ricky & chucho


📧 Postfix Log File Analysis

I run postfix on this server to hustle mail pieces to and from rickysquid.org. The default postfix settings are pretty secure, but before I really hardened my instances' config, lo, I was used as a spammer gateway and ended up on a spammer list (SORBS, if you are curious). Google, Outlook, and the like check these lists and so I was blocked from sending to all my GMail and Office 365 homies. Getting a domain removed from this list actually wasn't too bad, but still I am now paranoid about ending up on there again. I have tried to make every adjustment necessary (strictest possible relay/recipient/sender restrictions, use of TLS). Also I just now put smtpd_client_auth_rate_limit = 1 in my main.cf file to limit AUTH attempts to 1 per minute and I'm already seeing brute-force fools hitting this limit in my logs.

failed login attempt

Speaking of logs - I am now using pflogsumm to get sanity checks on my mail server logs. It is a Perl script that parses the /var/log/mail.log file and produces a nice text report.

pflogsumm output

The following line in my crontab file runs pflogsumm every night and sends me (ricky) an email of the output.

crontab entry

Please note the above is one line (broken by terminal size), as in
08 04 * * * /usr/local/bin/pflogsumm.pl -d yesterday /var/log/mail.log 2>&1 | /usr/bin/mailx -s "daily mail stats" ricky