me at junc
Jun 8, 2012, 4:42 AM
Post #2 of 3
(202 views)
Permalink
|
|
Re: Slightly OT: parsing spamass-milter logs
[In reply to]
|
|
Den 2012-06-07 23:50, forrie skrev:
> We have sendmail and spamass-milter running -- I'm trying to figure
> out how
> to parse out the SA-blocked IP addresses, but because of how
> spamass-milter
> logs data (ie: no IP address), you have to use the MESSAGE-ID to find
> the
> relay.
incorrect since if sender eq spammer dont add @ in massage-id then
sendmil will add you own hostname in sendmail and you will end block
your own mta by this rule
atleast that is what postfix does
> There must be some clever way to do this -- I don't know if the IP
> address
> of the incoming rejected system is available to the spamass-milter
> process;
> if it is, a modification to the code would suffice. otherwise, it
> would
> require multiple parses of the maillog to determine the IP.
if you need to make blocking, then you need aswell more loging, if you
do not do this there is only one way to make rejecting of spam but parse
spamming ips with
spamassassin 2>&1 -D -t spammsg | grep untrusted | less
this is a ip relay list, build a local rbl from it, and use that as rbl
check in sendmail
og make it as a rbl check in spamassassin with a high score so
spamas-milter will reject it :=)
> This is frustrating... but I'm sure someone else better at scripting
> has
> figured it out.
its just that you have no logs from sendmail/spamas-milter
nothing todo with spamassassin
|
