[Logwatch-Devel] sendmail uncaught lines

Kenneth Porter shiva@sewingwitch.com
Thu, 06 Nov 2003 01:45:44 -0800


I'm running MIMEDefang and am getting a couple of styles of frequent 
uncaught lines:

Milter: to=<abby@sewingwitch.com>, reject=451 4.3.0 Tempfailed as anti-spam 
measure.  Please try again.

smta07.mail.ozemail.net [203.103.165.110]: Possible SMTP RCPT flood, 
throttling.

The first message is a side-effect of MIMEDefang (a sendmail milter) and 
replaces the normal "to=" line when the milter rejects or tempfails a 
message. The "Tempfailed as anti-spam measure. Please try again." text is 
supplied by MIMEDefang. I believe everything before that comes from 
sendmail.

The latter message is a result of using confBAD_RCPT_THROTTLE in one's 
sendmail.mc file to punish servers that spam lots of non-existent users in 
one submission.

Do we want to aggregate these or eat them? Any suggestions on what output 
format would be useful?

Here's another line that's currently getting eaten but might want to be 
aggregated:

Milter: data, reject=554 5.7.1 Executable content hmcgkfy.com not accepted 
here

This is again from MIMEDefang, in this case checking for unsafe filenames.

I'd propose aggregating and reporting a count of the DSN's (the 4.3.0 and 
5.7.1 from the above examples).

BTW, please replace my address in the sources with 
shiva+logwatch@sewingwitch.com. My well.com account is just a spam-trap 
now. However, I don't consider myself to be the "owner" of the sendmail 
script;  so many others have contributed so much and it's better if new 
contributions go to the dev list than direct to me.