postgreyreport(1)
NAME
postgreyreport - Fatal report for Postfix Greylisting Policy Server
SYNOPSIS
postgreyreport [options...]
-h, --help display this help and exit
--version display version and exit
--user=USER run as USER (default: postgrey)
--dbdir=PATH find db files in PATH (default: /var/lib/postgrey)
--delay=N report triplets that did not try again after N seconds (default: 300)
--greylist-text=TXT text to match on for greylist maillog lines
--skip_pool Skip report for 'subscriber pools' ( last 2 octets of IP found in PTR name )
--skip_dnsbl=RBL RBL server to query and skip reporting for any listed hosts (SLOW!!)
--skip_clients=FILE PTR or IP or REGEXP of clients to skip in report
--match_clients=FILE *ONLY* report if fatal *AND* PTR/IP of client matches
--show_tries display the number of attempts failed triplets made in first column
--nosingle_line display sender/recipients grouped by ptr - ip
--separate_by_subnet=TXT display TXT for every new /24 (ex: "=================\n" )
--separate_by_ip=TXT display TXT for every new IP (ex: "\n")
--check_sender=LIST one or more of: mx,mx/24,a,a/24
does DNS/A lookups for sender @domain and compares sending IP
if match displays "MX" "A" or "MX/24" or "A/24" depending on LIST
Note that --(skip|match)_clients can be specified multiple times and there are no default files.
Same rules apply as postgrey's --whitelist-clients, see postgrey doc for more info.
--skip_dnsbl can also be specified multiple times to query multiple DNSBL servers.
DESCRIPTION
postgreyreport opens postgrey.db as read-only; reads a maillog via
STDIN, extracts the triplets for any Greylisted lines and looks them up
in postgrey.db. if the difference in first and last time seen is less
than --delay=N then the triplet is considered fatal and displayed to
STDOUT
- The report sorts by client IP address
- Note:
- unless you are using --lookup_by_subnet or excluding all known MTA
pools you will likely have false fatal reports for "BigISPs". A message that was tried from every IP in SMTP pool before making it through will show up in the report for all of the attempted source IPs - USAGE
- It is best to run postgreyreport against a maillog that is at least
several hours old (yesterdays?) ( you be the judge on how old is
acceptable ). if you run the report against a live maillog you are not giving legit MTA's enough time to try again and you will have lots of
inaccurate information. - · Ex usage:
zcat /var/log/maillog.0.gz | ./postgreyreport [options] > postgreyreport.logorzcat /var/log/maillog.0.gz | \
./postgreyreport --nosingle_line --check_sender=mx,a \
--separate_by_subnet=":==================\n"
# 94 "=" total, some were omitted for clarity - · Ex Output: ( POD wrapping will mess this up, view source )
:============================================================================================ unknown 4.29.43.31marissa_mcclendonuu@abit.com.tw user1@recipient1.comjake_meyerdt@ali.com.tw user2@recipient1.comjenny_banks_sh@translate.ru user1@recipient2.comrvazquezpo@ali.com.tw user3@recipient1.comaep@notimexico.com user2@recipient1.combrittneystanley_ei@cetra.org.tw user2@recipient1.combrendasheehan_cw@lib.ru user2@recipient1.com:============================================================================================ lsanca1-ar5-127-189.biz.dsl.gtei.net 4.33.127.189A fokkensr@lsanca1-ar5-127-189.biz.dsl.gtei.net user2@recipient1.com
cyxlfrfwciercu@publicist.com user3@recipient4.com:============================================================================================ smtpout.mac.com 17.250.248.83do_not_reply@apple.com user4@recipient5.com- smtpout.mac.com 17.250.248.88
- MX legituser@mac.com user6@recipient7.com
- :============================================================================================
HISTORY
- 1.14.2 20040715
- BUGFIX: (automatic) lookup-by-subnet support was broken, fixed.
BUGFIX: corrected a few spelling errors
new Option: --skip_pool Skip report for 'subscriber pools' - 1.14.1 20040712
Changed --return-string to --greylist-text to match postgrey
new Option: --skip_clients=FILE
new Option: --match_clients=FILE
new Option: --skip_dnsbl=RBL.DNS.NAME
All 3 of the new options can be specified multiple times.
Updated do_*_subsititions again to match postgrey- 1.11.1 20040701
missing keys from DB are considered fatal triplets and included in report Changed --delay testing from "greater than" to "greater than or equal to" Fixed --help and --man switches
Removed setuid Notice- 1.6.4 20040618
Initial Public Version (postgrey/contrib)
AUTHOR
Tom Baker <tbaker@bakerfl.org>
POD ERRORS
Hey! The above document had some coding errors, which are explained
below:
- Around line 632:
- '=item' outside of any '=over'
- Around line 668:
- You forgot a '=back' before '=head1'