Date: Sun, 14 Jan 2001 11:36:58 +0100 From: "Leif Neland" <leifn@neland.dk> To: "Kal Torak" <kaltorak@quake.com.au>, =?Windows-1252?Q?Michael_Lyngb=F8l?= <michael@lyngbol.dk> Cc: "J & C Frazier" <admin@csocs.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: Problems with sendmail and NSI Message-ID: <004201c07e33$a3495d60$0e00a8c0@neland.dk> References: <3A60EE08.3C9CD7AF@csocs.com> <20010114100939.A81339@tigerdyr.lyngbol.dk> <3A61755C.DD1690A4@quake.com.au>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
I don't recommend running dnsbl unattended.
I have created this awk-script, which I run every hour. It creates a webpage which list reason, server, sender and recipient for rejected messages.
BEGIN {OFS="|"};
/check_rcpt/ || /Check_Subject/ {
gsub("<","");
gsub(">,","");
rcpt[$6]=substr($8,6);relay[$6]=substr($9,7);
gsub("/"," ");
reas=$(NF);
# for (m=10;m<=NF;m++) {if ($(m)~"@") {$(m)="xxx";print $0,"<br>"} };
n=index($0,"... ");
reason1=substr($0,n+4);
match(reason1," [^ ]+@[^ ]+ ");
reason[$6]=reason1;
if (RSTART) {
reason[$6]=substr(reason1,1,RSTART) " " substr(reason1,RSTART+RLENGTH);
}
if ($0~"check MX") reason[$6]="Kan ikke kontrollere MX for modtageren";
if ($7~"Subject") reason[$6]="I LOVE YOU";
}
$6 in rcpt && $7~"from=" {
gsub("\+","-");gsub("<",""); gsub(">,","");
fr=$7;gsub("@"," @ ",fr);
from[$6]=substr(fr,6);
print reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"}
END {
system("sort /tmp/filter.tmp|uniq -c >/tmp/filter.tmp2");
FS="|";
OFS="";
print "<html><head><title>Spamfilter</title>";
print "</head>";
print "<body bgcolor=\"#ffffcc\">";
print "<center><h1>Breve stoppet i spamfilter<br>"DAG"</h1></center>";
print "<table width=100% border=1><tr><th>Antal</th><th>Server</th><th>Afsender</th><th>Modtager</th></tr>";
while (getline<"/tmp/filter.tmp2">0)
{ ant=substr($1,1,8);newreason=substr($1,9);
if (newreason!=oldreason) {oldreason=newreason;
p++;
print "<tr><th colspan=4 bgcolor=\"#",(p%2)?"ccaaaa":"aaccaa","\">";
if (newreason=="blocked.html") {print "Serveren er blokeret af ORBS fordi den videresender spam"}
else {
if (newreason=="rss") {print "Serveren er blokeret af mail-abuse.org fordi den videresender spam"}
else {
if (newreason=="rbl") {print "Serveren er blokeret af mail-abuse.org fordi den SELV sender spam"}
else {
if (newreason=="enduser.htm") {print "En fremmed modemopkobling må ikke sende post direkte"}
else {
if (newreason=="denied") {print "Relaying denied: Modtager er ikke kunde her, eller afsender benytter ikke vores modems"}
else
if (newreason=="exist") {print "Domainet findes ikke"}
else {
if (newreason=="resolve") {print "Domainet kan ikke slås op"}
else {
print newreason
}
}
}
}
}
}
print "</th></tr>";
}
color=(p%2)?"ccaaaa":"aaccaa";
printf "<tr bgcolor=\"#%s\"><td align=right>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",color,ant,$2,$3,$4}
print "</table></body><html>"
}
Antal Server Afsender Modtager
(orbs)Your mailserver is not allowed to send because it is an open spam-relay:call+45 33119898 ext 2 or see http: www.orbs.org blocked.html
1 hard.yesnet.net.au root @ hard.hornymail.net jvhansen@
1 knut.kumoh.ac.kr FreeTV8 @ eagle.aegsp.br desitek@
(rss)Your mailserver is not allowed to send to us because it is an open spam-relay;call+45 33119898 ext 2 or see http: mail-abuse.org rss
1 IDENT:root@[200.33.248.34], FreeTV2 @ eagle.aegsp.br autzen@
1 IDENT:root@[211.100.6.56], info1 @ networkshosts.com bogus@
1 [151.38.23.207], beckyhinds @ ozemail.com.au ingeman@
1 [194.72.206.130], menchoal @ ecompare.com funnel@
1 [210.121.58.77], 0085T1GyP @ mail.com oestergaard@
1 [210.204.190.4], PleasureSex @ dicc.co.kr kemotron@
1 [212.43.169.189], investor2210 @ hotmail.com bo-ren@
1 ns.tran.co.jp dyzno @ ircnet.ee johnla@
1 vistula.wis.pk.edu.pl bm21 @ prodigy.com humle@
1 wpgateway.valleyhealth.org healthalert2001 @ yahoo.com ole_chr@
Relaying denied
1 cm-206-128-72-145.coralsprings.ispchannel.com butch1 @ thedoghousemail.com jez@magic.powernet.co.uk
1 rsvp-208-187-113-223.ac07.rcrd.eli.net fruitcake @ a.mx.innet.be, internet6999@netzero.net
Btw. all recievers on this list are expired users.
I have put all my expired users as SPAMHATER in access, because I run avpkeeper, and therfore
expired users are not rejected at reception, but after scanning. Then the sender is often long gone and unreachable.
----- Original Message -----
From: "Kal Torak" <kaltorak@quake.com.au>
To: "Michael Lyngbøl" <michael@lyngbol.dk>
Cc: "J & C Frazier" <admin@csocs.com>; <freebsd-isp@FreeBSD.ORG>
Sent: Sunday, January 14, 2001 10:46 AM
Subject: Re: Problems with sendmail and NSI
> Michael Lyngbøl wrote:
> >
> > On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier wrote:
> > > I recently tried to make some domain modifications with Network
> > > Solutions.
> > > I complete the process successfully and it states it has sent the form
> > > to the
> > > e-mail address I've specified. Unfortunately I don't get the mail.
> >
> > Your're not using ORBS (relays.orbs.org) in your sendmail configuration?
> >
> > I've had the same problem and found out that NSI was listen in ORBS.
> >
> > /Michael
>
> Personally I would recommend against orbs, since they are a little too
> pro-active when it comes to finding relays.. They will black list a server
> and never send mail to the server informing them of it or anything...
As far as I can see, theý send to postmaster@listed.dom and postmaster@server.listed.dom
They also list on their page if that message bounced.
As RFCsomething requires all domains to have a postmaster, if you don't you only have yourself to blame.
Also, the bounce messages should tell you why you are listed.
>
> Also what orbs consider to be an open relay is not exactly what everyone
> else thinks one is, I wont go into any more details, but I think RBL is
> a better service, my personal experience is that orbs ends up blocking more
> legitimate mail than spam...
>
orbs not only lists spam relays, it also lists spam sources.
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 5.50.4522.1800" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=Arial size=2>I don't recommend running dnsbl
unattended.</FONT></DIV>
<DIV><FONT face=Arial size=2>I have created this awk-script, which I run every
hour. It creates a webpage which list reason, server, sender and recipient for
rejected messages.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV>BEGIN {OFS="|"};<BR>/check_rcpt/ || /Check_Subject/ {<BR>
gsub("<",""); <BR> gsub(">,",""); <BR>
rcpt[$6]=substr($8,6);relay[$6]=substr($9,7);<BR> gsub("/"," ");<BR>
reas=$(NF);<BR># for (m=10;m<=NF;m++) {if ($(m)~"@") {$(m)="xxx";print
$0,"<br>"} };<BR> n=index($0,"... ");<BR>
reason1=substr($0,n+4);<BR> match(reason1," [^ ]+@[^ ]+ ");<BR>
reason[$6]=reason1;<BR> if (RSTART) {<BR>
reason[$6]=substr(reason1,1,RSTART) " "
substr(reason1,RSTART+RLENGTH);<BR> }<BR> if ($0~"check MX")
reason[$6]="Kan ikke kontrollere MX for modtageren";<BR> if ($7~"Subject")
reason[$6]="I LOVE YOU";<BR>}<BR>$6 in rcpt && $7~"from=" {<BR>
gsub("\+","-");gsub("<",""); gsub(">,","");<BR> fr=$7;gsub("@"," @
",fr);<BR>from[$6]=substr(fr,6);<BR>print
reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"}<BR><BR>END
{<BR>system("sort /tmp/filter.tmp|uniq -c
>/tmp/filter.tmp2");<BR>FS="|";<BR>OFS="";<BR>print
"<html><head><title>Spamfilter</title>";<BR>print
"</head>";<BR>print "<body bgcolor=\"#ffffcc\">";<BR>print
"<center><h1>Breve stoppet i
spamfilter<br>"DAG"</h1></center>";<BR>print "<table
width=100%
border=1><tr><th>Antal</th><th>Server</th><th>Afsender</th><th>Modtager</th></tr>";<BR>while
(getline<"/tmp/filter.tmp2">0)<BR>{
ant=substr($1,1,8);newreason=substr($1,9);<BR> if (newreason!=oldreason)
{oldreason=newreason;<BR>p++;<BR>print "<tr><th colspan=4
bgcolor=\"#",(p%2)?"ccaaaa":"aaccaa","\">";<BR>if (newreason=="blocked.html")
{print "Serveren er blokeret af ORBS fordi den videresender spam"}<BR>else {
<BR> if (newreason=="rss") {print "Serveren er blokeret af mail-abuse.org
fordi den videresender spam"}<BR> else {<BR> if
(newreason=="rbl") {print "Serveren er blokeret af mail-abuse.org fordi den SELV
sender spam"}<BR> else {<BR> if
(newreason=="enduser.htm") {print "En fremmed modemopkobling m&aring; ikke
sende post direkte"}<BR> else
{<BR> if (newreason=="denied") {print
"Relaying denied: Modtager er ikke kunde her, eller afsender benytter ikke vores
modems"}<BR>
else<BR> if
(newreason=="exist") {print "Domainet findes
ikke"}<BR> else
{<BR> if
(newreason=="resolve") {print "Domainet kan ikke sl&aring;s
op"}<BR> else
{<BR>
print
newreason<BR>
}<BR>
}<BR>
}<BR> }<BR> }<BR>
}<BR>print
"</th></tr>";<BR>}<BR><BR>color=(p%2)?"ccaaaa":"aaccaa";<BR>printf
"<tr bgcolor=\"#%s\"><td
align=right>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",color,ant,$2,$3,$4}<BR><BR>print
"</table></body><html>"<BR>}<BR>
<TABLE width="100%" border=1>
<TBODY>
<TR>
<TH>Antal</TH>
<TH>Server</TH>
<TH>Afsender</TH>
<TH>Modtager</TH></TR>
<TR>
<TH bgColor=#ccaaaa colSpan=4>(orbs)Your mailserver is not allowed to send
because it is an open spam-relay:call+45 33119898 ext 2 or see http:
www.orbs.org blocked.html </TH></TR>
<TR bgColor=#ccaaaa>
<TD align=right>1 </TD>
<TD>hard.yesnet.net.au</TD>
<TD>root @ hard.hornymail.net</TD>
<TD>jvhansen@</TD></TR>
<TR bgColor=#ccaaaa>
<TD align=right>1 </TD>
<TD>knut.kumoh.ac.kr</TD>
<TD>FreeTV8 @ eagle.aegsp.br</TD>
<TD>desitek@</TD></TR>
<TR>
<TH bgColor=#aaccaa colSpan=4>(rss)Your mailserver is not allowed to send
to us because it is an open spam-relay;call+45 33119898 ext 2 or see http:
mail-abuse.org rss </TH></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>IDENT:root@[200.33.248.34],</TD>
<TD>FreeTV2 @ eagle.aegsp.br</TD>
<TD>autzen@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>IDENT:root@[211.100.6.56],</TD>
<TD>info1 @ networkshosts.com</TD>
<TD>bogus@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>[151.38.23.207],</TD>
<TD>beckyhinds @ ozemail.com.au</TD>
<TD>ingeman@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>[194.72.206.130],</TD>
<TD>menchoal @ ecompare.com</TD>
<TD>funnel@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>[210.121.58.77],</TD>
<TD>0085T1GyP @ mail.com</TD>
<TD>oestergaard@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>[210.204.190.4],</TD>
<TD>PleasureSex @ dicc.co.kr</TD>
<TD>kemotron@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>[212.43.169.189],</TD>
<TD>investor2210 @ hotmail.com</TD>
<TD>bo-ren@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>ns.tran.co.jp</TD>
<TD>dyzno @ ircnet.ee</TD>
<TD>johnla@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>vistula.wis.pk.edu.pl</TD>
<TD>bm21 @ prodigy.com</TD>
<TD>humle@</TD></TR>
<TR bgColor=#aaccaa>
<TD align=right>1 </TD>
<TD>wpgateway.valleyhealth.org</TD>
<TD>healthalert2001 @ yahoo.com</TD>
<TD>ole_chr@</TD></TR>
<TR>
<TH bgColor=#ccaaaa colSpan=4>Relaying denied </TH></TR>
<TR bgColor=#ccaaaa>
<TD align=right>1 </TD>
<TD>cm-206-128-72-145.coralsprings.ispchannel.com</TD>
<TD>butch1 @ thedoghousemail.com</TD>
<TD>jez@magic.powernet.co.uk</TD></TR>
<TR bgColor=#ccaaaa>
<TD align=right>1 </TD>
<TD>rsvp-208-187-113-223.ac07.rcrd.eli.net</TD>
<TD>fruitcake @ a.mx.innet.be,</TD>
<TD>internet6999@netzero.net</TD></TR></TBODY></TABLE></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Btw. all recievers on this list are expired
users.</FONT></DIV>
<DIV><FONT face=Arial size=2>I have put all my expired users as SPAMHATER in
access, because I run avpkeeper, and therfore</FONT></DIV>
<DIV><FONT face=Arial size=2>expired users are not rejected at reception, but
after scanning. Then the sender is often long gone and unreachable.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>----- Original Message ----- </FONT></DIV>
<DIV><FONT face=Arial size=2>From: "Kal Torak" <</FONT><A
href="mailto:kaltorak@quake.com.au"><FONT face=Arial
size=2>kaltorak@quake.com.au</FONT></A><FONT face=Arial size=2>></FONT></DIV>
<DIV><FONT face=Arial size=2>To: "Michael Lyngbøl" <</FONT><A
href="mailto:michael@lyngbol.dk"><FONT face=Arial
size=2>michael@lyngbol.dk</FONT></A><FONT face=Arial size=2>></FONT></DIV>
<DIV><FONT face=Arial size=2>Cc: "J & C Frazier" <</FONT><A
href="mailto:admin@csocs.com"><FONT face=Arial
size=2>admin@csocs.com</FONT></A><FONT face=Arial size=2>>; <</FONT><A
href="mailto:freebsd-isp@FreeBSD.ORG"><FONT face=Arial
size=2>freebsd-isp@FreeBSD.ORG</FONT></A><FONT face=Arial
size=2>></FONT></DIV>
<DIV><FONT face=Arial size=2>Sent: Sunday, January 14, 2001 10:46
AM</FONT></DIV>
<DIV><FONT face=Arial size=2>Subject: Re: Problems with sendmail and
NSI</FONT></DIV>
<DIV><FONT face=Arial><BR><FONT size=2></FONT></FONT></DIV>
<DIV><FONT face=Arial size=2>> Michael Lyngbøl wrote:<BR>> > <BR>>
> On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier wrote:<BR>>
> > I recently tried to make some domain modifications with
Network<BR>> > > Solutions.<BR>> > > I complete the process
successfully and it states it has sent the form<BR>> > > to the<BR>>
> > e-mail address I've specified. Unfortunately I don't get the
mail.<BR>> > <BR>> > Your're not using ORBS (relays.orbs.org) in
your sendmail configuration?<BR>> > <BR>> > I've had the same
problem and found out that NSI was listen in ORBS.<BR>> > <BR>> >
/Michael<BR>> <BR>> Personally I would recommend against orbs, since they
are a little too<BR>> pro-active when it comes to finding relays.. They will
black list a server<BR>> and never send mail to the server informing them of
it or anything...</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>As far as I can see, theý send to <A
href="mailto:postmaster@listed.dom">postmaster@listed.dom</A> and <A
href="mailto:postmaster@server.listed.dom">postmaster@server.listed.dom</A></FONT></DIV>
<DIV><FONT face=Arial size=2>They also list on their page if that message
bounced.</FONT></DIV>
<DIV><FONT face=Arial size=2>As RFCsomething requires all domains to have a
postmaster, if you don't you only have yourself to blame.</FONT></DIV>
<DIV><FONT face=Arial size=2>Also, the bounce messages should tell you why you
are listed.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> </DIV>
<DIV><BR>> <BR>> Also what orbs consider to be an open relay is not
exactly what everyone<BR>> else thinks one is, I wont go into any more
details, but I think RBL is<BR>> a better service, my personal experience is
that orbs ends up blocking more<BR>> legitimate mail than spam...<BR>>
<BR>orbs not only lists spam relays, it also lists spam sources.</DIV>
<DIV></FONT> </DIV></BODY></HTML>
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c07e33$a3495d60$0e00a8c0>