Date: Sun, 14 Jan 2001 11:36:58 +0100 From: "Leif Neland" <leifn@neland.dk> To: "Kal Torak" <kaltorak@quake.com.au>, =?Windows-1252?Q?Michael_Lyngb=F8l?= <michael@lyngbol.dk> Cc: "J & C Frazier" <admin@csocs.com>, <freebsd-isp@FreeBSD.ORG> Subject: Re: Problems with sendmail and NSI Message-ID: <004201c07e33$a3495d60$0e00a8c0@neland.dk> References: <3A60EE08.3C9CD7AF@csocs.com> <20010114100939.A81339@tigerdyr.lyngbol.dk> <3A61755C.DD1690A4@quake.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0180_01C07E1E.4DC2BAE0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I don't recommend running dnsbl unattended. I have created this awk-script, which I run every hour. It creates a = webpage which list reason, server, sender and recipient for rejected = messages. BEGIN {OFS=3D"|"}; /check_rcpt/ || /Check_Subject/ { gsub("<","");=20 gsub(">,","");=20 rcpt[$6]=3Dsubstr($8,6);relay[$6]=3Dsubstr($9,7); gsub("/"," "); reas=3D$(NF); # for (m=3D10;m<=3DNF;m++) {if ($(m)~"@") {$(m)=3D"xxx";print = $0,"<br>"} }; n=3Dindex($0,"... "); reason1=3Dsubstr($0,n+4); match(reason1," [^ ]+@[^ ]+ "); reason[$6]=3Dreason1; if (RSTART) { reason[$6]=3Dsubstr(reason1,1,RSTART) " " = substr(reason1,RSTART+RLENGTH); } if ($0~"check MX") reason[$6]=3D"Kan ikke kontrollere MX for = modtageren"; if ($7~"Subject") reason[$6]=3D"I LOVE YOU"; } $6 in rcpt && $7~"from=3D" { gsub("\+","-");gsub("<",""); gsub(">,",""); fr=3D$7;gsub("@"," @ ",fr); from[$6]=3Dsubstr(fr,6); print reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"} END { system("sort /tmp/filter.tmp|uniq -c >/tmp/filter.tmp2"); FS=3D"|"; OFS=3D""; print "<html><head><title>Spamfilter</title>"; print "</head>"; print "<body bgcolor=3D\"#ffffcc\">"; print "<center><h1>Breve stoppet i spamfilter<br>"DAG"</h1></center>"; print "<table width=3D100% = border=3D1><tr><th>Antal</th><th>Server</th><th>Afsender</th><th>Modtager= </th></tr>"; while (getline<"/tmp/filter.tmp2">0) { ant=3Dsubstr($1,1,8);newreason=3Dsubstr($1,9); if (newreason!=3Doldreason) {oldreason=3Dnewreason; p++; print "<tr><th colspan=3D4 bgcolor=3D\"#",(p%2)?"ccaaaa":"aaccaa","\">"; if (newreason=3D=3D"blocked.html") {print "Serveren er blokeret af ORBS = fordi den videresender spam"} else {=20 if (newreason=3D=3D"rss") {print "Serveren er blokeret af = mail-abuse.org fordi den videresender spam"} else { if (newreason=3D=3D"rbl") {print "Serveren er blokeret af = mail-abuse.org fordi den SELV sender spam"} else { if (newreason=3D=3D"enduser.htm") {print "En fremmed = modemopkobling må ikke sende post direkte"} else { if (newreason=3D=3D"denied") {print "Relaying denied: Modtager = er ikke kunde her, eller afsender benytter ikke vores modems"} else if (newreason=3D=3D"exist") {print "Domainet findes ikke"} else { if (newreason=3D=3D"resolve") {print "Domainet kan ikke = slås op"} else { print newreason } } } } } } print "</th></tr>"; } color=3D(p%2)?"ccaaaa":"aaccaa"; printf "<tr bgcolor=3D\"#%s\"><td = align=3Dright>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",color,ant,= $2,$3,$4} print "</table></body><html>" } Antal Server Afsender Modtager=20 (orbs)Your mailserver is not allowed to send because it is an open = spam-relay:call+45 33119898 ext 2 or see http: www.orbs.org blocked.html = =20 1 hard.yesnet.net.au root @ hard.hornymail.net jvhansen@=20 1 knut.kumoh.ac.kr FreeTV8 @ eagle.aegsp.br desitek@=20 (rss)Your mailserver is not allowed to send to us because it is an = open spam-relay;call+45 33119898 ext 2 or see http: mail-abuse.org rss =20 1 IDENT:root@[200.33.248.34], FreeTV2 @ eagle.aegsp.br autzen@=20 1 IDENT:root@[211.100.6.56], info1 @ networkshosts.com bogus@=20 1 [151.38.23.207], beckyhinds @ ozemail.com.au ingeman@=20 1 [194.72.206.130], menchoal @ ecompare.com funnel@=20 1 [210.121.58.77], 0085T1GyP @ mail.com oestergaard@=20 1 [210.204.190.4], PleasureSex @ dicc.co.kr kemotron@=20 1 [212.43.169.189], investor2210 @ hotmail.com bo-ren@=20 1 ns.tran.co.jp dyzno @ ircnet.ee johnla@=20 1 vistula.wis.pk.edu.pl bm21 @ prodigy.com humle@=20 1 wpgateway.valleyhealth.org healthalert2001 @ yahoo.com ole_chr@ = Relaying denied =20 1 cm-206-128-72-145.coralsprings.ispchannel.com butch1 @ = thedoghousemail.com jez@magic.powernet.co.uk=20 1 rsvp-208-187-113-223.ac07.rcrd.eli.net fruitcake @ = a.mx.innet.be, internet6999@netzero.net=20 Btw. all recievers on this list are expired users. I have put all my expired users as SPAMHATER in access, because I run = avpkeeper, and therfore expired users are not rejected at reception, but after scanning. Then = the sender is often long gone and unreachable. ----- Original Message -----=20 From: "Kal Torak" <kaltorak@quake.com.au> To: "Michael Lyngb=F8l" <michael@lyngbol.dk> Cc: "J & C Frazier" <admin@csocs.com>; <freebsd-isp@FreeBSD.ORG> Sent: Sunday, January 14, 2001 10:46 AM Subject: Re: Problems with sendmail and NSI > Michael Lyngb=F8l wrote: > >=20 > > On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier wrote: > > > I recently tried to make some domain modifications with Network > > > Solutions. > > > I complete the process successfully and it states it has sent the = form > > > to the > > > e-mail address I've specified. Unfortunately I don't get the = mail. > >=20 > > Your're not using ORBS (relays.orbs.org) in your sendmail = configuration? > >=20 > > I've had the same problem and found out that NSI was listen in ORBS. > >=20 > > /Michael >=20 > Personally I would recommend against orbs, since they are a little too > pro-active when it comes to finding relays.. They will black list a = server > and never send mail to the server informing them of it or anything... As far as I can see, the=FD send to postmaster@listed.dom and = postmaster@server.listed.dom They also list on their page if that message bounced. As RFCsomething requires all domains to have a postmaster, if you don't = you only have yourself to blame. Also, the bounce messages should tell you why you are listed. >=20 > Also what orbs consider to be an open relay is not exactly what = everyone > else thinks one is, I wont go into any more details, but I think RBL = is > a better service, my personal experience is that orbs ends up blocking = more > legitimate mail than spam... >=20 orbs not only lists spam relays, it also lists spam sources. ------=_NextPart_000_0180_01C07E1E.4DC2BAE0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dwindows-1252"> <META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY> <DIV><FONT face=3DArial size=3D2>I don't recommend running dnsbl=20 unattended.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I have created this awk-script, which I = run every=20 hour. It creates a webpage which list reason, server, sender and = recipient for=20 rejected messages.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV>BEGIN {OFS=3D"|"};<BR>/check_rcpt/ || /Check_Subject/ {<BR> =20 gsub("<",""); <BR> gsub(">,",""); <BR> =20 rcpt[$6]=3Dsubstr($8,6);relay[$6]=3Dsubstr($9,7);<BR> gsub("/"," = ");<BR> =20 reas=3D$(NF);<BR># for (m=3D10;m<=3DNF;m++) {if ($(m)~"@") = {$(m)=3D"xxx";print=20 $0,"<br>"} };<BR> n=3Dindex($0,"... ");<BR> =20 reason1=3Dsubstr($0,n+4);<BR> match(reason1," [^ ]+@[^ ]+ = ");<BR> =20 reason[$6]=3Dreason1;<BR> if (RSTART) {<BR> =20 reason[$6]=3Dsubstr(reason1,1,RSTART) " "=20 substr(reason1,RSTART+RLENGTH);<BR> }<BR> if ($0~"check MX") = reason[$6]=3D"Kan ikke kontrollere MX for modtageren";<BR> if = ($7~"Subject")=20 reason[$6]=3D"I LOVE YOU";<BR>}<BR>$6 in rcpt && $7~"from=3D" = {<BR> =20 gsub("\+","-");gsub("<",""); gsub(">,","");<BR> = fr=3D$7;gsub("@"," @=20 ",fr);<BR>from[$6]=3Dsubstr(fr,6);<BR>print=20 reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"}<BR><BR>END=20 {<BR>system("sort /tmp/filter.tmp|uniq -c=20 >/tmp/filter.tmp2");<BR>FS=3D"|";<BR>OFS=3D"";<BR>print=20 "<html><head><title>Spamfilter</title>";<BR>print= =20 "</head>";<BR>print "<body bgcolor=3D\"#ffffcc\">";<BR>print = "<center><h1>Breve stoppet i=20 spamfilter<br>"DAG"</h1></center>";<BR>print = "<table=20 width=3D100%=20 border=3D1><tr><th>Antal</th><th>Server</th= ><th>Afsender</th><th>Modtager</th></tr>= ";<BR>while=20 (getline<"/tmp/filter.tmp2">0)<BR>{=20 ant=3Dsubstr($1,1,8);newreason=3Dsubstr($1,9);<BR> if = (newreason!=3Doldreason)=20 {oldreason=3Dnewreason;<BR>p++;<BR>print "<tr><th colspan=3D4=20 bgcolor=3D\"#",(p%2)?"ccaaaa":"aaccaa","\">";<BR>if = (newreason=3D=3D"blocked.html")=20 {print "Serveren er blokeret af ORBS fordi den videresender = spam"}<BR>else {=20 <BR> if (newreason=3D=3D"rss") {print "Serveren er blokeret af = mail-abuse.org=20 fordi den videresender spam"}<BR> else {<BR> if=20 (newreason=3D=3D"rbl") {print "Serveren er blokeret af mail-abuse.org = fordi den SELV=20 sender spam"}<BR> else = {<BR> if=20 (newreason=3D=3D"enduser.htm") {print "En fremmed modemopkobling = m&aring; ikke=20 sende post direkte"}<BR> else=20 {<BR> if = (newreason=3D=3D"denied") {print=20 "Relaying denied: Modtager er ikke kunde her, eller afsender benytter = ikke vores=20 modems"}<BR> =20 else<BR> if=20 (newreason=3D=3D"exist") {print "Domainet findes=20 ikke"}<BR> else=20 {<BR> = if=20 (newreason=3D=3D"resolve") {print "Domainet kan ikke sl&aring;s=20 op"}<BR>  = ; else=20 {<BR> &n= bsp; =20 print=20 newreason<BR> = =20 }<BR> =20 }<BR> =20 }<BR> }<BR> }<BR> =20 }<BR>print=20 "</th></tr>";<BR>}<BR><BR>color=3D(p%2)?"ccaaaa":"aaccaa";<BR= >printf=20 "<tr bgcolor=3D\"#%s\"><td=20 align=3Dright>%s</td><td>%s</td><td>%s</td&= gt;<td>%s</td></tr>\n",color,ant,$2,$3,$4}<BR><BR>print= =20 "</table></body><html>"<BR>}<BR> <TABLE width=3D"100%" border=3D1> <TBODY> <TR> <TH>Antal</TH> <TH>Server</TH> <TH>Afsender</TH> <TH>Modtager</TH></TR> <TR> <TH bgColor=3D#ccaaaa colSpan=3D4>(orbs)Your mailserver is not = allowed to send=20 because it is an open spam-relay:call+45 33119898 ext 2 or see = http:=20 www.orbs.org blocked.html </TH></TR> <TR bgColor=3D#ccaaaa> <TD align=3Dright>1 </TD> <TD>hard.yesnet.net.au</TD> <TD>root @ hard.hornymail.net</TD> <TD>jvhansen@</TD></TR> <TR bgColor=3D#ccaaaa> <TD align=3Dright>1 </TD> <TD>knut.kumoh.ac.kr</TD> <TD>FreeTV8 @ eagle.aegsp.br</TD> <TD>desitek@</TD></TR> <TR> <TH bgColor=3D#aaccaa colSpan=3D4>(rss)Your mailserver is not = allowed to send=20 to us because it is an open spam-relay;call+45 33119898 ext 2 or = see http:=20 mail-abuse.org rss </TH></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>IDENT:root@[200.33.248.34],</TD> <TD>FreeTV2 @ eagle.aegsp.br</TD> <TD>autzen@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>IDENT:root@[211.100.6.56],</TD> <TD>info1 @ networkshosts.com</TD> <TD>bogus@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>[151.38.23.207],</TD> <TD>beckyhinds @ ozemail.com.au</TD> <TD>ingeman@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>[194.72.206.130],</TD> <TD>menchoal @ ecompare.com</TD> <TD>funnel@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>[210.121.58.77],</TD> <TD>0085T1GyP @ mail.com</TD> <TD>oestergaard@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>[210.204.190.4],</TD> <TD>PleasureSex @ dicc.co.kr</TD> <TD>kemotron@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>[212.43.169.189],</TD> <TD>investor2210 @ hotmail.com</TD> <TD>bo-ren@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>ns.tran.co.jp</TD> <TD>dyzno @ ircnet.ee</TD> <TD>johnla@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>vistula.wis.pk.edu.pl</TD> <TD>bm21 @ prodigy.com</TD> <TD>humle@</TD></TR> <TR bgColor=3D#aaccaa> <TD align=3Dright>1 </TD> <TD>wpgateway.valleyhealth.org</TD> <TD>healthalert2001 @ yahoo.com</TD> <TD>ole_chr@</TD></TR> <TR> <TH bgColor=3D#ccaaaa colSpan=3D4>Relaying denied </TH></TR> <TR bgColor=3D#ccaaaa> <TD align=3Dright>1 </TD> <TD>cm-206-128-72-145.coralsprings.ispchannel.com</TD> <TD>butch1 @ thedoghousemail.com</TD> <TD>jez@magic.powernet.co.uk</TD></TR> <TR bgColor=3D#ccaaaa> <TD align=3Dright>1 </TD> <TD>rsvp-208-187-113-223.ac07.rcrd.eli.net</TD> <TD>fruitcake @ a.mx.innet.be,</TD> <TD>internet6999@netzero.net</TD></TR></TBODY></TABLE></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Btw. all recievers on this list are = expired=20 users.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>I have put all my expired users as = SPAMHATER in=20 access, because I run avpkeeper, and therfore</FONT></DIV> <DIV><FONT face=3DArial size=3D2>expired users are not rejected at = reception, but=20 after scanning. Then the sender is often long gone and = unreachable.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>----- Original Message ----- = </FONT></DIV> <DIV><FONT face=3DArial size=3D2>From: "Kal Torak" <</FONT><A=20 href=3D"mailto:kaltorak@quake.com.au"><FONT face=3DArial=20 size=3D2>kaltorak@quake.com.au</FONT></A><FONT face=3DArial = size=3D2>></FONT></DIV> <DIV><FONT face=3DArial size=3D2>To: "Michael Lyngb=F8l" <</FONT><A=20 href=3D"mailto:michael@lyngbol.dk"><FONT face=3DArial=20 size=3D2>michael@lyngbol.dk</FONT></A><FONT face=3DArial = size=3D2>></FONT></DIV> <DIV><FONT face=3DArial size=3D2>Cc: "J & C Frazier" <</FONT><A=20 href=3D"mailto:admin@csocs.com"><FONT face=3DArial=20 size=3D2>admin@csocs.com</FONT></A><FONT face=3DArial size=3D2>>; = <</FONT><A=20 href=3D"mailto:freebsd-isp@FreeBSD.ORG"><FONT face=3DArial=20 size=3D2>freebsd-isp@FreeBSD.ORG</FONT></A><FONT face=3DArial=20 size=3D2>></FONT></DIV> <DIV><FONT face=3DArial size=3D2>Sent: Sunday, January 14, 2001 10:46=20 AM</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Subject: Re: Problems with sendmail and = NSI</FONT></DIV> <DIV><FONT face=3DArial><BR><FONT size=3D2></FONT></FONT></DIV> <DIV><FONT face=3DArial size=3D2>> Michael Lyngb=F8l wrote:<BR>> = > <BR>>=20 > On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier = wrote:<BR>>=20 > > I recently tried to make some domain modifications with=20 Network<BR>> > > Solutions.<BR>> > > I complete the = process=20 successfully and it states it has sent the form<BR>> > > to = the<BR>>=20 > > e-mail address I've specified. Unfortunately I don't get = the=20 mail.<BR>> > <BR>> > Your're not using ORBS = (relays.orbs.org) in=20 your sendmail configuration?<BR>> > <BR>> > I've had the = same=20 problem and found out that NSI was listen in ORBS.<BR>> > <BR>> = >=20 /Michael<BR>> <BR>> Personally I would recommend against orbs, = since they=20 are a little too<BR>> pro-active when it comes to finding relays.. = They will=20 black list a server<BR>> and never send mail to the server informing = them of=20 it or anything...</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>As far as I can see, the=FD send to <A=20 href=3D"mailto:postmaster@listed.dom">postmaster@listed.dom</A> and <A=20 href=3D"mailto:postmaster@server.listed.dom">postmaster@server.listed.dom= </A></FONT></DIV> <DIV><FONT face=3DArial size=3D2>They also list on their page if that = message=20 bounced.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>As RFCsomething requires all domains to = have a=20 postmaster, if you don't you only have yourself to blame.</FONT></DIV> <DIV><FONT face=3DArial size=3D2>Also, the bounce messages should tell = you why you=20 are listed.</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2> </DIV> <DIV><BR>> <BR>> Also what orbs consider to be an open relay is = not=20 exactly what everyone<BR>> else thinks one is, I wont go into any = more=20 details, but I think RBL is<BR>> a better service, my personal = experience is=20 that orbs ends up blocking more<BR>> legitimate mail than = spam...<BR>>=20 <BR>orbs not only lists spam relays, it also lists spam sources.</DIV> <DIV></FONT> </DIV></BODY></HTML> ------=_NextPart_000_0180_01C07E1E.4DC2BAE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c07e33$a3495d60$0e00a8c0>