Davide, I need some clarification as to the SMTP log entry "SMTP=EERRS". When does it occur?
I have the server. tab setting as follows: SERVER.TAB "SMTP-MaxErrors" "2" So I expect that when the sender gets the RCPT TO wrong twice, that the EERRS will be triggered. I thought I'd see two RCPT=EAVAIL, then an EERRS. I didn't expect the EIPMAP and the EERRS. Can you tell me if there are any other causes for EERRS to be triggered? ---------- Additional info. I have today's log that shows in part, one EIPMAP, then an EERRS. These are consecutive log entries. (I've removed null columns and the 1st 2 columns to save space and aligned others for ease of reading) [sorry if yours wraps] "221.145.206.167" "2006-05-29 09:13:55" "YOUR-OUQL80EY5G" "[EMAIL PROTECTED]" "SNDRIP=EIPMAP (list.dsbl.org.)" "0" "221.145.206.167" "2006-05-29 09:13:55" "YOUR-OUQL80EY5G" "" "SMTP=EERRS" "0" "221.145.206.167" "2006-05-29 09:14:05" "YOUR-OUQL80EY5G" "[EMAIL PROTECTED]" "SNDRIP=EIPMAP (list.dsbl.org.)" "0" "221.145.206.167" "2006-05-29 09:14:05" "YOUR-OUQL80EY5G" "" "SMTP=EERRS" "0" "221.145.206.167" "2006-05-29 09:14:08" "YOUR-OUQL80EY5G.b250.com" "[EMAIL PROTECTED]" "SNDRIP=EIPMAP (list.dsbl.org.)" "0" "221.145.206.167" "2006-05-29 09:14:08" "YOUR-OUQL80EY5G.b250.com" "" "SMTP=EERRS" "0" "221.145.206.167" "2006-05-29 09:14:12" "YOUR-OUQL80EY5G.uml2o.net" "[EMAIL PROTECTED]" "SNDRIP=EIPMAP (list.dsbl.org.)" "0" "221.145.206.167" "2006-05-29 09:14:12" "YOUR-OUQL80EY5G.uml2o.net" "" "SMTP=EERRS" "0" "221.145.206.167" "2006-05-29 09:14:14" "YOUR-OUQL80EY5G.d2atn.net" "[EMAIL PROTECTED]" "SNDRIP=EIPMAP (list.dsbl.org.)" "0" "221.145.206.167" "2006-05-29 09:14:14" "YOUR-OUQL80EY5G.d2atn.net" "" "SMTP=EERRS" "0" "221.145.206.167" "2006-05-29 09:14:19" "YOUR-OUQL80EY5G" "[EMAIL PROTECTED]" "SNDRIP=EIPMAP (list.dsbl.org.)" "0" "221.145.206.167" "2006-05-29 09:14:19" "YOUR-OUQL80EY5G" "" "SMTP=EERRS" "0" --------- I'm in the process of writing a log scanner (in Perl), that will run once a minute to look how many "SMTP=EERRS" occurred per IP in the last 2 minutes. If there are more than 2 per IP, then add the IP to spammers.tab for a month. That should cater for 4 RCPT=EAVAIL errors in my setup. Values and duration may change but that's the outline. I find that I get a barrage of RCPT=EAVAIL for about 5 minutes, then it moves to a new IP, for about 30-60 mins each day around 1am. I'm also thinking that counting SNDRIP=EIPMAP and adding them to spammers.tab will help reduce the constant dns lookups, and drop the connection quicker. Does anyone know of a better way to track SMTP rejections that don't progress to the pre-data filter stage? - apart from a log scanner. Rob :-) - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]