Changes

Jump to navigation Jump to search
2,890 bytes added ,  16:55, 17 August 2014
Line 151: Line 151:     
==Useful Commands==
 
==Useful Commands==
===Count messages denied by each DNSBL Block List===
+
===Count messages denied by DNSBL Block Lists===
 
This command scans the qpsmtpd log files closed in the last 3 days and counts the number of messages blocked by each DNS block list.  The count (and the displayed value) is based on the content after "http://" and before the third "/" in the message section of the the log entry.
 
This command scans the qpsmtpd log files closed in the last 3 days and counts the number of messages blocked by each DNS block list.  The count (and the displayed value) is based on the content after "http://" and before the third "/" in the message section of the the log entry.
 
  <nowiki>awk -F"[\t]" ' /logterse.*dnsbl/ \
 
  <nowiki>awk -F"[\t]" ' /logterse.*dnsbl/ \
Line 175: Line 175:  
10918 www.spamhaus.org
 
10918 www.spamhaus.org
 
3358 www.gbudb.com</nowiki>
 
3358 www.gbudb.com</nowiki>
 +
 +
===Display messages that would have been blocked via DNSBL===
 +
From time to time I try out new DNSBL services.  Some of these generate instant comlaints from my users about correspondents who can no longer send us email.
 +
 +
The command below will:
 +
* ask you how many days of logfiles to scan (logfiles closed in the last "x" days)
 +
* ask you for the DNSBL service to test (the dns domain used by the service)
 +
* scan your logs for messages NOT denied due to a dnsbl entry
 +
* look up the sending IP in the DNSBL service you are testing
 +
* output the following info for each matching entry:
 +
** Date and time of the email was logged by your server
 +
** The original disposition ("queued", or the denying plugin name)
 +
** The spamassassin score assigned to the message when it was logged (if available)*
 +
** The sender's email address (if available)<sup>*</sup>
 +
** The recipient email address (if available)<sup>*</sup>
 +
** The CURRENT<sup>**</sup> DNSBL results for the sending IP using the DNSBL service you specified
 +
*** A Record
 +
*** TXT Record
 +
<sup>*</sup> The sender email, recipient email and spamassassin score can only be included if your mail server logged this information.  For example, a message denied by "check_earlytalker" will not have a spamassassin score, sender email, or recipient email.  A message denied by "check_smtp_forward" (if you use an internal mail server) will not have a spamassassin score, but will have sender and recipient.
 +
 +
<sup>**</sup> You may see emails that were '''queued''' by your mail server in the past that would be denied by DNSBL services you already use in the present.  This indicates that your DNSBL service lists the indicated IP now, but did not list it when the email was received. You will also see some messages that were '''denied''' by a plugin that is processed by qpsmtpd before the dnsbl plugin, like "check_earlytalker", "require_resolvable_fromhost", etc.
 +
 +
You can use the output to decide if the new DNSBL service is appropriate for your users, or if it is too aggressive.
 +
<nowiki>if [ -z $DAYS ]; then DAYS=1; fi; \
 +
if [ -z $TESTBL ]; then TESTBL=zen.spamhaus.org; fi; \
 +
echo -n "Days of logfiles to scan [$DAYS]: "; read NEWDAYS; \
 +
echo -n "DNSBL to test [$TESTBL]: "; read NEWTESTBL; \
 +
if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \
 +
if [ $NEWTESTBL ]; then TESTBL=$NEWTESTBL; fi; \
 +
grep -h logging::logterse  $(find /var/log/qpsmtpd -ctime -$DAYS) \
 +
|grep -v dnsbl.903 \
 +
|tai64nlocal \
 +
|awk -v DNSBL=$TESTBL -F"\t" '{split($1,intro," "); split(intro[8],ip,"."); split($9,hits," "); split( intro[2],time,"."); \
 +
print "echo -ne \"" intro[1] " " time[1] "\t" $6 "\t" (hits[2]) \
 +
"\tFrom: " gensub("[<>]","","g",$4) \
 +
"\tTo: " gensub("[<>]","","g",$5) \
 +
"\tA: `dig +short " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL \
 +
"`\tTXT: \" ; echo -e \"`dig +short txt " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL "`\""}' |bash | grep 127\.0</nowiki>
 +
 
----
 
----
 
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category:Administration:Monitoring]]
 
[[Category:Administration:Monitoring]]
 
[[Category:Mail]]
 
[[Category:Mail]]

Navigation menu