, 2014 at 07:57:40PM -0400, Jim Seymour wrote:
>
> Hey Jim,
>
> > I've got some other things people have sent me I need to look
> > to.  I suppose it's about time pflogsumm got some attention.
>
> In case you manage to put something together before November I could
> upload it in time for the next Debian stable release freeze. I guess
> that would be appreciated by some people. :)

Actually, Sven, I'm going to try to get it done this weekend.

Regards,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.