���ۥ磻�ȥꥹ�Ȥ������ε�����Ƚ��Ψ�ϡ���������ʥ᡼�����äƤ����ۥ��Ȥο��������13%�ȿ��ꤵ��롣�絬�ϥ����Ȥ�Ƴ���Ԥ���ʹ�����Ȥ����ˤ��С���1000���ܤΥۥ磻�ȥꥹ����Ͽ���פ��뤬��2���֤���1����ۤɤǥۥ磻�ȥꥹ����Ͽ�����٤Ͼ��ʤ��ʤ�ȤΤ��ȤǤ��롣�ۥ磻�ȥꥹ����Ͽ���ʤ�ˤĤ�ơ�������Ƚ��Ψ�ϲ����äƤ�����
���֥�å��ꥹ�ȹ��ܤμ���ϡ��䤬��ʬ�Υ᡼�륵���Ф���Ͽ������ΤΤ��������٤���Ω�äƤ����Τ򤤤��Ĥ��ԥå����åפ��Ƥ��롣
���֥�å��ꥹ�ȤȰ��̵�§�˵��ܤ���Ƥ���FQDN�μ���ϡ��ºݤ˻�Υ᡼�륵���Фإ��ѥफ�����륹���������Ȥ������ȤΤ��륯�饤����ȤΤ�ΤǤ��롣�����������Υɥᥤ�󤬰������Ȥ�����̣�ǤϤʤ�������IP���ɥ쥹�������ʡ����뤤�������դʥ桼�����˻Ȥ�줿���Ȥ�����Ȥ�����̣�ˤ����ʤ���
smtpd_client_restrictions =
permit_mynetworks,
check_client_access regexp:/etc/postfix/white_list,
check_client_access regexp:/etc/postfix/rejections
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
check_helo_access regexp:/etc/postfix/helo_restrictions
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain
|
�������ϥ��饤�������������ե�������Ĥˤ��Ƥ��������ۥ磻�ȥꥹ�ȥե�����ȵ��ݾ��ե������ʬΥ����������ˤ�ꡢ�ե�������ݼ餬�ưפˤʤ롣�ޤ����հ��������Ԥ������ε��ݥ�å�������Ǥ�դ˻���Ǥ���褦�ˤʤ롣��cannot find your hostname�פȤ����Կ��ڤʵ��ݥ�å��������֤�reject_unknown_client��������פˤʤä���
# S25R client permission specifications for Postfix
# Contributed by ASAMI Hideo (Japan), Jun 2004; Jul 2007
# Refer to: http://www.gabacho-net.jp/en/anti-spam/
#
# To use this file, add following lines into the /etc/postfix/main.cf file:
#
# smtpd_client_restrictions =
# permit_mynetworks,
# check_client_access regexp:/etc/postfix/white_list
# check_client_access regexp:/etc/postfix/rejections
#
# where "white_list" is the name of this file.
#
# *** WHITE LIST ***
#
# When you find a legitimate mail relay server which is rejected by the
# rejection specification written in the /etc/postfix/rejections file, write
# down here a permission specification taking a leaf from the following
# examples.
#
#/^223-123-45-67\.example\.net$/ OK
#/^223\.123\.45\.67$/ OK
#
# Practical examples:
#
# mail-gx0-f21.google.com, etc.
/\.google\.com$/ OK
#
# mc1-s3.bay6.hotmail.com, etc.
/\.hotmail\.com$/ OK
#
# h04-a1.data-hotel.net, etc.
/\.data-hotel\.net$/ OK
#
# web10902.mail.bbt.yahoo.co.jp
/\.yahoo\.co\.jp$/ OK
#
# web35509.mail.mud.yahoo.com
/\.yahoo\.com$/ OK
#
# n2.59-106-41-68.mixi.jp, etc.
/\.mixi\.jp$/ OK
#
# mta12.m2.home.ne.jp, etc.
/\.m2\.home\.ne\.jp$/ OK
#
# mmrts006p01c.softbank.ne.jp, etc.
/\.softbank\.ne\.jp$/ OK
#
# imt1omta04-s0.ezweb.ne.jp, etc.
/\.ezweb\.ne\.jp$/ OK
#
# bay-w1-inf5.verisign.net, benicia-w2-inf30.verisign.net
/\.verisign\.net$/ OK
|
# S25R client rejection specifications for Postfix
# Contributed by ASAMI Hideo (Japan), Jun 2004; Jul 2007
# Refer to: http://www.gabacho-net.jp/en/anti-spam/
#
# To use this file, add following lines into the /etc/postfix/main.cf file:
#
# smtpd_client_restrictions =
# permit_mynetworks,
# check_client_access regexp:/etc/postfix/white_list
# check_client_access regexp:/etc/postfix/rejections
#
# where "rejections" is the name of this file.
#
# *** BLACK LIST ***
#
# When you find a UCE sender's FQDN which is not rejected by the generic
# protection rules specified below, insert here a denial specification taking
# a leaf from the following practical examples. You should specify a subdomain
# name or a substring together with the domain name if possible so that you can
# avoid rejecting legitimate mail relay servers in the same domain.
#
# pr86.internetdsl.tpnet.pl
# fq217.neoplus.adsl.tpnet.pl
# pa148.braniewo.sdi.tpnet.pl
/\.(internetdsl|adsl|sdi)\.tpnet\.pl$/ 450 domain check, be patient
#
# user-0cetcbr.cable.mindspring.com
# user-vc8fldi.biz.mindspring.com
/^user.+\.mindspring\.com$/ 450 domain check, be patient
#
# c9531ecc.virtua.com.br (hexadecimal used)
# c9066a60.static.spo.virtua.com.br (hexadecimal used)
/^[0-9a-f]{8}\.(.+\.)?virtua\.com\.br$/ 450 domain check, be patient
#
# catv-5984bdee.catv.broadband.hu (hexadecimal used)
/\.catv\.broadband\.hu$/ 450 domain check, be patient
#
# Edc3e.e.pppool.de
# BAA1408.baa.pppool.de
/[0-9a-f]{4}\.[a-z]+\.pppool\.de$/ 450 domain check, be patient
#
# pD9EB80CB.dip0.t-ipconnect.de (hexadecimal used)
/\.dip[0-9]+\.t-ipconnect\.de$/ 450 domain check, be patient
#
# pD9E799A1.dip.t-dialin.net (hexadecimal used)
/\.dip\.t-dialin\.net$/ 450 domain check, be patient
#
# ool-43511bdc.dyn.optonline.net (hexadecimal used)
/\.dyn\.optonline\.net$/ 450 domain check, be patient
#
# rt-dkz-1699.adsl.wanadoo.nl
# c3eea5738.cable.wanadoo.nl (hexadecimal used)
/\.(adsl|cable)\.wanadoo\.nl$/ 450 domain check, be patient
#
# ACBBD419.ipt.aol.com (hexadecimal used)
/\.ipt\.aol\.com$/ 450 domain check, be patient
#
# *** GENERIC PROTECTION ***
#
# [rule 0]
/^unknown$/ 450 reverse lookup failure, be patient
#
# [rule 1]
# ex.: evrtwa1-ar3-4-65-157-048.evrtwa1.dsl-verizon.net
# ex.: a12a190.neo.rr.com
/^[^.]*[0-9][^0-9.]+[0-9].*\./ 450 S25R check, be patient
#
# [rule 2]
# ex.: pcp04083532pcs.levtwn01.pa.comcast.net
/^[^.]*[0-9]{5}/ 450 S25R check, be patient
#
# [rule 3]
# ex.: 398pkj.cm.chello.no
# ex.: host.101.169.23.62.rev.coltfrance.com
/^([^.]+\.)?[0-9][^.]*\.[^.]+\..+\.[a-z]/ 450 S25R check, be patient
#
# [rule 4]
# ex.: wbar9.chi1-4-11-085-222.dsl-verizon.net
/^[^.]*[0-9]\.[^.]*[0-9]-[0-9]/ 450 S25R check, be patient
#
# [rule 5]
# ex.: d5.GtokyoFL27.vectant.ne.jp
/^[^.]*[0-9]\.[^.]*[0-9]\.[^.]+\..+\./ 450 S25R check, be patient
#
# [rule 6]
# ex.: dhcp0339.vpm.resnet.group.upenn.edu
# ex.: dialupM107.ptld.uswest.net
# ex.: PPPbf708.tokyo-ip.dti.ne.jp
# ex.: dsl411.rbh-brktel.pppoe.execulink.com
# ex.: adsl-1415.camtel.net
# ex.: xdsl-5790.lubin.dialog.net.pl
/^(dhcp|dialup|ppp|[achrsvx]?dsl)[^.]*[0-9]/ 450 S25R check, be patient
|
�������ε��ݥ�å������ϡ��֥�å��ꥹ�Ȥˤϡ�domain UCE-blacklisted�ס����̵�§�ˤϡ�may not be mail exchanger�פǤ��ä��������ϡ���be patient�סʤ��Ԥ����������ˤȤ�������ޤ��å��������ѹ��������ٱ�ٹ��å���������������ɤ������Ԥ��԰¤ˤ����뤳�Ȥ��򤱤뤿��Ǥ��롣
�ʥץ졼��ƥ�����ɽ���ǡ�Ĺ���Ԥ��ޤ��֤���
#!/bin/sh
echo "Content-Type: text/plain"
echo
echo "Mail rejection log"
echo
cat /var/log/maillog.4 /var/log/maillog.3 /var/log/maillog.2 \
/var/log/maillog.1 /var/log/maillog | \
grep 'reject:' | \
gawk '
BEGIN {
count=0
}
{
printf "%s %2d %s %s\n", $1, $2, $3, substr($0, match($0, /reject:/))
++count
}
END {
print "\ncount =", count
}
'
|
��HTML <PRE>����ɽ���ǡ�Ĺ���Ԥϲ������������
#!/bin/sh
echo "Content-Type: text/html"
echo
echo "<html><body><pre>"
echo "Mail rejection log"
echo
cat /var/log/maillog.4 /var/log/maillog.3 /var/log/maillog.2 \
/var/log/maillog.1 /var/log/maillog | \
grep 'reject:' | \
gawk '
BEGIN {
count=0
}
{
printf "%s %2d %s %s\n", $1, $2, $3, substr($0, match($0, /reject:/))
++count
}
END {
print "\ncount =", count
}
' | \
gawk '
{
gsub(/</, "\\<")
gsub(/>/, "\\>")
print
}
'
echo "</pre></body></html>"
|