From owner-freebsd-isp Sun Jan 14 6:10:59 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 9135B37B400 for ; Sun, 14 Jan 2001 06:10:30 -0800 (PST) Received: (from uucp@localhost) by ns.internet.dk (8.11.1/8.11.1) with UUCP id f0EEAC320780; Sun, 14 Jan 2001 15:10:12 +0100 (CET) (envelope-from leifn@neland.dk) Received: from gina (gina.neland.dk [192.168.0.14]) by arnold.neland.dk (8.11.1/8.11.0) with SMTP id f0EE9Yi53088; Sun, 14 Jan 2001 15:09:34 +0100 (CET) (envelope-from leifn@neland.dk) Message-ID: <004201c07e33$a3495d60$0e00a8c0@neland.dk> Reply-To: "Leif Neland" From: "Leif Neland" To: "Kal Torak" , =?Windows-1252?Q?Michael_Lyngb=F8l?= Cc: "J & C Frazier" , References: <3A60EE08.3C9CD7AF@csocs.com> <20010114100939.A81339@tigerdyr.lyngbol.dk> <3A61755C.DD1690A4@quake.com.au> Subject: Re: Problems with sendmail and NSI Date: Sun, 14 Jan 2001 11:36:58 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0180_01C07E1E.4DC2BAE0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0180_01C07E1E.4DC2BAE0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable I don't recommend running dnsbl unattended. I have created this awk-script, which I run every hour. It creates a = webpage which list reason, server, sender and recipient for rejected = messages. BEGIN {OFS=3D"|"}; /check_rcpt/ || /Check_Subject/ { gsub("<","");=20 gsub(">,","");=20 rcpt[$6]=3Dsubstr($8,6);relay[$6]=3Dsubstr($9,7); gsub("/"," "); reas=3D$(NF); # for (m=3D10;m<=3DNF;m++) {if ($(m)~"@") {$(m)=3D"xxx";print = $0,"
"} }; n=3Dindex($0,"... "); reason1=3Dsubstr($0,n+4); match(reason1," [^ ]+@[^ ]+ "); reason[$6]=3Dreason1; if (RSTART) { reason[$6]=3Dsubstr(reason1,1,RSTART) " " = substr(reason1,RSTART+RLENGTH); } if ($0~"check MX") reason[$6]=3D"Kan ikke kontrollere MX for = modtageren"; if ($7~"Subject") reason[$6]=3D"I LOVE YOU"; } $6 in rcpt && $7~"from=3D" { gsub("\+","-");gsub("<",""); gsub(">,",""); fr=3D$7;gsub("@"," @ ",fr); from[$6]=3Dsubstr(fr,6); print reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"} END { system("sort /tmp/filter.tmp|uniq -c >/tmp/filter.tmp2"); FS=3D"|"; OFS=3D""; print "Spamfilter"; print ""; print ""; print "

Breve stoppet i spamfilter
"DAG"

"; print ""; while (getline<"/tmp/filter.tmp2">0) { ant=3Dsubstr($1,1,8);newreason=3Dsubstr($1,9); if (newreason!=3Doldreason) {oldreason=3Dnewreason; p++; print ""; } color=3D(p%2)?"ccaaaa":"aaccaa"; printf "\n",color,ant,= $2,$3,$4} print "
AntalServerAfsenderModtager=
"; if (newreason=3D=3D"blocked.html") {print "Serveren er blokeret af ORBS = fordi den videresender spam"} else {=20 if (newreason=3D=3D"rss") {print "Serveren er blokeret af = mail-abuse.org fordi den videresender spam"} else { if (newreason=3D=3D"rbl") {print "Serveren er blokeret af = mail-abuse.org fordi den SELV sender spam"} else { if (newreason=3D=3D"enduser.htm") {print "En fremmed = modemopkobling må ikke sende post direkte"} else { if (newreason=3D=3D"denied") {print "Relaying denied: Modtager = er ikke kunde her, eller afsender benytter ikke vores modems"} else if (newreason=3D=3D"exist") {print "Domainet findes ikke"} else { if (newreason=3D=3D"resolve") {print "Domainet kan ikke = slås op"} else { print newreason } } } } } } print "
%s%s%s%s
" } Antal Server Afsender Modtager=20 (orbs)Your mailserver is not allowed to send because it is an open = spam-relay:call+45 33119898 ext 2 or see http: www.orbs.org blocked.html = =20 1 hard.yesnet.net.au root @ hard.hornymail.net jvhansen@=20 1 knut.kumoh.ac.kr FreeTV8 @ eagle.aegsp.br desitek@=20 (rss)Your mailserver is not allowed to send to us because it is an = open spam-relay;call+45 33119898 ext 2 or see http: mail-abuse.org rss =20 1 IDENT:root@[200.33.248.34], FreeTV2 @ eagle.aegsp.br autzen@=20 1 IDENT:root@[211.100.6.56], info1 @ networkshosts.com bogus@=20 1 [151.38.23.207], beckyhinds @ ozemail.com.au ingeman@=20 1 [194.72.206.130], menchoal @ ecompare.com funnel@=20 1 [210.121.58.77], 0085T1GyP @ mail.com oestergaard@=20 1 [210.204.190.4], PleasureSex @ dicc.co.kr kemotron@=20 1 [212.43.169.189], investor2210 @ hotmail.com bo-ren@=20 1 ns.tran.co.jp dyzno @ ircnet.ee johnla@=20 1 vistula.wis.pk.edu.pl bm21 @ prodigy.com humle@=20 1 wpgateway.valleyhealth.org healthalert2001 @ yahoo.com ole_chr@ = Relaying denied =20 1 cm-206-128-72-145.coralsprings.ispchannel.com butch1 @ = thedoghousemail.com jez@magic.powernet.co.uk=20 1 rsvp-208-187-113-223.ac07.rcrd.eli.net fruitcake @ = a.mx.innet.be, internet6999@netzero.net=20 Btw. all recievers on this list are expired users. I have put all my expired users as SPAMHATER in access, because I run = avpkeeper, and therfore expired users are not rejected at reception, but after scanning. Then = the sender is often long gone and unreachable. ----- Original Message -----=20 From: "Kal Torak" To: "Michael Lyngb=F8l" Cc: "J & C Frazier" ; Sent: Sunday, January 14, 2001 10:46 AM Subject: Re: Problems with sendmail and NSI > Michael Lyngb=F8l wrote: > >=20 > > On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier wrote: > > > I recently tried to make some domain modifications with Network > > > Solutions. > > > I complete the process successfully and it states it has sent the = form > > > to the > > > e-mail address I've specified. Unfortunately I don't get the = mail. > >=20 > > Your're not using ORBS (relays.orbs.org) in your sendmail = configuration? > >=20 > > I've had the same problem and found out that NSI was listen in ORBS. > >=20 > > /Michael >=20 > Personally I would recommend against orbs, since they are a little too > pro-active when it comes to finding relays.. They will black list a = server > and never send mail to the server informing them of it or anything... As far as I can see, the=FD send to postmaster@listed.dom and = postmaster@server.listed.dom They also list on their page if that message bounced. As RFCsomething requires all domains to have a postmaster, if you don't = you only have yourself to blame. Also, the bounce messages should tell you why you are listed. >=20 > Also what orbs consider to be an open relay is not exactly what = everyone > else thinks one is, I wont go into any more details, but I think RBL = is > a better service, my personal experience is that orbs ends up blocking = more > legitimate mail than spam... >=20 orbs not only lists spam relays, it also lists spam sources. ------=_NextPart_000_0180_01C07E1E.4DC2BAE0 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable
I don't recommend running dnsbl=20 unattended.
I have created this awk-script, which I = run every=20 hour. It creates a webpage which list reason, server, sender and = recipient for=20 rejected messages.
 
BEGIN {OFS=3D"|"};
/check_rcpt/ || /Check_Subject/ {
 =20 gsub("<","");
  gsub(">,","");
 =20 rcpt[$6]=3Dsubstr($8,6);relay[$6]=3Dsubstr($9,7);
  gsub("/"," = ");
 =20 reas=3D$(NF);
#  for (m=3D10;m<=3DNF;m++) {if ($(m)~"@") = {$(m)=3D"xxx";print=20 $0,"<br>"} };
  n=3Dindex($0,"... ");
 =20 reason1=3Dsubstr($0,n+4);
  match(reason1," [^ ]+@[^ ]+ = ");
 =20 reason[$6]=3Dreason1;
  if (RSTART) {
 =20 reason[$6]=3Dsubstr(reason1,1,RSTART) " "=20 substr(reason1,RSTART+RLENGTH);
  }
  if ($0~"check MX") = reason[$6]=3D"Kan ikke kontrollere MX for modtageren";
  if = ($7~"Subject")=20 reason[$6]=3D"I LOVE YOU";
}
$6 in rcpt && $7~"from=3D" = {
 =20 gsub("\+","-");gsub("<",""); gsub(">,","");
  = fr=3D$7;gsub("@"," @=20 ",fr);
from[$6]=3Dsubstr(fr,6);
print=20 reason[$6],relay[$6],from[$6],rcpt[$6]>"/tmp/filter.tmp"}

END=20 {
system("sort /tmp/filter.tmp|uniq -c=20 >/tmp/filter.tmp2");
FS=3D"|";
OFS=3D"";
print=20 "<html><head><title>Spamfilter</title>";
print= =20 "</head>";
print "<body bgcolor=3D\"#ffffcc\">";
print = "<center><h1>Breve stoppet i=20 spamfilter<br>"DAG"</h1></center>";
print = "<table=20 width=3D100%=20 border=3D1><tr><th>Antal</th><th>Server</th= ><th>Afsender</th><th>Modtager</th></tr>= ";
while=20 (getline<"/tmp/filter.tmp2">0)
{=20 ant=3Dsubstr($1,1,8);newreason=3Dsubstr($1,9);
  if = (newreason!=3Doldreason)=20 {oldreason=3Dnewreason;
p++;
print "<tr><th colspan=3D4=20 bgcolor=3D\"#",(p%2)?"ccaaaa":"aaccaa","\">";
if = (newreason=3D=3D"blocked.html")=20 {print "Serveren er blokeret af ORBS fordi den videresender = spam"}
else {=20
  if (newreason=3D=3D"rss") {print "Serveren er blokeret af = mail-abuse.org=20 fordi den videresender spam"}
  else {
    if=20 (newreason=3D=3D"rbl") {print "Serveren er blokeret af mail-abuse.org = fordi den SELV=20 sender spam"}
    else = {
      if=20 (newreason=3D=3D"enduser.htm") {print "En fremmed modemopkobling = m&aring; ikke=20 sende post direkte"}
      else=20 {
        if = (newreason=3D=3D"denied") {print=20 "Relaying denied: Modtager er ikke kunde her, eller afsender benytter = ikke vores=20 modems"}
       =20 else
          if=20 (newreason=3D=3D"exist") {print "Domainet findes=20 ikke"}
          else=20 {
            = if=20 (newreason=3D=3D"resolve") {print "Domainet kan ikke sl&aring;s=20 op"}
           = ; else=20 {
           &n= bsp; =20 print=20 newreason
          =  =20 }
         =20 }
       =20 }
      }
    }
 =20 }
print=20 "</th></tr>";
}

color=3D(p%2)?"ccaaaa":"aaccaa";printf=20 "<tr bgcolor=3D\"#%s\"><td=20 align=3Dright>%s</td><td>%s</td><td>%s</td&= gt;<td>%s</td></tr>\n",color,ant,$2,$3,$4}

print= =20 "</table></body><html>"
}
Antal Server Afsender Modtager
(orbs)Your mailserver is not = allowed to send=20 because it is an open spam-relay:call+45 33119898 ext 2 or see = http:=20 www.orbs.org blocked.html
1 hard.yesnet.net.au root @ hard.hornymail.net jvhansen@
1 knut.kumoh.ac.kr FreeTV8 @ eagle.aegsp.br desitek@
(rss)Your mailserver is not = allowed to send=20 to us because it is an open spam-relay;call+45 33119898 ext 2 or = see http:=20 mail-abuse.org rss
1 IDENT:root@[200.33.248.34], FreeTV2 @ eagle.aegsp.br autzen@
1 IDENT:root@[211.100.6.56], info1 @ networkshosts.com bogus@
1 [151.38.23.207], beckyhinds @ ozemail.com.au ingeman@
1 [194.72.206.130], menchoal @ ecompare.com funnel@
1 [210.121.58.77], 0085T1GyP @ mail.com oestergaard@
1 [210.204.190.4], PleasureSex @ dicc.co.kr kemotron@
1 [212.43.169.189], investor2210 @ hotmail.com bo-ren@
1 ns.tran.co.jp dyzno @ ircnet.ee johnla@
1 vistula.wis.pk.edu.pl bm21 @ prodigy.com humle@
1 wpgateway.valleyhealth.org healthalert2001 @ yahoo.com ole_chr@
Relaying denied
1 cm-206-128-72-145.coralsprings.ispchannel.com butch1 @ thedoghousemail.com jez@magic.powernet.co.uk
1 rsvp-208-187-113-223.ac07.rcrd.eli.net fruitcake @ a.mx.innet.be, internet6999@netzero.net
 
Btw. all recievers on this list are = expired=20 users.
I have put all my expired users as = SPAMHATER in=20 access, because I run avpkeeper, and therfore
expired users are not rejected at = reception, but=20 after scanning. Then the sender is often long gone and = unreachable.
 
----- Original Message ----- =
From: "Kal Torak" <kaltorak@quake.com.au>
To: "Michael Lyngb=F8l" <michael@lyngbol.dk>
Cc: "J & C Frazier" <admin@csocs.com>; = <freebsd-isp@FreeBSD.ORG>
Sent: Sunday, January 14, 2001 10:46=20 AM
Subject: Re: Problems with sendmail and = NSI

> Michael Lyngb=F8l wrote:
> = >
>=20 > On Sat, Jan 13, 2001 at 05:08:40PM -0700, J & C Frazier = wrote:
>=20 > > I recently tried to make some domain modifications with=20 Network
> > > Solutions.
> > > I complete the = process=20 successfully and it states it has sent the form
> > > to = the
>=20 > > e-mail address I've specified.  Unfortunately I don't get = the=20 mail.
> >
> > Your're not using ORBS = (relays.orbs.org) in=20 your sendmail configuration?
> >
> > I've had the = same=20 problem and found out that NSI was listen in ORBS.
> >
> = >=20 /Michael
>
> Personally I would recommend against orbs, = since they=20 are a little too
> pro-active when it comes to finding relays.. = They will=20 black list a server
> and never send mail to the server informing = them of=20 it or anything...
 
As far as I can see, the=FD send to postmaster@listed.dom and postmaster@server.listed.dom=
They also list on their page if that = message=20 bounced.
As RFCsomething requires all domains to = have a=20 postmaster, if you don't you only have yourself to blame.
Also, the bounce messages should tell = you why you=20 are listed.
 
 

>
> Also what orbs consider to be an open relay is = not=20 exactly what everyone
> else thinks one is, I wont go into any = more=20 details, but I think RBL is
> a better service, my personal = experience is=20 that orbs ends up blocking more
> legitimate mail than = spam...
>=20
orbs not only lists spam relays, it also lists spam sources.
 
------=_NextPart_000_0180_01C07E1E.4DC2BAE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message