conf/76626: [patch] 460.status-mail-rejects shows destination
domain instead of source IP
Rusty Nejdl
rnejdl at ringofsaturn.com
Sat Jun 16 12:40:09 UTC 2007
The following reply was made to PR conf/76626; it has been noted by GNATS.
From: "Rusty Nejdl" <rnejdl at ringofsaturn.com>
To: "Gregory Shapiro" <gshapiro at freebsd.org>
Cc: bug-followup at freebsd.org, rnejdl at ringofsaturn.com
Subject: Re: conf/76626: [patch] 460.status-mail-rejects shows destination
domain instead of source IP
Date: Sat, 16 Jun 2007 07:01:19 -0500 (CDT)
Gregory,
Well, to me, since most of the time when I am rejecting emails, the sender
email address is spoofed. I am definitely more interested in knowing what
ISP's are spamming me most.
[tethys]:/home/rnejdl> /etc/periodic/daily/460.status-mail-rejects
Checking for rejected mail hosts:
289 TOTAL
4 [208.97.234.204]
3 thisistoyou.com [208.66.235.120]
3 dropspecials.com [69.30.230.84]
3 [203.156.49.110]
2 mx1.gatetowinner.com [64.71.164.137]
2 hn.kd.dhcp [61.52.201.38] (may be forged)
2 chhor.brillianticon.com [70.42.184.61]
So, when I blocked 208.97.234.204, I managed to block 4 spams from that IP
in the last 24 hours.
To be honest, the display as it is shown below is of no use to me. It
would be great if we could have a way to configure it to show the field
that you wanted displayed.
Sincerely,
Rusty Nejdl
Gregory Shapiro wrote:
> Your patch assumes that only the relay= is of interest in the list.
> However, in my opinion, the address you are rejecting is more interesting
> in most cases. For example, from my own logs:
>
> i un 14 00:01:32 gir sm-mta[9280]: l5E71S9N009280: ruleset=check_mail,
> arg1=<tzdelhi at netbizmoms.com>,
> relay=ip-51.net-82-216-27.versailles2.rev.numericable.fr [82.216.27.51],
> reject=451 4.1.8 Domain of sender address tzdelhi at netbizmoms.com does not
> resolve
>
> Jun 14 00:05:17 gir sm-mta[9349]: l5E75ErZ009349: ruleset=check_rcpt,
> arg1=<benco at example.com>, relay=ful.cnchost.com [297.157.49.28],
> reject=400 4.0.0 Temporary failure
>
> Jun 14 00:12:13 gir sm-mta[9552]: l5E7C812009552: ruleset=check_mail,
> arg1=<newtripod.com at wonfuproductions.com>,
> relay=dsl081-247-036.sfo1.dsl.speakeasy.net [64.81.247.36], reject=450
> 4.1.2 <newtripod.com at wonfuproductions.com>... MX lookup failure for
> wonfuproductions.com
>
> In all three cases, I'm more interested in the address that was rejected
> instead of the host sending that mail.
>
More information about the freebsd-bugs
mailing list