|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Postfix & Logcheck
From: Darron Froese (darron
froese.org)Date: Tue Sep 19 2000 - 14:30:07 CDT
- Next message: Brad Knowles: "Re: Sendmail --> PostFix conversion"
- Previous message: Lawrence Greenfield: "Re: hmmmm...."
- In reply to: Jim Seymour: "Re: Postfix & Logcheck"
- Next in thread: Ralf Hildebrandt: "Re: Postfix & Logcheck"
- Reply: Darron Froese: "Re: Postfix & Logcheck"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
on 9/19/00 8:04 AM, Jim Seymour at jseymourLinxNet.com wrote:
> More on-topic... as Brad notes elsewhere: logcheck has a much different
> purpose in life than does pflogsumm. If what he wants is alerts in
> "real time", logcheck would be the more appropriate tool.
What I would suggest is:
1. Deploy logcheck.
2. Look at the results that it sends you - it will send you *everything* at
first.
3. Add your own rules to block the crap you don't need to see.
These are some of my rules:
postfix/smtpd.*connect from .*internal.address.com\[192.168.1*
postfix/smtpd.*client=.*internal.internal.com\[192.168.1.*
postfix/smtp.*to=.*status=sent.*250.*
postfix/qmgr.*from=.*address.com
postfix/cleanup.*message-id=.*internal.address.com.
postfix/cleanup.*message-id=.*192.168.1.*
That way I don't see those messages because they're normal but I still see
these ones:
Sep 11 08:45:53 gateway postfix/smtp[1424]: 6097611D302:
to=<usernameplace.com>, relay=mx1.mail.yahoo.com[216.115.107.16], delay=85,
status=deferred (lost connection with mx1.mail.yahoo.com[216.115.107.16]
while sending MAIL FROM)
Sep 11 08:48:35 gateway postfix/smtp[1450]: CA8A411D304:
to=<charliesmailaddress.com>, relay=test2.mailserver.com[105.91.88.218],
delay=12, status=bounced (host test2.mailserver.com[105.91.88.218] said: 550
<charliesmailaddress.com>: User unknown)
Sep 11 09:06:06 gateway postfix/smtp[1559]: connect to
mx1.mail.yahoo.com[128.11.68.59]: server dropped connection (port 25)
Sep 11 09:07:39 gateway postfix/smtp[1559]: connect to
mx1.mail.yahoo.com[216.115.107.16]: server dropped connection (port 25)
Sep 11 09:07:39 gateway postfix/smtp[1559]: connect to
mx1.mail.yahoo.com[128.11.22.90]: server dropped connection (port 25)
Sep 11 09:07:39 gateway postfix/smtp[1559]: connect to
mx1.mail.yahoo.com[128.11.22.89]: server dropped connection (port 25)
It's really a "season-to-taste" kind of setup. My full set of rules don't
really work for anyone else.
-- Darron darron
- Next message: Brad Knowles: "Re: Sendmail --> PostFix conversion"
- Previous message: Lawrence Greenfield: "Re: hmmmm...."
- In reply to: Jim Seymour: "Re: Postfix & Logcheck"
- Next in thread: Ralf Hildebrandt: "Re: Postfix & Logcheck"
- Reply: Darron Froese: "Re: Postfix & Logcheck"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]