Man Linux: Main Page and Category List

NAME

       postgreyreport - Fatal report for Postfix Greylisting Policy Server

SYNOPSIS

       postgreyreport [options...]

        -h, --help                   display this help and exit
            --version                display version and exit

            --user=USER              run as USER (default: postgrey)
            --dbdir=PATH             find db files in PATH (default: /var/lib/postgrey)
            --delay=N                report triplets that did not try again after N seconds (default: 300)
            --greylist-text=TXT      text to match on for greylist maillog lines

            --skip_pool              Skip report for 'subscriber pools' ( last 2 octets of IP found in PTR name )
            --skip_dnsbl=RBL         RBL server to query and skip reporting for any listed hosts (SLOW!!)
            --skip_clients=FILE      PTR or IP or REGEXP of clients to skip in report
            --match_clients=FILE     *ONLY* report if fatal *AND* PTR/IP of client matches

            --show_tries             display the number of attempts failed triplets made in first column

            --nosingle_line          display sender/recipients grouped by ptr - ip
            --separate_by_subnet=TXT display TXT for every new /24 (ex: "=================\n" )
            --separate_by_ip=TXT     display TXT for every new IP  (ex: "\n")
            --check_sender=LIST      one or more of: mx,mx/24,a,a/24
                                     does DNS/A lookups for sender @domain and compares sending IP
                                     if match displays "MX" "A" or "MX/24" or "A/24" depending on LIST

          Note that --(skip|match)_clients can be specified multiple times and there are no default files.
          Same rules apply as postgrey's --whitelist-clients, see postgrey doc for more info.

          --skip_dnsbl can also be specified multiple times to query multiple DNSBL servers.

DESCRIPTION

       postgreyreport opens postgrey.db as read-only; reads a maillog via
       STDIN, extracts the triplets for any Greylisted lines and looks them up
       in postgrey.db.  if the difference in first and last time seen is less
       than --delay=N then the triplet is considered fatal and displayed to
       STDOUT

       The report sorts by client IP address

   Note:
       unless you are using --lookup_by_subnet or excluding all known MTA
       pools you will likely have false fatal reports for "BigISPs". A message
       that was tried from every IP in SMTP pool before making it through will
       show up in the report for all of the attempted source IPs

   USAGE
       It is best to run postgreyreport against a maillog that is at least
       several hours old (yesterdays?)  ( you be the judge on how old is
       acceptable ). if you run the report against a live maillog you are not
       giving legit MTA’s enough time to try again and you will have lots of
       inaccurate information.

       ·   Ex usage:

                   zcat /var/log/maillog.0.gz | ./postgreyreport [options] > postgreyreport.log

                   or

                   zcat /var/log/maillog.0.gz | \
                   ./postgreyreport --nosingle_line --check_sender=mx,a \
                   --separate_by_subnet=":==================\n"
                   # 94 "=" total, some were omitted for clarity

       ·   Ex Output: ( POD wrapping will mess this up, view source )

            :============================================================================================
            unknown                 4.29.43.31
                               marissa_mcclendonuu@abit.com.tw                      user1@recipient1.com
                                       jake_meyerdt@ali.com.tw                      user2@recipient1.com
                                   jenny_banks_sh@translate.ru                      user1@recipient2.com
                                         rvazquezpo@ali.com.tw                      user3@recipient1.com
                                            aep@notimexico.com                      user2@recipient1.com
                               brittneystanley_ei@cetra.org.tw                      user2@recipient1.com
                                       brendasheehan_cw@lib.ru                      user2@recipient1.com
            :============================================================================================
            lsanca1-ar5-127-189.biz.dsl.gtei.net      4.33.127.189
               A      fokkensr@lsanca1-ar5-127-189.biz.dsl.gtei.net                 user2@recipient1.com

                                  cyxlfrfwciercu@publicist.com                      user3@recipient4.com
            :============================================================================================
            smtpout.mac.com       17.250.248.83
                                        do_not_reply@apple.com                      user4@recipient5.com

            smtpout.mac.com       17.250.248.88
              MX                             legituser@mac.com                      user6@recipient7.com
            :============================================================================================

HISTORY

       1.14.2  20040715

         BUGFIX: (automatic) lookup-by-subnet support was broken, fixed.
         BUGFIX: corrected a few spelling errors
         new Option: --skip_pool   Skip report for 'subscriber pools'

       1.14.1  20040712

         Changed --return-string to --greylist-text to match postgrey
         new Option: --skip_clients=FILE
         new Option: --match_clients=FILE
         new Option: --skip_dnsbl=RBL.DNS.NAME
         All 3 of the new options can be specified multiple times.
         Updated do_*_subsititions again to match postgrey

       1.11.1 20040701

         missing keys from DB are considered fatal triplets and included in report
         Changed --delay testing from "greater than" to "greater than or equal to"
         Fixed --help and --man switches
         Removed setuid Notice

       1.6.4  20040618

         Initial Public Version (postgrey/contrib)

AUTHOR

       Tom Baker <tbaker@bakerfl.org>