From owner-freebsd-isp@FreeBSD.ORG Sun Aug 8 03:22:46 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB39716A4CE for ; Sun, 8 Aug 2004 03:22:46 +0000 (GMT) Received: from mail.v-com.com (mail.osfiles.com [204.153.195.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id A587043D2F for ; Sun, 8 Aug 2004 03:22:46 +0000 (GMT) (envelope-from rejected@v-com.com) Received: from mail.v-com.com by mail.v-com.com (VisNetic.MailServer.v7.2.4.1) with SMTP id FFY37861 for ; Sat, 07 Aug 2004 20:22:47 -0700 Date: Sat, 07 Aug 2004 20:22:47 -0700 From: rejected@v-com.com To: Message-Id: <822584023@mail.v-com.com> Subject: Message was rejected X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Aug 2004 03:22:46 -0000 Your message was rejected due to our attachment filter. Please inform the recipient. From owner-freebsd-isp@FreeBSD.ORG Tue Aug 10 08:34:40 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8AECA16A4CE for ; Tue, 10 Aug 2004 08:34:40 +0000 (GMT) Received: from mail.act.co.za (mail.act.co.za [196.15.213.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0970143D31 for ; Tue, 10 Aug 2004 08:33:40 +0000 (GMT) (envelope-from spidey@act.co.za) Received: from localhost.act.co.za ([127.0.0.1] helo=localhost) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1BuSA8-0001cV-Lq for freebsd-isp@freebsd.org; Tue, 10 Aug 2004 10:39:16 +0200 Received: from mail.act.co.za ([127.0.0.1]) by localhost (mail.act.co.za [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06066-06 for ; Tue, 10 Aug 2004 10:39:12 +0200 (SAST) Received: from [10.0.1.11] (helo=SPIDEY) by mail.act.co.za with esmtp (Exim 4.24; FreeBSD 5.0) id 1BuSA4-0001cH-Sc for freebsd-isp@freebsd.org; Tue, 10 Aug 2004 10:39:12 +0200 From: "Spidey Knepscheld" To: Date: Tue, 10 Aug 2004 10:33:32 +0200 Organization: ACT Computers Message-ID: <009a01c47eb4$b8c99c10$0b01000a@SPIDEY> MIME-Version: 1.0 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Virus-Scanned: by amavisd-new at act.co.za Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Traffic Monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: spidey@act.co.za List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2004 08:34:40 -0000 Hi Guys I asked for assitance in solving my bandwidth problems in the group and reveived a lot of help I shall give a brief description of my problem again and then if possible I found this product which I am going to impliment could you perhaps have a look at it and tell me what you think and if it should help: http://www.planet.com.tw/product/product_dm.php?product_id=102 &menu_id=29 here is the description of my network (keep in mind it is a 256k going up to 448k in two weeks) Hi I am an ISP running FreeBSD as a firewall and as a Mail Server. My problem is that I am not able to monitor the amount of traffic that user are using on my network. My network looks like this: My Link comes in on a Cisco 805 from the router it goes to the first NIC on the Firewall from the second NIC it runs into a switch and then to the network. What I am looking for is some app that could show me live what ip on my network is utilizing what part of the bandwidth.I know there are a million apps available but I need to see from IP ???? to IP ???? ???? kb/s and then see how much of the 256k is still available. Don't laugh !!I have a 256k Diginet connection and I would like to see who is killing my network. I do get live graphs from my upstream supplier but it shows the line utilization from my router and not who is using what.So I can't be proactive in solving speed issues I need to wait for it to happen and then by a process of elimination disconnect segments of the network and see when the graph drops. Spidey From owner-freebsd-isp@FreeBSD.ORG Tue Aug 10 10:08:16 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BDEA16A4D0 for ; Tue, 10 Aug 2004 10:08:16 +0000 (GMT) Received: from mordrede.visionsix.net (mordrede.visionsix.net [206.113.65.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB67543D2F for ; Tue, 10 Aug 2004 10:08:15 +0000 (GMT) (envelope-from lists@visionsix.com) Received: from vsis169 (unverified [206.113.65.14]) by mordrede.visionsix.net (Vircom SMTPRS 3.2.313.0) with SMTP id ; Tue, 10 Aug 2004 05:08:14 -0500 Message-ID: <00db01c47ec1$f3521fd0$df0a0a0a@visionsix.net> From: "Lewis Watson" To: , References: <009a01c47eb4$b8c99c10$0b01000a@SPIDEY> Date: Tue, 10 Aug 2004 05:08:14 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: Re: Traffic Monitor X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Aug 2004 10:08:16 -0000 > I am an ISP running FreeBSD as a firewall and as a Mail Server. My > problem is that I am not able to monitor the amount of traffic that = user > are using on my network. > What I am looking for is some app that could show me live what ip on = my > network is utilizing what part of the bandwidth.I know there are a > million apps available but I need to see from IP ???? to IP ???? ???? > kb/s and then see how much of the 256k is still available. Don't laugh > !!I have a 256k Diginet connection and I would like to see who is > killing my network. I do get live graphs from my upstream supplier but > it shows the line utilization from my router and not who is using > what.So I can't be proactive in solving speed issues I need to wait = for > it to happen and then by a process of elimination disconnect segments = of > the network and see when the graph drops. >=20 > Spidey >=20 Hi Spidey, There are a few programs that come to mind. You mention to see data in = real time. For this trafshow is nice to have. For more information and a = heavier load you could look at ntop. It provides a great deal of = information. There is also the ability to log IPFW which could also be = used to provide you with some detail. Another possibility is bandwidthd. As mentioned trafshow does show the traffic in real time and is = light-weight and very easy to use. I Ntop runs it's on web server and provides a much greater depth of detail = than what you have mentioned here. Bandwidthd provides graphs (similar to MRTG but monitors each ip address = on the router individually!!) for the hosts it is configured to monitor. = HTH, Lewis Watson From owner-freebsd-isp@FreeBSD.ORG Thu Aug 12 16:55:39 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CFD416A4CE for ; Thu, 12 Aug 2004 16:55:39 +0000 (GMT) Received: from mx2.mail.ru (mx2.mail.ru [194.67.23.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id C3EED43D45 for ; Thu, 12 Aug 2004 16:55:38 +0000 (GMT) (envelope-from avalon_temp@mail.ru) Received: from [80.237.26.193] (port=5578 helo=[127.0.0.1]) by mx2.mail.ru with esmtp id 1BvIrO-000K72-00 for freebsd-isp@FreeBSD.org; Thu, 12 Aug 2004 20:55:26 +0400 Date: Thu, 12 Aug 2004 19:49:23 +0300 From: none X-Mailer: The Bat! (v2.10.01) X-Priority: 3 (Normal) Message-ID: <1741460638.20040812194923@none.no> To: freebsd-isp@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam: Not detected Subject: X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: none List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Aug 2004 16:55:39 -0000 From owner-freebsd-isp@FreeBSD.ORG Fri Aug 13 01:43:14 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ACB6516A4D0 for ; Fri, 13 Aug 2004 01:43:14 +0000 (GMT) Received: from iegate.visy.com.au (iegate.visy.com.au [61.88.84.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F29A43D58 for ; Fri, 13 Aug 2004 01:43:13 +0000 (GMT) (envelope-from mailsweeper@visy.com.au) From: mailsweeper@visy.com.au To: freebsd-isp@freebsd.org Date: Fri, 13 Aug 2004 11:34:58 +1000 (EAST) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="2453231.58.13" Message-Id: <20040813014313.6F29A43D58@mx1.FreeBSD.org> X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: RE: Failed (maree.kydd@visy.com.au) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 01:43:14 -0000 --2453231.58.13 Content-Type: text/plain; charset=US-ASCII A file or object that is not permitted by the Visy Industries mail policy has been detected attached to your message "Failed (maree.kydd@visy.com.au) Scenarios/Incoming/Attachment File Type: 'ItemLength.GE.0'. Certain specific file types are NOT delivered by the Visy Industries Mail System, including executables, sound and video files. Please review the message report before resending - contact the Visynet Support Centre (1800 004 088) if you require assistance with reformatting the message, or have any queries regarding mail policies. --2453231.58.13 Content-Disposition: attachment; filename="TextScan.Htm" MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Text Analysis Results This report describes the search expressions found in this message. MAILsweeper Anti-spam Filter created the following spam analysis of 'T6b644470e90a651a0a738': * Condition Triggered: NumberOfUniqueUrls equal 0 Urls - boost 0. * Condition Triggered: NumberOfPhrases greater_than 1 - boost 1. * Condition Triggered: NotSpamDomain equal false - boost 0. * Condition Triggered: RecipientInSubject - boost 2. * Condition Triggered: TotalSpamBodyPhrases less_or_equals 8 - boost 2. * Condition Triggered: TotalNotSpamBodyPhrases less_or_equals 3 - boost -1. * Analysis: Spam phrases in body: you can view * Analysis: Not spam phrases in body: you can view * Analysis: Spam phrases in subject: * Analysis: Not spam phrases in subject: * Analysis: Forbidden URLs in message: * Analysis: Spam domains found in headers: * Analysis: Not spam domains found in headers: * Analysis: Total number of phrases found: 5 * Analysis: Total number of forbidden URLs: 0 * Analysis: Total number of URLs: 0 * Analysis: Total number of unique URLs: 0 * Analysis: Number of spam phrases in body: 1 * Analysis: Number of not spam phrases in body: 1 * Analysis: Number of spam Urls: 0 * Analysis: Number of not spam Urls: 0 * Analysis: Number of spam phrases in subject: 0 * Analysis: Number of not spam phrases in subject: 0 * Analysis: Number of spam domains in headers: 0 * Analysis: Number of not spam domains in headers: 0 * Analysis: Spam probability: 65 * Analysis: Not spam probability: 34 * Analysis: Html message only: 0 * Analysis: Number of attachments: 0 * Analysis: Percentage of spam phrases in body: 20 * Analysis: Percentage of not spam phrases in body: 20 * Analysis: Percentage of spam URLs in message: 0 * Analysis: Percentage of not spam URLs in message: 0 * Analysis: Recipient found in subject line * Analysis: Maximum consecutive white spaces: 1 --2453231.58.13-- From owner-freebsd-isp@FreeBSD.ORG Fri Aug 13 11:13:56 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DA5816A4CE for ; Fri, 13 Aug 2004 11:13:56 +0000 (GMT) Received: from mail.zvezda.number.ru (inet.zvezda.number.ru [213.247.132.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E30543D3F for ; Fri, 13 Aug 2004 11:13:55 +0000 (GMT) (envelope-from blacksir@number.ru) Received: from [213.247.175.19] (helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1Bva0U-000P1u-Sj for ; Fri, 13 Aug 2004 15:13:58 +0400 From: "Alexander Vasenin aka BlackSir" To: "Freebsd-Isp@Freebsd. Org" Date: Fri, 13 Aug 2004 15:13:59 +0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: base64 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Importance: Normal Subject: Exim+ClamAV: how to temporary block virus sender automatically? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 11:13:56 -0000 SGkgYWxsIQ0KSSdtIHdvcmtpbmcgaW4gYSBsaXR0bGUgSVNQIGNvbXBhbnkuIFdlIGFyZSB1c2lu ZyBFeGltK0NsYW1BVigrc29tZSBvdGhlciBzdHVmZikgZm9yIG91ciBtYWlsIHNlcnZlcnMuIEJl Y2F1c2Ugb2YgTXlkb29tLE5ldHNreSAmIGV0YyBzaGl0IHdlIGFyZSBwcm94eSBhbGwgb3V0Z29p bmcgU01UUCBjb25uZWN0aW9ucyB0aHJvdWdoIG91ciBtYWlsIHNlcnZlcih2aWEgcmV2ZXJzZSBu YXRkICsgc29tZSBpcGZ3IHJ1bGVzKS4gRXZlcnl0aGluZyB3b3JrcyBmaW5lIC0gYWxsIHZpcnVz ZXMgcmVqZWN0ZWQgYnkgb3VyIE1UQSwgYnV0IGl0IHByb2R1Y2VzIGEgaGVhdnkgbG9hZC4gSXMg dGhlcmUgYW55IHdheSBpbiBFeGltIHRvIHRlbXBvcmFyeSBibG9jayB2aXJ1cyBzZW5kZXJzIElQ IGF1dG9tYXRpY2FsbHkgdG8gcmVkdWNlIGxvYWQgb24gTVRBKGFuZCBhc3Npc3QgY2xpZW50cyB0 byBoZWFsIHRoZW1zZWxmLCBiZWNvdXNlIG5vdyB0aGV5IGFyZW4ndCBrbm93IGFueXRoaW5nIGFi b3V0IHRvbnMgb2YgYmxvY2tlZCB2aXJ1cyBlLW1haWxzIGZyb20gdGhlaXIgY29tcHV0ZXJzKT8N Cg0KQWxleGFuZGVyIFZhc2VuaW4gYWthIEJsYWNrU2ly From owner-freebsd-isp@FreeBSD.ORG Fri Aug 13 11:23:20 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6101016A4CE for ; Fri, 13 Aug 2004 11:23:20 +0000 (GMT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 21D0043D45 for ; Fri, 13 Aug 2004 11:23:20 +0000 (GMT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id 925803474C2; Fri, 13 Aug 2004 13:20:52 +0200 (CEST) Date: Fri, 13 Aug 2004 13:20:52 +0200 From: Pawel Malachowski To: freebsd-isp@freebsd.org Message-ID: <20040813112052.GG96469@shellma.zin.lublin.pl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.2i Subject: Re: Exim+ClamAV: how to temporary block virus sender automatically? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 11:23:20 -0000 On Fri, Aug 13, 2004 at 03:13:59PM +0400, Alexander Vasenin aka BlackSir wrote: > We are using Exim+ClamAV(+some other stuff) for our mail servers. > Because of Mydoom,Netsky & etc shit we are proxy all outgoing SMTP > connections through our mail server(via reverse natd + some ipfw rules). > Everything works fine BTW, how do You deal with SPF domains/MTAs? -- Paweł Małachowski From owner-freebsd-isp@FreeBSD.ORG Fri Aug 13 12:37:03 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD10D16A4CE for ; Fri, 13 Aug 2004 12:37:03 +0000 (GMT) Received: from mail.zvezda.number.ru (inet.zvezda.number.ru [213.247.132.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3850643D58 for ; Fri, 13 Aug 2004 12:37:03 +0000 (GMT) (envelope-from blacksir@number.ru) Received: from [213.247.175.19] (helo=blacksir) by mail.zvezda.number.ru with smtp (Exim) id 1BvbIx-00051c-59; Fri, 13 Aug 2004 16:37:07 +0400 From: "Alexander Vasenin aka BlackSir" To: "Pawel Malachowski" , Date: Fri, 13 Aug 2004 16:37:06 +0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: base64 X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 In-Reply-To: <20040813112052.GG96469@shellma.zin.lublin.pl> Importance: Normal Subject: RE: Exim+ClamAV: how to temporary block virus sender automatically? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 12:37:04 -0000 PiBCVFcsIGhvdyBkbyBZb3UgZGVhbCB3aXRoIFNQRiBkb21haW5zL01UQXM/DQoNCk5vdCBhdCBh bGwuIEFsbW9zdCA5NSUgb2YgY2xpZW50cyB1c2UgUkZDMTkxOCBJUC1hZGRyZXNzZXMsIHdoaWxl IG90aGVycyA1JSBkb24ndCBrbm93IGFib3V0IFNQRiBhdCBhbGwuIEkndmUgbmV2ZXIgaGVhcmQg YWJvdXQgU1BGIGZyb20gb3VyIGNsaWVudHMuDQpBbnl3YXksIFNNVFAtcHJveHkgaW4gbXkgY2Fz ZSBpcyBzaW1wbHkgdG8gb3ZlcnJpZGUgYnkgMiBhZGRpdGlvbmFsIHN0cmluZ3MgaW4gaXBmdy4N Cg0KQWxleGFuZGVyIFZhc2VuaW4gYWthIEJsYWNrU2ly