Spam filtering

Chris Wagner ismgr at atchisonkansas.net
Mon Sep 8 14:07:00 CDT 2003


Jason Crowe wrote:

> Post the relavent section of your log file and it'll probably tell you 
> what (if anything) is wrong.
>
> Jason
> Chris Wagner wrote:
>
>> We're running Postfix on a Yellow Dog 3.0 install and I have created 
>> a .procmailrc (as suggested by a very gracious member here with full 
>> attachment clipping - thanks so much) and a .forward file for a 
>> single unix account user. I sent a couple of test messages to that 
>> user account with a small .exe file attached and the recipe seemed to 
>> work like a charm, but I have a question.
>>
>> As far as I can tell, the recipe calls for stripping the attachment 
>> based on specified type and then dumping the message in a 
>> .messages-rejected directory.
>>
>> However, when I check the directory itself, I find no instance of 
>> anything there......
>>
>> Should I be seeing any data in that directory when a message is run 
>> through the procmail filtering and thrown in that directory?
>>
>> Here's the contents of the file:
>>
>> VERBOSE=off
>> LOGABSTRACT=yes
>> LOGFILE=/var/log/procmail.log
>> COMSAT=no
>>
>> :0 B
>> *^Content-Type: (application|audio)
>> *^.*name=.*.(vb[esx]|ws[hf]|c[ho]m|bat|cmd|hta|exe|lnk|pif|scr|shs)
>> .messages-rejected/
>>
>> ## subject lines with 'adv' or 'advertisement' or some other variation
>> :0:
>> * ^Subject: [?ADV.*]?
>> /var/log/spam
>>
>> Thanks, all.
>>
>> Chris
>>
>>
>>
>>
>
>
>
Here's a snip of the maillog:

Sep  8 09:33:54 atchisonkansas postfix/smtp[11994]: 89895471BF: 
to=<pserver at atchisonkansas.net>, relay=none, delay=10, stat$
Sep  8 08:33:55 atchisonkansas popper[12003]: Stats: ismgr 0 0 0 0 ismgr 
127.0.0.1
Sep  8 08:33:57 atchisonkansas popper[12004]: Stats: ismgr 0 0 0 0 ismgr 
127.0.0.1
Sep  8 08:34:01 atchisonkansas popper[12005]: Stats: ismgr 0 0 0 0 ismgr 
127.0.0.1
Sep  8 09:36:11 atchisonkansas postfix/smtpd[12023]: connect from 
unknown[10.1.1.33]
Sep  8 08:36:11 atchisonkansas popper[12024]: Stats: ismgr 0 0 0 0 ismgr 
127.0.0.1
Sep  8 09:36:11 atchisonkansas postfix/smtpd[12023]: 411FF47137: 
client=unknown[10.1.1.33]
Sep  8 09:36:11 atchisonkansas postfix/cleanup[12025]: 411FF47137: 
message-id=<001e01c3760f$de490420$2401010a at proserv.gopro$
Sep  8 09:36:11 atchisonkansas postfix/nqmgr[649]: 411FF47137: 
from=<pserver at atchisonkansas.net>, size=1563, nrcpt=1 (queue$
Sep  8 08:36:11 atchisonkansas procmail[12027]: Error while writing to 
"/var/log/procmail.log"
Sep  8 08:36:11 atchisonkansas postfix/local[12026]: 411FF47137: 
to=<ismgr@[10.1.1.5]>, relay=local, delay=0, status=sent ($
Sep  8 08:36:17 atchisonkansas popper[12029]: ismgr at ismgr 
(127.0.0.1): -ERR Unknown command: "xsender".
Sep  8 08:36:17 atchisonkansas popper[12029]: Stats: ismgr 1 1668 0 0 
ismgr 127.0.0.1
Sep  8 09:36:21 atchisonkansas postfix/smtpd[12023]: disconnect from 
unknown[10.1.1.33]
Sep  8 08:36:23 atchisonkansas popper[12030]: Stats: ismgr 0 0 0 0 ismgr 
127.0.0.1
Sep  8 08:41:13 atchisonkansas popper[12062]: (v4.0.4) Unable to get 
canonical name of client 10.1.1.36: Unknown host (1)
Sep  8 08:41:13 atchisonkansas popper[12062]: Stats: pserver 0 0 0 0 
10.1.1.36 10.1.1.36
Sep  8 08:43:42 atchisonkansas popper[12079]: Stats: ismgr 0 0 0 0 ismgr 
127.0.0.1
Sep  8 09:48:21 atchisonkansas postfix/nqmgr[649]: E3861471BE: from=<>, 
size=51686, nrcpt=1 (queue active)
Sep  8 09:48:32 atchisonkansas postfix/smtp[12291]: connect to 
mail.atchisonkansas.net[164.113.207.142]: Connection refused$
Sep  8 09:48:32 atchisonkansas postfix/smtp[12291]: E3861471BE: 
to=<pserver at atchisonkansas.net>, relay=none, delay=1149, st$
Sep  8 08:53:42 atchisonkansas popper[12329]: Stats: ismgr 0 0 0 0 ismgr 
127.0.0.1

I really don't understand how this all works, so be gentle.  :-)

Thanks!

Chris




More information about the Kclug mailing list