Messaging Gateway

Hi,

we use the mailgateway (10.6) as an appliance on vsphere and we turned on the "DNS-Validation" feature (option 1 and 4) a few days ago.

now i want to report which IP's and Mail-Addresses were affected.

we found one solution to monitor part of this options in the message audit logs (optional filter: action taken and value: reject messages). 
but there i got only mails which are rejected with the entry: "mail-from domain does not exist in dns"

a second way could be found in the logs: log type: mta, severity: warning
there are entries like: LUA: RDNS: RDNS lookup for connecting IP nnnnnnn returned SERVFAIL 

 

Is it possible to generate a report which ip-addresses AND email addresses were affected by this setting?

 

thanks,

best regards

eurass

Eurass, I use some greps, awks, etc to do this. But we use external logging on syslog. I dought that its possible with malquery. Just to be sure, as i'm on easter holiday in the snowy white Tirol, i dont exactly know opt 1&4. Usually you wont get the envelope Sender or recipient because the connection was terminated earlier to these commands. Happy easter Thomas

hi,

gibt's noch schnee in tirol? in wien ist fast sommer ;-)

 

it's not possible. i spoke to a symantec technikan last week.

you're right tom. opt1 isn't monitorable, because the connection was dropped before.

opt4 could be monitored. siehe my posting on top.

 

opt1: Reject connections where no reverse DNS record exists for the connecting IP address

opt4: Reject messages where the domain provided in the MAIL FROM address has neither an 'A', nor an 'AAAA', nor an 'MX' record in DNS

 

regards,

eurass

 

Hi,

Ja, über Nacht gabs ein paar Cm Neuschnee, aber im Tal zu Mittag wieder geschmolzen :-)

 

Back to our topic: If you've got syslog and opt3 enabled (as we prefer) you could get your report like

grep "Apr  4 10:" logfiles | grep ", 554 5.7.1 You are not allowed to connect"|awk -F [\,] '{print($2)}'|awk -F [\:] '{print($2)}'|sort|uniq -c|sort

 

Thomas