Bug 1133357 - postscreen DNSBL rejections not counted
Summary: postscreen DNSBL rejections not counted
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 21
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-25 02:37 UTC by Harald Reindl
Modified: 2015-06-29 22:31 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-06-29 22:14:39 UTC
Type: Bug


Attachments (Terms of Use)
dnsblcount perl script (2.56 KB, text/plain)
2014-09-24 08:50 UTC, Harald Reindl
no flags Details

Description Harald Reindl 2014-08-25 02:37:40 UTC
records like below not shown which are 90% on postscreen enabled machines
http://www.postfix.org/POSTSCREEN_README.html

Aug 25 03:33:54 localhost postfix/postscreen[22415]: DNSBL rank 40 for [111.73.45.149]:1349
Aug 25 03:33:55 localhost postfix/postscreen[22415]: NOQUEUE: reject: RCPT from [111.73.45.149]:1349: 550 5.7.1 Service unavailable; client [111.73.45.149] blocked using dnsbl.thelounge.net; from=<test@*****>, to=<xiyngyaaso@yahoo.com>, proto=ESMTP, helo=<WAK-20140823XOK>

Comment 1 Harald Reindl 2014-08-25 22:20:27 UTC
see also https://sourceforge.net/p/logreporters/bugs/3/

Comment 2 Jan Synacek 2014-09-24 06:59:41 UTC
Please, try https://admin.fedoraproject.org/updates/logwatch-7.4.1-1.20140924svn242.fc20 if it resolves the issue.

Comment 3 Harald Reindl 2014-09-24 08:26:48 UTC
negative - the "133915 Postscreen" are still missing 
in the reject stats, se current output after update below

Aktualisiert:                                                                   logwatch.noarch 0:7.4.1-1.20140924svn242.fc20
                                                                                                                                  
[root@mail-gw:/data]$ /etc/cron.daily/0logwatch

 --------------------- Postfix Begin ------------------------ 

      219   Miscellaneous warnings  
 
  509.073M  Bytes accepted                         533,801,373
  533.004M  Bytes sent via SMTP                    558,894,961
 ========   ==================================================
 
     3537   Accepted                                    71.56%
     1406   Rejected                                    28.44%
 --------   --------------------------------------------------
     4943   Total                                      100.00%
 ========   ==================================================
 
        5   5xx Reject relay denied                      0.36%
       25   5xx Reject HELO/EHLO                         1.78%
      409   5xx Reject unknown user                     29.09%
       17   5xx Reject recipient address                 1.21%
      221   5xx Reject sender address                   15.72%
      313   5xx Reject unknown reverse client host      22.26%
       28   5xx Reject unverified client host            1.99%
       17   5xx Reject header                            1.21%
      371   5xx Reject milter                           26.39%
 --------   --------------------------------------------------
     1406   Total 5xx Rejects                          100.00%
 ========   ==================================================
 
        6   4xx Reject recipient address                75.00%
        2   4xx Reject sender address                   25.00%
 --------   --------------------------------------------------
        8   Total 4xx Rejects                          100.00%
 ========   ==================================================
 
     4488   Connections             
      302   Connections lost (inbound) 
     4488   Disconnections          
     3329   Removed from queue      
     3164   Sent via SMTP           
        2   Resent                  
   133915   Postscreen              
     2393   Policy SPF

Comment 4 Harald Reindl 2014-09-24 08:50:57 UTC
Created attachment 940717 [details]
dnsblcount perl script

what i find interesting is that the attached script used untouched since 2008 (before postscreen existed) makes pretty nice RBL stats, the "133915 Postscreen" count is a number of different stuff, not rejects only

[root@mail-gw:~]$ /usr/local/sbin/dnsblcount /var/log/maillog
spamhaus.org               50420
barracudacentral.org       13345
sorbs.net                   8931
inps.de                     7125
thelounge.net                334
manitu.net                   121
spamcop.net                   65
mailspike.net                 34
psbl.org                      27
uceprotect.net                 8
spameatingmonkey.net           1
=================================
Total DNSBL rejections:     80411

Comment 5 Harald Reindl 2014-09-25 00:35:36 UTC
BTW: that logwatch build seems to have a regression in NTP context

 --------------------- XNTPD Begin ------------------------ 

 Scalar found where operator expected at /usr/share/logwatch/scripts/services/xntpd line 128, near ")
        $Errors"
 	(Missing operator before $Errors?)
 Use of my $_ is experimental at /usr/share/logwatch/scripts/services/xntpd line 165.
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 128, near ")
        $Errors"
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 128, near "++;"
 Unmatched right curly bracket at /usr/share/logwatch/scripts/services/xntpd line 145, at end of line
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 163, near "}"
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 167, near "}"
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 181, near "}"
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 193, near "}"
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 200, near "}"
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 205, near "}"
 syntax error at /usr/share/logwatch/scripts/services/xntpd line 212, near "}"
 /usr/share/logwatch/scripts/services/xntpd has too many errors.
 
 ---------------------- XNTPD End -------------------------

Comment 6 Jan Synacek 2014-09-25 09:06:07 UTC
(In reply to Harald Reindl from comment #5)
> BTW: that logwatch build seems to have a regression in NTP context

Bah, I messed up the patch somehow. It should be fixed in logwatch-7.4.1-2. Thanks for catching this.

Comment 7 Harald Reindl 2014-09-25 09:35:08 UTC
called /etc/cron.daily/0logwatch manually with the lastest build and the NTP errors are gone (well, there is no ntpd on that machine, VMware guest sync with host)

sadly the reject stats still don't count RBL

i am using the two lines below to count summarys of the complete log, but DUNNO how to get that in logwatch in a proper way

echo "Reject Postscreen: `grep 'NOQUEUE' /var/log/maillog | grep 'reject' | grep 'postscreen' | wc -l`"
echo "Blacklist:         `grep 'NOQUEUE' /var/log/maillog | grep 'blocked using' | grep 'postscreen' | wc -l`"

Comment 8 Fedora End Of Life 2015-05-29 12:43:30 UTC
This message is a reminder that Fedora 20 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 20. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '20'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 20 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 9 Fedora End Of Life 2015-06-29 22:14:39 UTC
Fedora 20 changed to end-of-life (EOL) status on 2015-06-23. Fedora 20 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.