Sam Varshavchik <[EMAIL PROTECTED]> writes:
> Lloyd Zusman writes:
>
>> How do I view the list of addresses that have been put into my
>> backscatter blacklist? A friend of mine is suddenly getting "556
>> Address unavailable" messages now that I have upgraded to
>> 0.48.2.20050130. I'm not sure, but it looks like this person might have
>> incorrectly ended up in that backscatter blacklist.
>> I'd like to see the current contents of that list before I issue
>> any "courier clear" commands.
>
> Well, the log files are kept in $localstatedir/track, which should be
> the /usr/lib/courier/var/track directory, under the default configure
> script options.
>
> Now, what's in there isn't actually a list of blacklisted addresses.
>
> First of all, it's the _recipient_ addresses that are blacklisted, not
> the sender's addresses.
>
> If Courier is unable to deliver mail to [EMAIL PROTECTED], it's going to
> blacklist [EMAIL PROTECTED] and won't accept any more mail for this
> address, until whatever the problem is, is fixed, or the blacklisted
> address expires. If you've got something that keeps getting a temporary
> delivery failure, its retries will keep the address blacklisted until
> the problem is fixed. If something got a hard delivery error, that
> address is going to get blacklisted for two hours.
Thanks for this info. Now I understand a lot better what's going on.
... and now that I do, I'm wondering whether I can use this backscatter
prevention feature. Here's why:
The recipient address is "[EMAIL PROTECTED]", which is the address that I
use here and on most other newsgroups and mailing lists.
Soon before the offending messages got rejected with the "556" error, I
got the following sequence of messages in my log (see below). I have
never sent any message to the sender ([EMAIL PROTECTED]), and so the
mail loop is very likely the result of the fact that the sender sent me
something with a forged "Delivered-To:" header.
If I am understanding that correctly, then all someone has to do in
order to shut down one of my addresses for two hours is to send me an
email with a "Delivered-To:" header and let it bounce. Then, my
backscatter protection will kick in, and my address will then get locked
out for a while.
Or am I missing something?
Anyway, here's the message log (lines broken up to make them fit
in this message) ...
Jan 31 08:10:15 courierd: newmsg,id=003AFB16.41FE2E46.0000387B:
dns; trn-dhcp-48-141.urbanet.ch (trn-dhcp-48-141.urbanet.ch
[::ffff:80.238.48.141])
Jan 31 08:10:15 courierd: started,id=003AFB16.41FE2E46.0000387B,
from=<[EMAIL PROTECTED]>,module=local,
[EMAIL PROTECTED]/home/asfast.com/ljz!!,
addr=<[EMAIL PROTECTED]>
Jan 31 08:10:15 courierd: Waiting. shutdown time=none,
wakeup time=Mon Jan 31 08:30:30 2005, queuedelivering=14,
inprogress=2
Jan 31 08:10:15 courierlocal: id=003AFB16.41FE2E46.0000387B,
from=<[EMAIL PROTECTED]>,addr=<[EMAIL PROTECTED]>:
Mail loop - already have my Delivered-To: header.
Jan 31 08:10:15 courierlocal: id=003AFB16.41FE2E46.0000387B,
from=<[EMAIL PROTECTED]>,addr=<[EMAIL PROTECTED]>,status: failure
Jan 31 08:10:15 courierd: completed,id=003AFB16.41FE2E46.0000387B
Jan 31 08:10:15 courierd: started,id=003AFB16.41FE2E46.0000387B,
from=<>,module=dsn,host=,addr=<[EMAIL PROTECTED]>
Jan 31 08:10:15 courierd: Waiting. shutdown time=none,
wakeup time=Mon Jan 31 08:30:30 2005, queuedelivering=14, inprogress=2
Jan 31 08:10:15 courierd: newmsg,id=003AFB5D.41FE2E4D.000038A2:
dns; localhost (localhost [127.0.0.1])
Jan 31 08:10:15 courierd: started,id=003AFB5D.41FE2E4D.000038A2,
from=<>,module=esmtp,host=cern.ch,addr=<[EMAIL PROTECTED]>
Jan 31 08:10:15 courierd: Waiting. shutdown time=none,
wakeup time=Mon Jan 31 08:30:30 2005, queuedelivering=15, inprogress=3
Jan 31 08:10:15 courierd: completed,id=003AFB16.41FE2E46.0000387B
Jan 31 08:10:15 courierd: Waiting. shutdown time=none,
wakeup time=Mon Jan 31 08:30:30 2005, queuedelivering=14, inprogress=2
Jan 31 08:10:15 courieresmtp: id=003AFB5D.41FE2E4D.000038A2,from=<>,
addr=<[EMAIL PROTECTED]>: 250 Backscatter bounce dropped.
Jan 31 08:10:15 courieresmtp: id=003AFB5D.41FE2E4D.000038A2,from=<>,
addr=<[EMAIL PROTECTED]>,success: delivered: backscatter bounce dropped
Jan 31 08:10:15 courieresmtp: id=003AFB5D.41FE2E4D.000038A2,from=<>,
addr=<[EMAIL PROTECTED]>,status: success
> So, have you friend tell you what address he was sending mail to, then
> grep the mail logs to see what errors caused the address to get
> blacklisted.
>
> In localstatedir/track you will find, basically, a log of timestamp
> failed deliveries. The individual files are in chronological order.
> Each line contains a timestamp, the delivery status, and the E-mail
> address.
>
> Note that not every E-mail address you will see actually means that that
> address is presently blacklisted. For one thing, the timestamp might be
> expired, but that file hasn't been cleaned up yet. For one thing, the
> E-mail address might already have had a successful delivery, which
> clears the E-mail address (a succesful delivery for the same address is
> listed, with a later timestamp).
>
> Oh, and thanks for testing this code.
My pleasure!
--
Lloyd Zusman
[EMAIL PROTECTED]
God bless you.
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
