conf/76626: [patch] 460.status-mail-rejects shows destination domain instead of source IP

Rusty Nejdl rnejdl at ringofsaturn.com
Sat Jun 16 12:40:09 UTC 2007 

The following reply was made to PR conf/76626; it has been noted by GNATS.

From: "Rusty Nejdl" <rnejdl at ringofsaturn.com>
To: "Gregory Shapiro" <gshapiro at freebsd.org>
Cc: bug-followup at freebsd.org, rnejdl at ringofsaturn.com
Subject: Re: conf/76626: [patch] 460.status-mail-rejects shows destination 
     domain instead of source IP
Date: Sat, 16 Jun 2007 07:01:19 -0500 (CDT)

 Gregory,
 
 Well, to me, since most of the time when I am rejecting emails, the sender
 email address is spoofed.  I am definitely more interested in knowing what
 ISP's are spamming me most.
 
 [tethys]:/home/rnejdl> /etc/periodic/daily/460.status-mail-rejects
 
 Checking for rejected mail hosts:
  289 TOTAL
    4 [208.97.234.204]
    3 thisistoyou.com [208.66.235.120]
    3 dropspecials.com [69.30.230.84]
    3 [203.156.49.110]
    2 mx1.gatetowinner.com [64.71.164.137]
    2 hn.kd.dhcp [61.52.201.38] (may be forged)
    2 chhor.brillianticon.com [70.42.184.61]
 
 So, when I blocked 208.97.234.204, I managed to block 4 spams from that IP
 in the last 24 hours.
 
 To be honest, the display as it is shown below is of no use to me.  It
 would be great if we could have a way to configure it to show the field
 that you wanted displayed.
 
 Sincerely,
 Rusty Nejdl
 
 Gregory Shapiro wrote:
 > Your patch assumes that only the relay= is of interest in the list.
 > However, in my opinion, the address you are rejecting is more interesting
 > in most cases.  For example, from my own logs:
 >
 > i un 14 00:01:32 gir sm-mta[9280]: l5E71S9N009280: ruleset=check_mail,
 > arg1=<tzdelhi at netbizmoms.com>,
 > relay=ip-51.net-82-216-27.versailles2.rev.numericable.fr [82.216.27.51],
 > reject=451 4.1.8 Domain of sender address tzdelhi at netbizmoms.com does not
 > resolve
 >
 > Jun 14 00:05:17 gir sm-mta[9349]: l5E75ErZ009349: ruleset=check_rcpt,
 > arg1=<benco at example.com>, relay=ful.cnchost.com [297.157.49.28],
 > reject=400 4.0.0 Temporary failure
 >
 > Jun 14 00:12:13 gir sm-mta[9552]: l5E7C812009552: ruleset=check_mail,
 > arg1=<newtripod.com at wonfuproductions.com>,
 > relay=dsl081-247-036.sfo1.dsl.speakeasy.net [64.81.247.36], reject=450
 > 4.1.2 <newtripod.com at wonfuproductions.com>... MX lookup failure for
 > wonfuproductions.com
 >
 > In all three cases, I'm more interested in the address that was rejected
 > instead of the host sending that mail.
 >

More information about the freebsd-bugs mailing list