Re: [Sqlgrey-users] sqlstats need explanation

[Len C. <lc...@Go...>]

>Len Conrad a écrit, le 06/01/2009 05:49 PM :
>> /usr/local/bin/sqlgrey-stats.sh
>>
>> GREY NEW:          70491
>> GREY EARLY RECON:  790
>> GREY RECON OK:     954
>> GREY DOMAWL:       7805
>> GREY FROM AWL:     795
>> WHITELIST:         191
>> SPAM:              33515
>> SMTPD GREYLISTED:  4015
>>
>> ... for about 11 hours Monday morning.
>>   
>
>I don't know sqlgrey-stats.sh so I'm not sure exactly what it should
>report. That said the categories seem to match SQLgrey's own log
>categories so I assume it makes sums of log lines matching these.
>
>> I find the smtpd "greylisted for 5 minutes" rejects to be extremely low compared to what I see with postgrey.  
>>
>> For 70K "new/never-seen" triplet, why aren't there 70K smtpd rejects?
>>   
>
>Why do you think there aren't ? Nothing above supports this claim: for
>each "grey new" and "grey early recon" line the server should return a
>temporary reject. If it doesn't, then it's a SMTP server configuration
>issue.

NEW=`egrep -ic "sqlgrey: grey: new:"             /var/log/mx1.hctc.net/maillog`
EARLY=`egrep -ic "sqlgrey: grey: early reconnect:" /var/log/mx1.hctc.net/maillog`
RECON=`egrep -ic "sqlgrey: grey: reconnect ok:"    /var/log/mx1.hctc.net/maillog`
DOMAWL=`egrep -ic "sqlgrey: grey: domain awl match" /var/log/mx1.hctc.net/maillog`
FRMAWL=`egrep -ic "sqlgrey: grey: from awl:"        /var/log/mx1.hctc.net/maillog`
WHITE=`egrep -ic "sqlgrey: whitelist:" /var/log/mx1.hctc.net/maillog`
SPAM=`egrep -i "sqlgrey: spam:" /var/log/mx1.hctc.net/maillog |awk '{print $7}'|sort -n|uniq -i|wc -l`
GLIST=`egrep -ic "Greylisted for 5 minutes" /var/log/mx1.hctc.net/maillog`


Len