[Mimedefang] Logwatch stopped gleening as much useful (MdF) info following FC5 upgrade

Philip Prindeville philipp_subx at redfish-solutions.com
Sun Dec 24 14:57:36 EST 2006 

I used to get some useful Logwatch info when I was
running FC3:

 --------------------- sendmail Begin ------------------------ 



Bytes Transferred: 2586485
Messages Sent:     510
Total recipients:  513
508 messages scanned by MIMEDefang

Top relays (recipients/connections - min 10 rcpts, max 50 lines):
    184/184: hormel.redhat.com [209.132.177.30]
    127/127: notorious.mozilla.org [63.245.208.166]
    59/59: lists-outbound.sourceforge.net [66.35.250.225]
    39/39: hermes.apache.org [209.237.227.199]
    25/25: gabe.freedesktop.org [131.252.208.82]
    20/20: at1-old.physik.fu-berlin.de [160.45.32.86]


Client quit before communicating:
    125.171.160.88 : 1 Time(s)

**Unmatched Entries**
   Milter: connect: host=[125.189.20.41], addr=125.189.20.41, temp failing commands: 10 Time(s)
   Milter: connect: host=adsl-072-149-154-062.sip.bhm.bellsouth.net, addr=72.149.154.62, rejecting commands: 5 Time(s)
   Milter: connect: host=201-254-21-254.speedy.com.ar, addr=201.254.21.254, rejecting commands: 5 Time(s)
   Milter: connect: host=[201.123.52.24], addr=201.123.52.24, temp failing commands: 3 Time(s)
   Milter: connect: host=[218.8.230.34], addr=218.8.230.34, rejecting commands: 2 Time(s)
   Milter: connect: host=[203.90.176.65], addr=203.90.176.65, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.122.179.236], addr=222.122.179.236, rejecting commands: 2 Time(s)
   Milter: connect: host=[219.131.178.84], addr=219.131.178.84, rejecting commands: 2 Time(s)
   Milter: connect: host=c-24-6-31-66.hsd1.ca.comcast.net, addr=24.6.31.66, rejecting commands: 2 Time(s)
   Milter: connect: host=223.Red-88-3-113.dynamicIP.rima-tde.net, addr=88.3.113.223, rejecting commands: 2 Time(s)
   rejecting connections on daemon TLSMTA: 5 children, max 5: 2 Time(s)
   Milter: connect: host=[218.7.192.82], addr=218.7.192.82, rejecting commands: 2 Time(s)
   Milter: connect: host=[203.90.176.195], addr=203.90.176.195, rejecting commands: 2 Time(s)
   Milter: connect: host=[218.7.192.144], addr=218.7.192.144, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.169.5.167], addr=222.169.5.167, rejecting commands: 2 Time(s)
   Milter: connect: host=[60.11.213.205], addr=60.11.213.205, rejecting commands: 2 Time(s)
   rejecting connections on daemon MTA-v4: 5 children, max 5: 2 Time(s)
   Milter: connect: host=[60.218.38.130], addr=60.218.38.130, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.169.5.236], addr=222.169.5.236, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.168.117.36], addr=222.168.117.36, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.172.20.81], addr=222.172.20.81, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.169.5.27], addr=222.169.5.27, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.102.149.126], addr=222.102.149.126, rejecting commands: 2 Time(s)
   Milter: connect: host=[222.169.5.250], addr=222.169.5.250, rejecting commands: 2 Time(s)
   Milter: connect: host=34.190.36.72.reverse.layeredtech.com, addr=72.36.190.34, rejecting commands: 1 Time(s)
   Milter: connect: host=adsl-63-202-84-10.dsl.snfc21.pacbell.net, addr=63.202.84.10, rejecting commands: 1 Time(s)
   Milter: connect: host=pool-138-89-174-105.mad.east.verizon.net, addr=138.89.174.105, rejecting commands: 1 Time(s)
   Milter: connect: host=user-0cdv0fb.cable.mindspring.com, addr=24.223.129.235, rejecting commands: 1 Time(s)
   Milter: connect: host=156-46-28.dial.terra.cl, addr=200.28.46.156, rejecting commands: 1 Time(s)
   Milter: connect: host=mailhost.terra.es, addr=213.4.149.12, rejecting commands: 1 Time(s)
   Milter: connect: host=218-167-70-42.dynamic.hinet.net, addr=218.167.70.42, rejecting commands: 1 Time(s)
   Milter: connect: host=pool-70-21-9-42.res.east.verizon.net, addr=70.21.9.42, rejecting commands: 1 Time(s)
   Milter: connect: host=c-65-96-2-170.hsd1.ma.comcast.net, addr=65.96.2.170, rejecting commands: 1 Time(s)
   Milter: connect: host=[210.92.145.150], addr=210.92.145.150, rejecting commands: 1 Time(s)
   Milter: connect: host=pc-178-101-86-200.cm.vtr.net, addr=200.86.101.178, rejecting commands: 1 Time(s)
   Milter: connect: host=host-81-190-163-123.gorzow.mm.pl, addr=81.190.163.123, rejecting commands: 1 Time(s)
   Milter: connect: host=[87.110.157.103], addr=87.110.157.103, rejecting commands: 1 Time(s)
   Milter: connect: host=pool-68-238-249-240.phlapa.fios.verizon.net, addr=68.238.249.240, rejecting commands: 1 Time(s)
   Milter: connect: host=pool-71-115-197-118.spknwa.dsl-w.verizon.net, addr=71.115.197.118, rejecting commands: 1 Time(s)
   Milter: connect: host=softbank219019248019.bbtec.net, addr=219.19.248.19, rejecting commands: 1 Time(s)
   Milter: connect: host=[221.199.50.192], addr=221.199.50.192, temp failing commands: 1 Time(s)
   Milter: connect: host=61-230-68-120.dynamic.hinet.net, addr=61.230.68.120, rejecting commands: 1 Time(s)
   Milter: connect: host=[221.204.154.63], addr=221.204.154.63, rejecting commands: 1 Time(s)
   Milter: connect: host=e181094160.adsl.alicedsl.de, addr=85.181.94.160, rejecting commands: 1 Time(s)
   Milter: connect: host=pool-71-162-93-90.bstnma.east.verizon.net, addr=71.162.93.90, rejecting commands: 1 Time(s)
   Milter: connect: host=[218.9.243.243], addr=218.9.243.243, rejecting commands: 1 Time(s)
   Milter: connect: host=61-216-242-19.dynamic.hinet.net, addr=61.216.242.19, rejecting commands: 1 Time(s)
   Milter: connect: host=[222.62.149.243], addr=222.62.149.243, rejecting commands: 1 Time(s)
   Milter: connect: host=59-105-7-183.adsl.dynamic.seed.net.tw, addr=59.105.7.183, rejecting commands: 1 Time(s)
   Milter: connect: host=static-68-236-166-224.ny325.east.verizon.net, addr=68.236.166.224, rejecting commands: 1 Time(s)
   Milter: connect: host=cpe-24-27-124-116.houston.res.rr.com, addr=24.27.124.116, rejecting commands: 1 Time(s)
   Milter: connect: host=68-64-138-179.clspco.adelphia.net, addr=68.64.138.179, rejecting commands: 1 Time(s)
   rejecting commands from blk-224-252-183.eastlink.ca [24.224.252.183] due to pre-greeting traffic: 1 Time(s)
   Milter: connect: host=61-216-245-117.dynamic.hinet.net, addr=61.216.245.117, rejecting commands: 1 Time(s)
   Milter: connect: host=dsl85-105-61849.ttnet.net.tr, addr=85.105.241.153, rejecting commands: 1 Time(s)
   Milter: helo=71.36.29.88, reject=554 5.7.1 Incorrect format for address-literal: 1 Time(s)
   Milter: connect: host=customer201-216-213.82.iplannetworks.net, addr=201.216.213.82, rejecting commands: 1 Time(s)
   Milter: connect: host=[211.113.191.86], addr=211.113.191.86, rejecting commands: 1 Time(s)
   Milter: connect: host=[125.171.160.88], addr=125.171.160.88, temp failing commands: 1 Time(s)

 ---------------------- sendmail End -------------------------


Then I upgraded the OS to FC5 (but kept everything else
the same), and now I hardly get anything useful at all:


 --------------------- sendmail Begin ------------------------ 

 
 
 **Unmatched Entries**
    Milter delete (noop): header: X-Spam-Score: 309 Time(s)
    ruleset=check_relay, arg1=adsl-068-016-118-091.sip.bct.bellsouth.net, arg2=68.16.118.91, relay=adsl-068-016-118-091.sip.bct.bellsouth.net [68.16.118.91], reject=421 4.3.2 Connection rate limit exceeded.: 7 Time(s)
    ruleset=check_relay, arg1=[222.168.117.181], arg2=222.168.117.181, relay=[222.168.117.181], reject=421 4.3.2 Connection rate limit exceeded.: 3 Time(s)
    ruleset=check_relay, arg1=[60.17.197.37], arg2=60.17.197.37, relay=[60.17.197.37], reject=421 4.3.2 Connection rate limit exceeded.: 3 Time(s)
    ruleset=check_relay, arg1=[219.150.11.186], arg2=219.150.11.186, relay=[219.150.11.186], reject=421 4.3.2 Connection rate limit exceeded.: 3 Time(s)
    Milter: helo=localhost, reject=554 5.7.1 Oh, that's original: 2 Time(s)
    ruleset=check_relay, arg1=[218.61.190.33], arg2=218.61.190.33, relay=[218.61.190.33], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    ruleset=check_relay, arg1=h69-128-95-234.69-128.unk.tds.net, arg2=69.128.95.234, relay=h69-128-95-234.69-128.unk.tds.net [69.128.95.234], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    Milter: helo=192.168.2.99, reject=554 5.7.1 Incorrect format for address-literal: 1 Time(s)
    ruleset=check_relay, arg1=[203.90.176.120], arg2=203.90.176.120, relay=[203.90.176.120], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    ruleset=check_relay, arg1=mercury.email.starband.net, arg2=148.78.247.34, relay=mercury.email.starband.net [148.78.247.34], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    ruleset=check_relay, arg1=[222.168.117.233], arg2=222.168.117.233, relay=[222.168.117.233], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    ruleset=check_relay, arg1=[218.25.204.72], arg2=218.25.204.72, relay=[218.25.204.72], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    ruleset=check_relay, arg1=[221.212.147.216], arg2=221.212.147.216, relay=[221.212.147.216], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    ruleset=check_relay, arg1=[218.61.62.193], arg2=218.61.62.193, relay=[218.61.62.193], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s)
    ruleset=check_relay, arg1=svarog.email.starband.net, arg2=148.78.247.55, relay=svarog.email.starband.net [148.78.247.55], reject=421 4.3.2 Connection rate limit exceeded.: 1 Time(s) 
 ---------------------- sendmail End ------------------------- 


But I should be seeing a lot more than that, obviously.  All of
previous "Milter: connect:" lines are missing.

Doing a quick check by hand:

# cat /var/log/maillog.1 | grep '^Dec 23' | grep Milter: | sed 's/^.*Milter:/Milter:/' | sort | uniq
Milter: connect: host=[125.183.201.107], addr=125.183.201.107, rejecting commands
Milter: connect: host=16-247.91.219.static.youtele.com, addr=219.91.247.16, rejecting commands
Milter: connect: host=201-0-14-27.dsl.telesp.net.br, addr=201.0.14.27, rejecting commands
Milter: connect: host=[203.81.233.146], addr=203.81.233.146, rejecting commands
Milter: connect: host=[203.90.176.120], addr=203.90.176.120, rejecting commands
Milter: connect: host=[210.82.77.190], addr=210.82.77.190, rejecting commands
Milter: connect: host=[211.60.120.152], addr=211.60.120.152, rejecting commands
Milter: connect: host=[218.25.204.72], addr=218.25.204.72, rejecting commands
Milter: connect: host=[218.61.190.33], addr=218.61.190.33, rejecting commands
Milter: connect: host=[218.61.62.193], addr=218.61.62.193, rejecting commands
Milter: connect: host=[219.150.11.186], addr=219.150.11.186, rejecting commands
Milter: connect: host=[219.150.11.208], addr=219.150.11.208, rejecting commands
Milter: connect: host=[219.157.164.8], addr=219.157.164.8, rejecting commands
Milter: connect: host=[219.159.108.234], addr=219.159.108.234, rejecting commands
Milter: connect: host=[221.209.181.54], addr=221.209.181.54, rejecting commands
Milter: connect: host=[221.209.181.71], addr=221.209.181.71, rejecting commands
Milter: connect: host=[221.212.147.216], addr=221.212.147.216, rejecting commands
Milter: connect: host=[222.168.117.181], addr=222.168.117.181, rejecting commands
Milter: connect: host=[222.168.117.233], addr=222.168.117.233, rejecting commands
Milter: connect: host=48-28-137-85.user.auna.net, addr=85.137.28.48, rejecting commands
Milter: connect: host=[58.121.83.4], addr=58.121.83.4, rejecting commands
Milter: connect: host=[58.54.20.78], addr=58.54.20.78, rejecting commands
Milter: connect: host=[58.61.119.2], addr=58.61.119.2, rejecting commands
Milter: connect: host=[58.62.96.83], addr=58.62.96.83, rejecting commands
Milter: connect: host=59-112-85-112.dynamic.hinet.net, addr=59.112.85.112, rejecting commands
Milter: connect: host=[60.17.197.37], addr=60.17.197.37, rejecting commands
Milter: connect: host=[61.2.196.12], addr=61.2.196.12, rejecting commands
Milter: connect: host=[64.207.28.106], addr=64.207.28.106, temp failing commandsMilter: connect: host=[80.77.10.183], addr=80.77.10.183, rejecting commands
Milter: connect: host=[82.194.44.59], addr=82.194.44.59, rejecting commands
Milter: connect: host=[84.229.150.17], addr=84.229.150.17, rejecting commands
Milter: connect: host=adsl-068-016-118-091.sip.bct.bellsouth.net, addr=68.16.118.91, rejecting commands
Milter: connect: host=bb3.starline.ee, addr=217.159.217.215, rejecting commands
Milter: connect: host=client-201.240.130.133.speedy.net.pe, addr=201.240.130.133, rejecting commands
Milter: connect: host=cpe-024-074-051-142.carolina.res.rr.com, addr=24.74.51.142, rejecting commands
Milter: connect: host=cpe-66-61-92-199.midsouth.res.rr.com, addr=66.61.92.199, rejecting commands
Milter: connect: host=cpe-66-91-234-86.san.res.rr.com, addr=66.91.234.86, rejecting commands
Milter: connect: host=Dial2-RAS8-39.eot.com, addr=209.81.124.101, temp failing commands
Milter: connect: host=dsl54005B79.pool.t-online.hu, addr=84.0.91.121, rejecting commands
Milter: connect: host=dsl.dynamic859983205.ttnet.net.tr, addr=85.99.83.205, rejecting commands
Milter: connect: host=host147-36-static.59-217-b.business.telecomitalia.it, addr=217.59.36.147, rejecting commands
Milter: connect: host=host-86-107-37-20.bizartelecom.ro, addr=86.107.37.20, rejecting commands
Milter: connect: host=IGLD-84-229-187-193.inter.net.il, addr=84.229.187.193, rejecting commands
Milter: connect: host=indium.virtudevelopment.be, addr=207.44.130.26, rejecting commands
Milter: connect: host=mail.hostingsupport.com, addr=64.182.192.194, temp failing commands
Milter: connect: host=p508AE43C.dip.t-dialin.net, addr=80.138.228.60, rejecting commands
Milter: connect: host=pD9E57D11.dip.t-dialin.net, addr=217.229.125.17, rejecting commands
Milter: connect: host=pool-72-69-95-54.chi01.dsl-w.verizon.net, addr=72.69.95.54, rejecting commands
Milter: connect: host=ppp77-109.dsl-chn.eth.net, addr=61.11.77.109, rejecting commands
Milter: connect: host=ppp79-11.dsl-chn.eth.net, addr=61.11.79.11, rejecting commands
Milter: connect: host=tdev144-136.codetel.net.do, addr=200.88.144.136, rejecting commands
Milter: data, reject=554 5.7.1 Message rejected; scored too high on the Spam test.
Milter: helo=192.168.2.99, reject=554 5.7.1 Incorrect format for address-literalMilter: helo=localhost, reject=554 5.7.1 Oh, that's original


So...  Anyone know what might have changed to stop logwatch from
gathering as much useful information?  Did one of the log formats
change in either Sendmail or MdF that might cause it to not be
grepped out properly by logwatch?

Of course, that wouldn't have stopped Logwatch from gathering the
useful summary information that it used to about top relays,
volumes handled, etc.

Thanks,

-Philip

More information about the MIMEDefang mailing list