This is the command postgreyreport that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
postgreyreport - Fatal report for Postfix Greylisting Policy Server
SYNOPSIS
postgreyreport [options...]
-h, --help display this help and exit
--version display version and exit
--user=USER run as USER (default: postgrey)
--dbdir=PATH find db files in PATH (default: /var/lib/postgrey)
--delay=N report triplets that did not try again after N seconds (default: 300)
--greylist-text=TXT text to match on for greylist maillog lines
--skip_pool Skip report for 'subscriber pools' ( last 2 octets of IP found in PTR name )
--skip_dnsbl=RBL RBL server to query and skip reporting for any listed hosts (SLOW!!)
--skip_clients=FILE PTR or IP or REGEXP of clients to skip in report
--match_clients=FILE *ONLY* report if fatal *AND* PTR/IP of client matches
--show_tries display the number of attempts failed triplets made in first column
--show_time show entry time in maillog (single line only)
--tab use tabs as separators for easy cut(1)ting
--nosingle_line display sender/recipients grouped by ptr - ip
--separate_by_subnet=TXT display TXT for every new /24 (ex: "=================\n" )
--separate_by_ip=TXT display TXT for every new IP (ex: "\n")
--check_sender=LIST one or more of: mx,mx/24,a,a/24
does DNS/A lookups for sender @domain and compares sending IP
if match displays "MX" "A" or "MX/24" or "A/24" depending on LIST
Note that --(skip|match)_clients can be specified multiple times and there are no default files.
Same rules apply as postgrey's --whitelist-clients, see postgrey doc for more info.
--skip_dnsbl can also be specified multiple times to query multiple DNSBL servers.
DESCRIPTION
postgreyreport opens postgrey.db as read-only; reads a maillog via STDIN, extracts the
triplets for any Greylisted lines and looks them up in postgrey.db. if the difference in
first and last time seen is less than --delay=N then the triplet is considered fatal and
displayed to STDOUT
The report sorts by client IP address
Note:
unless you are using --lookup_by_subnet or excluding all known MTA pools you will likely
have false fatal reports for "BigISPs". A message that was tried from every IP in SMTP
pool before making it through will show up in the report for all of the attempted source
IPs
USAGE
It is best to run postgreyreport against a maillog that is at least several hours old
(yesterdays?) ( you be the judge on how old is acceptable ). if you run the report
against a live maillog you are not giving legit MTA's enough time to try again and you
will have lots of inaccurate information.
· Ex usage:
zcat /var/log/maillog.0.gz | ./postgreyreport [options] > postgreyreport.log
or
zcat /var/log/maillog.0.gz | \
./postgreyreport --nosingle_line --check_sender=mx,a \
--separate_by_subnet=":==================\n"
# 94 "=" total, some were omitted for clarity
· Ex Output: ( POD wrapping will mess this up, view source )
:============================================================================================
unknown 4.29.43.31
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
[email protected] [email protected]
:============================================================================================
lsanca1-ar5-127-189.biz.dsl.gtei.net 4.33.127.189
A [email protected] [email protected]
[email protected] [email protected]
:============================================================================================
smtpout.mac.com 17.250.248.83
[email protected] [email protected]
smtpout.mac.com 17.250.248.88
MX [email protected] [email protected]
:============================================================================================
HISTORY
1.14.3 20100321
Some additions, Leonard den Ottolander <leonard.den.ottolander.nl>
New option: --tab Use tabs as separator in single line mode
New option: --show_time Show entry time in maillog in single line mode
1.14.2 20040715
BUGFIX: (automatic) lookup-by-subnet support was broken, fixed.
BUGFIX: corrected a few spelling errors
new Option: --skip_pool Skip report for 'subscriber pools'
1.14.1 20040712
Changed --return-string to --greylist-text to match postgrey
new Option: --skip_clients=FILE
new Option: --match_clients=FILE
new Option: --skip_dnsbl=RBL.DNS.NAME
All 3 of the new options can be specified multiple times.
Updated do_*_subsititions again to match postgrey
1.11.1 20040701
missing keys from DB are considered fatal triplets and included in report
Changed --delay testing from "greater than" to "greater than or equal to"
Fixed --help and --man switches
Removed setuid Notice
1.6.4 20040618
Initial Public Version (postgrey/contrib)
Use postgreyreport online using onworks.net services