Date: Sun, 14 Jan 2001 11:36:58 +0100 From: "Leif Neland" <leifn@neland.dk> To: "Kal Torak" <kaltorak@quake.com.au>, =?Windows-1252?Q?Michael_Lyngb=F8l?= <michael@lyngbol.dk> Cc: "J & C Frazier" <admin@csocs.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: Problems with sendmail and NSI Message-ID: <004201c07e33$a3495d60$0e00a8c0@neland.dk> References: <3A60EE08.3C9CD7AF@csocs.com> <20010114100939.A81339@tigerdyr.lyngbol.dk> <3A61755C.DD1690A4@quake.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_0180_01C07E1E.4DC2BAE0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
I don't recommend running dnsbl unattended.
I have created this awk-script, which I run every hour. It creates a =
webpage which list reason, server, sender and recipient for rejected =
messages.
BEGIN {OFS=3D"|"};
/check_rcpt/ || /Check_Subject/ {
gsub("<","");=20
gsub(">,","");=20
rcpt[$6]=3Dsubstr($8,6);relay[$6]=3Dsubstr($9,7);
gsub("/"," ");
reas=3D$(NF);
# for (m=3D10;m<=3DNF;m++) {if ($(m)~"@") {$(m)=3D"xxx";print =
$0,"<br>"} };
n=3Dindex($0,"... ");
reason1=3Dsubstr($0,n+4);
match(reason1," [^ ]+@[^ ]+ ");
reason[$6]=3Dreason1;
if (RSTART) {
reason[$6]=3Dsubstr(reason1,1,RSTART) " " =
substr(reason1,RSTART+RLENGTH);
}
if ($0~"check MX") reason[$6]=3D"Kan ikke kontrollere MX for =
modtageren";
if ($7~"Subject") reason[$6]=3D"I LOVE YOU";
}
$6 in rcpt && $7~"from=3D" {
gsub("\+","-");gsub("<",""); gsub(">,","");
fr=3D$7;gsub("@"," @ ",fr);
from[$6]=3Dsubstr(fr,6);
print reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"}
END {
system("sort /tmp/filter.tmp|uniq -c >/tmp/filter.tmp2");
FS=3D"|";
OFS=3D"";
print "<html><head><title>Spamfilter</title>";
print "</head>";
print "<body bgcolor=3D\"#ffffcc\">";
print "<center><h1>Breve stoppet i spamfilter<br>"DAG"</h1></center>";
print "<table width=3D100% =
border=3D1><tr><th>Antal</th><th>Server</th><th>Afsender</th><th>Modtager=
</th></tr>";
while (getline<"/tmp/filter.tmp2">0)
{ ant=3Dsubstr($1,1,8);newreason=3Dsubstr($1,9);
if (newreason!=3Doldreason) {oldreason=3Dnewreason;
p++;
print "<tr><th colspan=3D4 bgcolor=3D\"#",(p%2)?"ccaaaa":"aaccaa","\">";
if (newreason=3D=3D"blocked.html") {print "Serveren er blokeret af ORBS =
fordi den videresender spam"}
else {=20
if (newreason=3D=3D"rss") {print "Serveren er blokeret af =
mail-abuse.org fordi den videresender spam"}
else {
if (newreason=3D=3D"rbl") {print "Serveren er blokeret af =
mail-abuse.org fordi den SELV sender spam"}
else {
if (newreason=3D=3D"enduser.htm") {print "En fremmed =
modemopkobling må ikke sende post direkte"}
else {
if (newreason=3D=3D"denied") {print "Relaying denied: Modtager =
er ikke kunde her, eller afsender benytter ikke vores modems"}
else
if (newreason=3D=3D"exist") {print "Domainet findes ikke"}
else {
if (newreason=3D=3D"resolve") {print "Domainet kan ikke =
slås op"}
else {
print newreason
}
}
}
}
}
}
print "</th></tr>";
}
color=3D(p%2)?"ccaaaa":"aaccaa";
printf "<tr bgcolor=3D\"#%s\"><td =
align=3Dright>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",color,ant,=
$2,$3,$4}
print "</table></body><html>"
}
Antal Server Afsender Modtager=20
(orbs)Your mailserver is not allowed to send because it is an open =
spam-relay:call+45 33119898 ext 2 or see http: www.orbs.org blocked.html =
=20
1 hard.yesnet.net.au root @ hard.hornymail.net jvhansen@=20
1 knut.kumoh.ac.kr FreeTV8 @ eagle.aegsp.br desitek@=20
(rss)Your mailserver is not allowed to send to us because it is an =
open spam-relay;call+45 33119898 ext 2 or see http: mail-abuse.org rss =20
1 IDENT:root@[200.33.248.34], FreeTV2 @ eagle.aegsp.br autzen@=20
1 IDENT:root@[211.100.6.56], info1 @ networkshosts.com bogus@=20
1 [151.38.23.207], beckyhinds @ ozemail.com.au ingeman@=20
1 [194.72.206.130], menchoal @ ecompare.com funnel@=20
1 [210.121.58.77], 0085T1GyP @ mail.com oestergaard@=20
1 [210.204.190.4], PleasureSex @ dicc.co.kr kemotron@=20
1 [212.43.169.189], investor2210 @ hotmail.com bo-ren@=20
1 ns.tran.co.jp dyzno @ ircnet.ee johnla@=20
1 vistula.wis.pk.edu.pl bm21 @ prodigy.com humle@=20
1 wpgateway.valleyhealth.org healthalert2001 @ yahoo.com ole_chr@ =
Relaying denied =20
1 cm-206-128-72-145.coralsprings.ispchannel.com butch1 @ =
thedoghousemail.com jez@magic.powernet.co.uk=20
1 rsvp-208-187-113-223.ac07.rcrd.eli.net fruitcake @ =
a.mx.innet.be, internet6999@netzero.net=20
Btw. all recievers on this list are expired users.
I have put all my expired users as SPAMHATER in access, because I run =
avpkeeper, and therfore
expired users are not rejected at reception, but after scanning. Then =
the sender is often long gone and unreachable.
----- Original Message -----=20
From: "Kal Torak" <kaltorak@quake.com.au>
To: "Michael Lyngb=F8l" <michael@lyngbol.dk>
Cc: "J & C Frazier" <admin@csocs.com>; <freebsd-isp@FreeBSD.ORG>
Sent: Sunday, January 14, 2001 10:46 AM
Subject: Re: Problems with sendmail and NSI
> Michael Lyngb=F8l wrote:
> >=20
> > On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier wrote:
> > > I recently tried to make some domain modifications with Network
> > > Solutions.
> > > I complete the process successfully and it states it has sent the =
form
> > > to the
> > > e-mail address I've specified. Unfortunately I don't get the =
mail.
> >=20
> > Your're not using ORBS (relays.orbs.org) in your sendmail =
configuration?
> >=20
> > I've had the same problem and found out that NSI was listen in ORBS.
> >=20
> > /Michael
>=20
> Personally I would recommend against orbs, since they are a little too
> pro-active when it comes to finding relays.. They will black list a =
server
> and never send mail to the server informing them of it or anything...
As far as I can see, the=FD send to postmaster@listed.dom and =
postmaster@server.listed.dom
They also list on their page if that message bounced.
As RFCsomething requires all domains to have a postmaster, if you don't =
you only have yourself to blame.
Also, the bounce messages should tell you why you are listed.
>=20
> Also what orbs consider to be an open relay is not exactly what =
everyone
> else thinks one is, I wont go into any more details, but I think RBL =
is
> a better service, my personal experience is that orbs ends up blocking =
more
> legitimate mail than spam...
>=20
orbs not only lists spam relays, it also lists spam sources.
------=_NextPart_000_0180_01C07E1E.4DC2BAE0
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>I don't recommend running dnsbl=20
unattended.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I have created this awk-script, which I =
run every=20
hour. It creates a webpage which list reason, server, sender and =
recipient for=20
rejected messages.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>BEGIN {OFS=3D"|"};<BR>/check_rcpt/ || /Check_Subject/ {<BR> =20
gsub("<",""); <BR> gsub(">,",""); <BR> =20
rcpt[$6]=3Dsubstr($8,6);relay[$6]=3Dsubstr($9,7);<BR> gsub("/"," =
");<BR> =20
reas=3D$(NF);<BR># for (m=3D10;m<=3DNF;m++) {if ($(m)~"@") =
{$(m)=3D"xxx";print=20
$0,"<br>"} };<BR> n=3Dindex($0,"... ");<BR> =20
reason1=3Dsubstr($0,n+4);<BR> match(reason1," [^ ]+@[^ ]+ =
");<BR> =20
reason[$6]=3Dreason1;<BR> if (RSTART) {<BR> =20
reason[$6]=3Dsubstr(reason1,1,RSTART) " "=20
substr(reason1,RSTART+RLENGTH);<BR> }<BR> if ($0~"check MX") =
reason[$6]=3D"Kan ikke kontrollere MX for modtageren";<BR> if =
($7~"Subject")=20
reason[$6]=3D"I LOVE YOU";<BR>}<BR>$6 in rcpt && $7~"from=3D" =
{<BR> =20
gsub("\+","-");gsub("<",""); gsub(">,","");<BR> =
fr=3D$7;gsub("@"," @=20
",fr);<BR>from[$6]=3Dsubstr(fr,6);<BR>print=20
reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"}<BR><BR>END=20
{<BR>system("sort /tmp/filter.tmp|uniq -c=20
>/tmp/filter.tmp2");<BR>FS=3D"|";<BR>OFS=3D"";<BR>print=20
"<html><head><title>Spamfilter</title>";<BR>print=
=20
"</head>";<BR>print "<body bgcolor=3D\"#ffffcc\">";<BR>print =
"<center><h1>Breve stoppet i=20
spamfilter<br>"DAG"</h1></center>";<BR>print =
"<table=20
width=3D100%=20
border=3D1><tr><th>Antal</th><th>Server</th=
><th>Afsender</th><th>Modtager</th></tr>=
";<BR>while=20
(getline<"/tmp/filter.tmp2">0)<BR>{=20
ant=3Dsubstr($1,1,8);newreason=3Dsubstr($1,9);<BR> if =
(newreason!=3Doldreason)=20
{oldreason=3Dnewreason;<BR>p++;<BR>print "<tr><th colspan=3D4=20
bgcolor=3D\"#",(p%2)?"ccaaaa":"aaccaa","\">";<BR>if =
(newreason=3D=3D"blocked.html")=20
{print "Serveren er blokeret af ORBS fordi den videresender =
spam"}<BR>else {=20
<BR> if (newreason=3D=3D"rss") {print "Serveren er blokeret af =
mail-abuse.org=20
fordi den videresender spam"}<BR> else {<BR> if=20
(newreason=3D=3D"rbl") {print "Serveren er blokeret af mail-abuse.org =
fordi den SELV=20
sender spam"}<BR> else =
{<BR> if=20
(newreason=3D=3D"enduser.htm") {print "En fremmed modemopkobling =
m&aring; ikke=20
sende post direkte"}<BR> else=20
{<BR> if =
(newreason=3D=3D"denied") {print=20
"Relaying denied: Modtager er ikke kunde her, eller afsender benytter =
ikke vores=20
modems"}<BR> =20
else<BR> if=20
(newreason=3D=3D"exist") {print "Domainet findes=20
ikke"}<BR> else=20
{<BR> =
if=20
(newreason=3D=3D"resolve") {print "Domainet kan ikke sl&aring;s=20
op"}<BR>  =
; else=20
{<BR> &n=
bsp; =20
print=20
newreason<BR> =
=20
}<BR> =20
}<BR> =20
}<BR> }<BR> }<BR> =20
}<BR>print=20
"</th></tr>";<BR>}<BR><BR>color=3D(p%2)?"ccaaaa":"aaccaa";<BR=
>printf=20
"<tr bgcolor=3D\"#%s\"><td=20
align=3Dright>%s</td><td>%s</td><td>%s</td&=
gt;<td>%s</td></tr>\n",color,ant,$2,$3,$4}<BR><BR>print=
=20
"</table></body><html>"<BR>}<BR>
<TABLE width=3D"100%" border=3D1>
<TBODY>
<TR>
<TH>Antal</TH>
<TH>Server</TH>
<TH>Afsender</TH>
<TH>Modtager</TH></TR>
<TR>
<TH bgColor=3D#ccaaaa colSpan=3D4>(orbs)Your mailserver is not =
allowed to send=20
because it is an open spam-relay:call+45 33119898 ext 2 or see =
http:=20
www.orbs.org blocked.html </TH></TR>
<TR bgColor=3D#ccaaaa>
<TD align=3Dright>1 </TD>
<TD>hard.yesnet.net.au</TD>
<TD>root @ hard.hornymail.net</TD>
<TD>jvhansen@</TD></TR>
<TR bgColor=3D#ccaaaa>
<TD align=3Dright>1 </TD>
<TD>knut.kumoh.ac.kr</TD>
<TD>FreeTV8 @ eagle.aegsp.br</TD>
<TD>desitek@</TD></TR>
<TR>
<TH bgColor=3D#aaccaa colSpan=3D4>(rss)Your mailserver is not =
allowed to send=20
to us because it is an open spam-relay;call+45 33119898 ext 2 or =
see http:=20
mail-abuse.org rss </TH></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>IDENT:root@[200.33.248.34],</TD>
<TD>FreeTV2 @ eagle.aegsp.br</TD>
<TD>autzen@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>IDENT:root@[211.100.6.56],</TD>
<TD>info1 @ networkshosts.com</TD>
<TD>bogus@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>[151.38.23.207],</TD>
<TD>beckyhinds @ ozemail.com.au</TD>
<TD>ingeman@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>[194.72.206.130],</TD>
<TD>menchoal @ ecompare.com</TD>
<TD>funnel@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>[210.121.58.77],</TD>
<TD>0085T1GyP @ mail.com</TD>
<TD>oestergaard@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>[210.204.190.4],</TD>
<TD>PleasureSex @ dicc.co.kr</TD>
<TD>kemotron@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>[212.43.169.189],</TD>
<TD>investor2210 @ hotmail.com</TD>
<TD>bo-ren@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>ns.tran.co.jp</TD>
<TD>dyzno @ ircnet.ee</TD>
<TD>johnla@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>vistula.wis.pk.edu.pl</TD>
<TD>bm21 @ prodigy.com</TD>
<TD>humle@</TD></TR>
<TR bgColor=3D#aaccaa>
<TD align=3Dright>1 </TD>
<TD>wpgateway.valleyhealth.org</TD>
<TD>healthalert2001 @ yahoo.com</TD>
<TD>ole_chr@</TD></TR>
<TR>
<TH bgColor=3D#ccaaaa colSpan=3D4>Relaying denied </TH></TR>
<TR bgColor=3D#ccaaaa>
<TD align=3Dright>1 </TD>
<TD>cm-206-128-72-145.coralsprings.ispchannel.com</TD>
<TD>butch1 @ thedoghousemail.com</TD>
<TD>jez@magic.powernet.co.uk</TD></TR>
<TR bgColor=3D#ccaaaa>
<TD align=3Dright>1 </TD>
<TD>rsvp-208-187-113-223.ac07.rcrd.eli.net</TD>
<TD>fruitcake @ a.mx.innet.be,</TD>
<TD>internet6999@netzero.net</TD></TR></TBODY></TABLE></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Btw. all recievers on this list are =
expired=20
users.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I have put all my expired users as =
SPAMHATER in=20
access, because I run avpkeeper, and therfore</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>expired users are not rejected at =
reception, but=20
after scanning. Then the sender is often long gone and =
unreachable.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>----- Original Message ----- =
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>From: "Kal Torak" <</FONT><A=20
href=3D"mailto:kaltorak@quake.com.au"><FONT face=3DArial=20
size=3D2>kaltorak@quake.com.au</FONT></A><FONT face=3DArial =
size=3D2>></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>To: "Michael Lyngb=F8l" <</FONT><A=20
href=3D"mailto:michael@lyngbol.dk"><FONT face=3DArial=20
size=3D2>michael@lyngbol.dk</FONT></A><FONT face=3DArial =
size=3D2>></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Cc: "J & C Frazier" <</FONT><A=20
href=3D"mailto:admin@csocs.com"><FONT face=3DArial=20
size=3D2>admin@csocs.com</FONT></A><FONT face=3DArial size=3D2>>; =
<</FONT><A=20
href=3D"mailto:freebsd-isp@FreeBSD.ORG"><FONT face=3DArial=20
size=3D2>freebsd-isp@FreeBSD.ORG</FONT></A><FONT face=3DArial=20
size=3D2>></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Sent: Sunday, January 14, 2001 10:46=20
AM</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Subject: Re: Problems with sendmail and =
NSI</FONT></DIV>
<DIV><FONT face=3DArial><BR><FONT size=3D2></FONT></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>> Michael Lyngb=F8l wrote:<BR>> =
> <BR>>=20
> On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier =
wrote:<BR>>=20
> > I recently tried to make some domain modifications with=20
Network<BR>> > > Solutions.<BR>> > > I complete the =
process=20
successfully and it states it has sent the form<BR>> > > to =
the<BR>>=20
> > e-mail address I've specified. Unfortunately I don't get =
the=20
mail.<BR>> > <BR>> > Your're not using ORBS =
(relays.orbs.org) in=20
your sendmail configuration?<BR>> > <BR>> > I've had the =
same=20
problem and found out that NSI was listen in ORBS.<BR>> > <BR>> =
>=20
/Michael<BR>> <BR>> Personally I would recommend against orbs, =
since they=20
are a little too<BR>> pro-active when it comes to finding relays.. =
They will=20
black list a server<BR>> and never send mail to the server informing =
them of=20
it or anything...</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>As far as I can see, the=FD send to <A=20
href=3D"mailto:postmaster@listed.dom">postmaster@listed.dom</A> and <A=20
href=3D"mailto:postmaster@server.listed.dom">postmaster@server.listed.dom=
</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>They also list on their page if that =
message=20
bounced.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>As RFCsomething requires all domains to =
have a=20
postmaster, if you don't you only have yourself to blame.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Also, the bounce messages should tell =
you why you=20
are listed.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> </DIV>
<DIV><BR>> <BR>> Also what orbs consider to be an open relay is =
not=20
exactly what everyone<BR>> else thinks one is, I wont go into any =
more=20
details, but I think RBL is<BR>> a better service, my personal =
experience is=20
that orbs ends up blocking more<BR>> legitimate mail than =
spam...<BR>>=20
<BR>orbs not only lists spam relays, it also lists spam sources.</DIV>
<DIV></FONT> </DIV></BODY></HTML>
------=_NextPart_000_0180_01C07E1E.4DC2BAE0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c07e33$a3495d60$0e00a8c0>