[[阻止率99%のスパム対策方式の研究報告]] #contents *拒絶ログソーティングスクリプト [#he3ee23b] http://www.gabacho-net.jp/anti-spam/log-sorting-script.html S25Rスパム対策方式によって正当なメールサーバが誤って拒絶されているのを発見するのに有用なシェルスクリプトを紹介します。メールサーバがウェブサーバを兼ねているなら、このスクリプトをcgi-binディレクトリ配下のディレクトリにパスワード付きで置くことにより、ウェブブラウザで拒絶記録を容易に監視できます。コマンドとして実行することもできます ということなので、早速スクリプト「s25r.cig」を http://mail.smb.net/cgi-bin/s25r.cig に置いて、アクセスすると・・・ [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] cat: /var/log/maillog.1: /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] Permission denied [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] cat: /var/log/maillog: Permission denied [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:26:18 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found というエラー(´・ω・`)なので、 hotshot# portinstall japanese/gawk hotshot# rehash した。 **必要な設定 [#i5ce8efc] HTTPデーモンの権限でメールログファイルが読めるようにアクセス権を設定してください。多くのシステムでは、以下のコマンドで設定できます。 chgrp nobody /var/log/maillog* chmod g+r /var/log/maillog* したけど、なぜか無効なので hotshot# chmod 644 /var/log/maillog* した。 [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] /usr/local/www/apache22/cgi-bin/s25r.cig: gawk: not found [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe [Thu Aug 23 08:49:30 2012] [error] [client 210.255.122.209] egrep: writing output: Broken pipe