Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Message

Re: [milter-greylist] lost rsyslog messages with milter-greylist

2016-04-13 by Christian Pélissier

Le mardi 12 avril 2016 � 20:47 +0200, manu@... [milter-greylist]
a �crit :
>   
> Christian P�lissier Christian.Pelissier@... [milter-greylist]
> <milter-greylist@yahoogroups.com> wrote:
> 
> > Why milter-greylist do not log a lot of lines just before the
> imuxsock
> > message ? Is it related to the log level ?
> 
> It seems to be a rsyslog issue....

I tried with mail.debug level. The supplementary log I found with debug
is mainly related to DNS whitelisting and SPF. Everytime a mail arrive I
have (mail.debug) a lot of log so I thing this it's the reason of
imuxsock messages when mail rate is high :

(In theses message it will be better to replace DNSRBL by DNSRWL; same
for the message logged at info level "...skipping greylist because
address 152.77.2.202 is in DNSRBL")

Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.swl.spamhaus.org performed in 0.000330s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.swl.spamhaus.org performed in 0.000290s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.swl.spamhaus.org performed in 0.000330s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.swl.spamhaus.org performed in 0.000248s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000388s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000322s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000358s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000408s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000264s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000382s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000357s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000264s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000348s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000299s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000353s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000376s
Apr 12 15:28:54 emix2 milter-greylist: DNSRBL lookup
73.124.92.81.list.dnswl.org performed in 0.000330s
Apr 12 15:28:54 emix2 milter-greylist: current time 28 15 12 4 2
Apr 12 15:28:54 emix2 milter-greylist: current time 28 15 12 4 2
Apr 12 15:28:54 emix2 milter-greylist: time match "0-59 8-18 1-31 1-12
1-5"
Apr 12 15:28:54 emix2 milter-greylist: current time 28 15 12 4 2
Apr 12 15:28:54 emix2 milter-greylist: time match "0-59 8-18 1-31 1-12
1-5"
Apr 12 15:28:54 emix2 milter-greylist: current time 28 15 12 4 2
Apr 12 15:28:54 emix2 milter-greylist: time match "0-59 8-18 1-31 1-12
1-5"
Apr 12 15:28:54 emix2 milter-greylist: current time 28 15 12 4 2
Apr 12 15:28:54 emix2 milter-greylist: time match "0-59 8-18 1-31 1-12
1-5"
Apr 12 15:28:54 emix2 milter-greylist: sm_macro
"may_be_forged" {client_resolve}=OK nomatch
Apr 12 15:28:54 emix2 milter-greylist: current time 28 15 12 4 2
Apr 12 15:28:54 emix2 milter-greylist: time match "0-59 8-18 1-31 1-12
1-5"
Apr 12 15:28:54 emix2 milter-greylist: sm_macro
"may_be_forged" {client_resolve}=OK nomatch
Apr 12 15:28:54 emix2 milter-greylist: SPF return code 2
Apr 12 15:28:54 emix2 milter-greylist: SPF lookup performed in 0.007639s
Apr 12 15:28:54 emix2 milter-greylist: SPF return code 2
Apr 12 15:28:54 emix2 milter-greylist: SPF lookup performed in 0.001203s
Apr 12 15:28:54 emix2 milter-greylist: SPF return code 2
Apr 12 15:28:54 emix2 milter-greylist: SPF lookup performed in 0.001101s
Apr 12 15:28:54 emix2 milter-greylist: SPF return code 2
Apr 12 15:28:54 emix2 milter-greylist: SPF lookup performed in 0.001209s
Apr 12 15:28:54 emix2 milter-greylist: SPF return code 2
Apr 12 15:28:54 emix2 milter-greylist: SPF lookup performed in 0.001268s
Apr 12 15:28:54 emix2 milter-greylist: SPF return code 2
Apr 12 15:28:54 emix2 milter-greylist: SPF lookup performed in 0.001181s

I understand why I have many lines with DNSRWL but is it necessary to
log 6 retry for SPF ?
Theses messages are related for exemple with the following rules 
(perhaps they are to accurate) :

#
# White list RBL list.dnswl.org
#

# Categories (127.0.X.y): X=
# 2 - Financial services
# 3 - Email Service Providers
# 4 - Organisations (both for-profit [ie companies] and non-profit)
# 5 - Service/network providers
# 6 - Personal/private servers
# 7 - Travel/leisure industry
# 8 - Public sector/governments
# 9 - Media and Tech companies
# 10 - some special cases
# 11 - Education, academic
# 12 - Healthcare
# 13 - Manufacturing/Industrial
# 14 - Retail/Wholesale/Services
# 15 - Email Marketing Providers
# Trustworthiness / Score (127.0.x.Y): Y=
#
# 3/High   : Never sends spam.
# 2/Medium : Extremely rare spam occurrences, corrected promptly
# 1/Low    : Occasional spam occurrences, actively corrected but less
promptly.
# 0/None   : Legitimate mail server, may also send spam.
#

#
#dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16
#racl whitelist dnsrbl "MTAWL"
#
# Niveau medium et high (/31 ==> Medium + High)
#
dnsrbl "MTAWL2"  list.dnswl.org 127.0.2.2/31
dnsrbl "MTAWL3"  list.dnswl.org 127.0.3.2/31
dnsrbl "MTAWL4"  list.dnswl.org 127.0.4.2/31
dnsrbl "MTAWL5"  list.dnswl.org 127.0.5.2/31
dnsrbl "MTAWL6"  list.dnswl.org 127.0.6.2/31
dnsrbl "MTAWL7"  list.dnswl.org 127.0.7.2/31
dnsrbl "MTAWL8"  list.dnswl.org 127.0.8.2/31
dnsrbl "MTAWL9"  list.dnswl.org 127.0.9.2/31
dnsrbl "MTAWL10" list.dnswl.org 127.0.10.2/31
dnsrbl "MTAWL11" list.dnswl.org 127.0.11.2/31
dnsrbl "MTAWL12" list.dnswl.org 127.0.12.2/31
dnsrbl "MTAWL13" list.dnswl.org 127.0.13.2/31
dnsrbl "MTAWL14" list.dnswl.org 127.0.14.2/31
dnsrbl "MTAWL15" list.dnswl.org 127.0.15.2/31

racl whitelist dnsrbl "MTAWL2"
racl whitelist dnsrbl "MTAWL3"
racl whitelist dnsrbl "MTAWL4"
racl whitelist dnsrbl "MTAWL5"
racl whitelist dnsrbl "MTAWL6"
racl whitelist dnsrbl "MTAWL7"
racl whitelist dnsrbl "MTAWL8"
racl whitelist dnsrbl "MTAWL9"
racl whitelist dnsrbl "MTAWL10"
racl whitelist dnsrbl "MTAWL11"
racl whitelist dnsrbl "MTAWL12"
racl whitelist dnsrbl "MTAWL13"
racl whitelist dnsrbl "MTAWL14"
#racl whitelist dnsrbl "MTAWL15"



Here is a short ksh93 code to know if an IP is in a DNSRWL

# dnswl 138.100.198.70
FQDN : 138.100.198.70 : neon-v2.ccupm.upm.es. : 138.100.198.70
swl.spamhaus.org/138.100.198.70 : 
list.dnswl.org/138.100.198.70 : 127.0.11.2 : Education, academic :
Extremely rare spam occurrences : 

# dnswl 129.104.30.15
FQDN : 129.104.30.15 : mx-b.polytechnique.fr. : 129.104.30.15
swl.spamhaus.org/129.104.30.15 : 
list.dnswl.org/129.104.30.15 : 127.0.11.2 : Education, academic :
Extremely rare spam occurrences : 


===== CUT HERE
#!/bin/ksh

export PATH=/bin:/usr/bin:/usr/sbin

#
# Codes dans IP 127 retourn�s par les DNSRWL
#

# SPAMHAUS
# White list at spamhaus.org :
# http://www.spamhauswhitelist.com/en/techfaq.php


# SWL
#127.0.2.2   IP sending individual mail
#127.0.2.3   IP sending transactions
#127.0.2.102 IP sending individual mail - Temporary Listing (entry will
expire)
#127.0.2.103 IP sending transactions - Temporary Listing (entry will
expire)

#
# White list RBL list.dnswl.org
#

# Categories (127.0.X.y): X=

dnswlxcodes=( [2]="Financial services"
[3]="Email Service Providers"
[4]="Organisations profit/non-profit"
[5]="Service/network providers"
[6]="Personal/private servers"
[7]="Travel/leisure industry"
[8]="Public sector/governments"
[9]="Media and Tech companies"
[10]="Some special cases"
[11]="Education, academic"
[12]="Healthcare"
[13]="Manufacturing/Industrial"
[14]="Retail/Wholesale/Services"
[15]="Email Marketing Providers"
)

dnswlYcodes=( [0]="Legitimate mail server, may send spam"
[1]="Occasional spam occurrences"
[2]="Extremely rare spam occurrences"
[3]="Never sends spam"
)


#dnsrbl "MTAWL" list.dnswl.org 127.0.0.0/16
#racl whitelist dnsrbl "MTAWL"

if [[ x$1 == x ]]
then
  print "usage : dnswl @IP"
  exit 1
fi

IP=$1
print "$IP" | IFS="." read A B C D
RWL1=$D.$C.$B.$A.swl.spamhaus.org
RWL2=$D.$C.$B.$A.list.dnswl.org

FQDN=$(dig +short -x $IP)
print "FQDN : $IP : $FQDN : $(dig +short $FQDN)"
print -n "swl.spamhaus.org/"
print -n "$IP : "
R1=$(dig +short $RWL1)
print -n "$R1"
print
print -n "list.dnswl.org/"
print -n "$IP : "
R2=$(dig +short $RWL2)
print -n "$R2 : "
print "$R2" | IFS="." read A B Y x
print -n "${dnswlxcodes[$Y]} : "
print -n "${dnswlYcodes[$x]} : "
print
=============



> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...

> 

-- 
Christian P�lissier / 34419
ONERA DRI/RSC
BP72 92322 Chatillon CEDEX

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.