Note: this documentation takes again l’ordre and the
nomenclature of the d’index page of the face-end Web.
1
Setting?our of the lists
This bond rebuilds the Ztrimailer
lists since the job stream files (lists d’acc? lists IMail,
etc). When l’on makes modifications, this bond owes?e the
last?tre cliqu? it will launch the processes of taking into account of
the modifications.
2 Lists Imail
Opens on a r?rtoire
including/understanding scripts and the files acting as bridge between
Imail and Zspam. It n’y does not have normally reason to launch
l’un of scripts?a hand, the whole?nt lanc?epuis the IMail
machine.
3 See the list d’acc?Ztrimailer compl?
Makes it possible to see the list d’acc?compl? utilis?par
sendmail. If you have just made modifications but n’avez not
made ’Mettre?our’, this list does not include/understand
your modifications. M?, if you made modifications and fact
’Mettre?our’ but there is less than 4 minutes, it is
possible that the list pr?nt?ici does not include/understand your
modifications yet. In the event of modification r?nte, wait at least 4
minutes apr?’Mettre?our’ so d’?e certain to see the
list actualis?
4 See the table of relay
Poster the
list of the relay?avec fields the type and the FQDN of the relay
towards which is done l’acheminement. In the event of
modification r?nte, wait at least 4 minutes
apr?’Mettre?our’ so d’?e certain to see the list
actualis?
5 See the list of relay fields?
Poster the
list of the relay fields? In the event of modification r?nte, wait at
least 4 minutes apr?’Mettre?our’ so d’?e certain to
see the list actualis?
6 Infos MX
Poster information
of DNS of the g?s field.
Note: this function n’est
available that on l’impl?ntation SC (external script).
7
Statistics 7.1 Synth? hebdo
R?pitule statistics of mani?
weekly magazine. C’est here that l’on finds the ’Tx
spam’. (Note: the columns ’Declude’ and ’Mails
clients’ are available only s’il has a second antismap
there on IMail - Declude, in l’occurrence -).
7.2 D?il
Ztrimailer
D?il weekly of the malls refus?sur bases of
Ztrimailer.
7.3 D?il greylisting
daily D?il of the
d’entr numbers? in the two lists of the greylisting, and
statistical weekly magazine of the greylisting.
8 Lists acc?
8.1 D?nition
Lists of case?e not to pass in Ztrimailer,
but?ccepter of any F? (Accept) or?efuser of any F? (Reject).
8.2 Accept (Whitelist)
List of the cases?ccepter m? if a
Ztrimailer filter would refuse to relay the mall. For example?ccepter
is useful of the waiters?nt not?omme ’spameur’ in a list
DNSBL (typically: a footbridge smtp of FranceTelecom having?
utilis?pour to relay a Spam).
8.2.1 To add a entr??a list
One can add a entr??a whitelist Ztrimailer here. One will
indicate the m?ode (Connect: acts on l’IP/FQDN opening the
connection on port 25 of the machine Zspam, From: acts on
l’adress of l’exp?tor and To: acts on l’adress of
the recipient). Note that l’adress ’From:’ ?e can
distorts or invent?; as far as possible do work plut?avec Connect and
To. And if you must use From t?ez to force?ne addresses plut?que email
to d’ouvrir?out a field (bus n’importe which Spam making
pass its From for this field to pass in addition to Zspam and will be
accept?
The reason will be able?e, according to the
m?ode, whole or part d’une addresses IP (Ex: 123.45.67.89 or
123.45), d’un FQDN (Ex: host.domain.com or domain.com) or
d’une address email (ex: user@domain.con or domain.com).
The comment does not serve?spam but only?arder one word on the
reason of l’ajout in the list.
’Pas to
erase avant’ fact part of the comment and n’est not
utilis?ar Zspam. C’est right a reminder for
l’administrator, to remember?ntuellement d’une limiting
date with-del?e which it is necessary to erase l’entr?de the
list (But that does not make automatically! )
8.2.2 List
The list ’accept’ compl?. To erase a entr? it is
enough d’en to erase the reason then to click on the button
’Envoyer’ at the foot of the page. it is of course also
possible to modify one or more entr?.
8.3 Reject (Blacklist)
8.3.1 Ajouter a entr??a list
One can add a entr??a blacklist
Ztrimailer here. One will indicate the m?ode (Connect: acts on
l’IP/FQDN opening the connection on port 25 of the machine
Zspam, From: acts on l’adress of l’exp?tor and To: acts on
l’adress of the recipient). Note that l’adress
’From:’ ?e can distorts or invent? Note that
l’adress ’From:’ ?e can distorts or invent?; as far
as possible do work plut?avec Connect and To. And if you must use From
t?er to force?ne addresses plut?que email to close?out a field (bus
n’importe which Spam making pass its From for this field will
pass in addition to Zspam and will be refusal?
The
reason will be able?e, according to the m?ode, whole or part
d’une addresses IP (Ex: 123.45.67.89 or 123.45), d’un FQDN
(Ex: host.domain.com or domain.com) or d’une address email (ex:
user@domain.con or domain.com).
The comment does not
serve?spam but only?arder one word on the reason of l’ajout in
the list.
’Pas to erase avant’ fact part
of the comment and n’est not utilis?ar Zspam. C’est right
a reminder for l’administrator, to remember?ntuellement
d’une limiting date with-del?e which it is necessary to erase
l’entr?de the list (But that does not make automatically! )
8.3.2 List
The list ’reject’ compl?. To
erase a entr? it is enough d’en to erase the reason then to
click on the button ’Envoyer’ at the foot of the page. it
is of course also possible to modify one or more entr?.
9
Traffic redirect 9.1 D?nition
Does the traffic redirect relate
to the fields (and thus addresses) which are G? by Zspam, rout?vers
IMail but that IMail relays even further, typically on the waiter mall
will ’intra muros’ of l’entreprise customer. These
accounts are thus not g?s by IMail and owe?e ajout??spam to authorize
the relai.
9.2 To add?ments to the traffic redirect
The first form allows d’ajouter a field the traffic redirect.
9.3 To add an address?n existing field
The second form
serves?jouter of addresses email on a field ’trafic
redirect’ existing. Note that l’entr?de l’adress is
done in two parts: what is before @ in the fields text and what is
apr?le @ is to?hoisir in the d?ulant menu.
10 Greylisting 10.1
D?nition
The greylisting is a technique antispam tr?simple
which consists?ejeter temporarily a message, by?ssion d’un
temporary code of refusal to the waiter?ttor (MTA). In the majorit?es
case, the waiters?tteurs r?p?ent the mall apr?quelques minutes. The
majority of the waiters?ttant of the spams do not take this trouble!
For each mall re?on cr?un triplet identifi?ar
l’adress IP of the waiter?ttor, l’adress email of
l’exp?tor and l’adress email of the recipient.
If the triplet appara?pour the premi? time, the waiter of
transport returns a code 4xx (temporary refusal) to distant waiter
smtp and adds the triplet in the list ’greylist’. If this
waiter is a v?table waiter smtp, the mall will be probably
r?p??lt?eurement. If the triplet r?para?apr?un certain time (between 2
minutes and 2 days) the message is accept?t our triplet is ajout?ans a
list of confidence (’autowhitelist’) .
In
the case o?e mall is r?p??vant this d?i, it is?ouveau temporarily
refus?Apr?un some d?i (2 days), the triplets of the
’greylist’ are supprim? Different Apr?un d?i without
traffic (32 days), triplets of the ’autowhitelist’. each
sending of mall of the triplet, d?i the 32 days is given??, so that
the malls of the normal traffic are generally autowhitelist?et g?re
thus not delay on the malls.
10.2 To seek in the current lists
of the greylisting
Allows of research an address
d’exp?tor, an address of recipient or an address IP among the
two lists of the greylisting (greylist and autowhitelist).
10.3 See lists greylisting COMPL?ES
Poster l’int?alit?e
the list ’greylist’ followed l’int?alit?e the list
’autowhitelist’. (Note: the two lists are s?r?par the text
’Auto-whitelisted tuples’).
10.4 See list
autowhitelist?class?par from
Poster all entr? list
’autowhitelist’, class? by address d’exp?tor. Useful
to find d’?ntuelles addresses sending much Spam passing through
greylisting (Can be useful for the list ’Reject’).
10.5 See list autowhitelist?class?par rcpt
Poster all entr?
list ’autowhitelist’, class? by address of recipient.
Useful to find d’?ntuelles addresses receiving much Spam passing
through greylisting (Can be useful for the list ’Reject’).
10.6 See list greylist?class?par IP
Poster all entr?
list ’greylist’, class? by address IP of connection.
Useful to find IP addresses (or arrange d’adresses) sending Spam
not passing?ravers the greylisting (Can be useful for the list
’Reject’).
10.7 See list whitelist?manuellement
Poster all entr? ’whitelist manuelle’ greylisting.
10.8 To add does a whitelist to the greylisting
Allow
d’ajouter entr? who will never be retained by the greylisting.
For example, if the malls on the basis of at domain.com are never
r?xp??(parce but their waiter mall G? not the reference for the
greylisting), one will add l’adress IP of their waiter. Here
also, the addresses ’From’ are?viter as far as possible
(it is better whitelister on another fields as l’IP of the
waiter) because they can?e distort or invent?.
Is a
comment addition? l’entr? By d?ut it contains the date, hour and
addresses IP of l’administrator making l’ajout. It does
not serve qu’?itre d’information for l’administrator
and n’est not utilis?ans Zspam.
11 Logs 11.1 D?nitions
The logs are the files of traces of the waiter. The log
’sendmail’ relates to the entr? log g?r? by sendmail (MTA)
and the log ’greylisting’ relates to the entr? log g?r? by
the greylisting. (Note: at the time of certain actions, a entr?de log
exists in the two logs).
11.2 Seek
One can seek in the
logs an address d’exp?tor, an address of recipient or an address
IP of connection. In the r?ltat of research all the lines of the log
are, for the selected p?ode, which contain the reason recherch?Un
click on l’un single num?s makes it possible to see the
complete course d’un mall in the syst? (the derni? line g?r?est
it first in the page).
That in particular makes it
possible to know why such mall has? refus?Par example, a final line
with ’Spam filter: Mall from www.xxx.yyy.zzz refused via
sbl-xbl.spamhaus.org’ mean that l’adress IP of the relai
(www.xxx.yyy.zzz) east list?chez SpamHaus. If that relates to a mall
which would have d?asser, it is necessary to add www.xxx.yyy.zzz?a
list ’accept’.
Another example, a final
line with ’reject=554 5.1.1 Bad destination mailbox
address’ mean that l’address To: this mall n’exist
not. Either it should not exist and c’est well a Spam which has?
stopp?soit it should exist and one needs l’ajouter in IMail (or
the traffic redirect if the field is G? like such).
A
final line with ’reject=451 4.7.1 Greylisting in action, please
come back in 00:02:00’ mean that the mall is on standby in the
greylist.
Last example, a final line with
’relay=nom.machine.IMail. [ aaa.bbb.ccc.ddd ], dsn=2.0.0,
stat=Sent (Message queued)’ what this mall means has correctly?
transmitted?Mail. S’il n’est not arriv? destination, it is
necessary to look on IMail bus Zspam n’a not retained this mall.
12 Modifications?pporter of C? Imail
In IMail,
cr?ion d’un field of r?rence zzzz.end.
This
field is useful at the time of l’analyse of l’extrait
basic of register and never owes?e supprim?
Cr?ion of
file CMD?a root of C Cr?ion of the file Resources?a root of C
Installation in service of the MRTGSvc program in C:\Program
Files\MRTGSvc
This program launches every 5 minutes,
the cmd (C:\cmd\at5minutes.cmd)
The cmd at5minutes.cmd
makes then a call?xportIMailUsersReg.cmd
12.1 Contained
exportIMailUsersReg.cmd
@ECHO OFF
REM exports an
extract of the base of register corresponding?Mail with an aim of
r?p?r the users and alias
REGEDIT /E
C:\ressources\temp\IMaildomain.reg
HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains
REM to wait
10 seconds
PING 127.0.0.1 - N 10? Does NO ONE
REM to
send in ftp l’extrait base of register towards the waiter linux
ftp - I - S:C:\CMD\exportIMailUsersReg.ftp? NO ONE
REM
to wait 10 seconds
PING 127.0.0.1 - N 10? NO ONE
REM
Call of the srcipt php on the waiter linux which will take care
d’extraire the donn? base file of register
C:\CMD\wget -
Q -- HTTP-USER=XXXXXX -- HTTP-PASSWD=XXXXXX --
output-document=C:\Logfiles\AutoCheck\ztri_gen_list.html
http://smtp1.domaine.com/Ztrimailer/IMail/generate_list.php
12.2 Various
wget.exe is in C:\cmd. It allows d’appeler
the php page and log the r?ltat of script php in the file
C:\Logfiles\AutoCheck\ztri_gen_list.html
L’ex?table wget.exe n?ssite the DLL libeay32.dll and
ssleay32.dll being in C:\windows\system32
The file
security.php in HTTP://smtp1.domaine.com/Ztrimailer/IMail/ has
r?rences on IP addresses of the machines having acc?aux scripts php.
Any modification in l’adressage of the machines of the customer
owes r?rcuter in this file security.php
12.3 not to remove:
– The zzzz.end field in IMail
–
the file C:\cmd
– the file C:\ressources and its
under files
– the file C:\logfiles and its under
files
