Evaluación de la aplicabilidad de los lodos residuales para su uso

After you clickAdd and Searchto submit a log search request, CanIt-Domain-PRO returns a list of matching results. This list might look something like Figure16.3:

Figure 16.3: Log Search Results Within the results page:

• Click on the small up- or down-arrows next to each column to sort by that column in ascending or descending order. The current sort order is shown by the red arrow.

• Click on aQueue IDlink to view the detailed log lines for that queue ID.

• If there is an incident associated with the logs, the message subject will be a link. Click on it to see the Incident Details page.

Note: Sometimes a group of log lines does not contain complete details about a message. In this case, CanIt-Domain-PRO acts as follows:

• If the subject could not be determined, CanIt-Domain-PRO displays the subject as (Not Logged).

• If the stream could not be determined, CanIt-Domain-PRO assumes thedefaultstream.

• If the realm could not be determined, CanIt-Domain-PRO assumes thebaserealm.

It is important to remember that for queue retries and other fragmentary groups of logs, the subject, realm and stream may not be able to be determined.

16.5.1 Detailed Results

16.6. FORWARDING LOGS 185

Figure 16.4: Log Search Details

This shows each log line related to the message transmission. To see the timestamp in a more readable format, hover the mouse cursor over the timestamp. For a detailed explanation of a log line, click on the question-mark icon next to the line. You can expose details foralllog lines by clickingShow All Explanations.

Finally, if you need the raw log lines (for example, to send to someone for analysis), click onShow Raw Logs.

16.6

Forwarding Logs

CanIt-Domain-PRO has the ability to forward logs on a per-realm basis to other machines using the syslog protocol.

16.6.1 Enabling Log-Forwarding

By default, CanIt-Domain-PRO willnotforward logs. To enable log-forwarding, the CanIt-Domain- PRO site administrator must edit the file /etc/mail/canit/canit.conf on each CanIt- Domain-PRO log host and add the following lines:

[logindexer]

forward logs = yes

16.6.2 Configuring Log-Forwarding

To configure log-forwarding, click onAdministration : Forward Logs. The Log Forwarding Page appears:

Figure 16.5: Log Forwarding Page

Note: Only the CanIt-Domain-PRO site administrator can configure log-forwarding for arbitrary realms. If you are a realm administrator, the Log Forwarding Page allows you to configure log forwarding only for your current realm.

To forward logs for a particular realm:

1. Enter or select the realm name in theRealmcolumn.

2. Type the IP address or host name of the destination host in theLog Hostcolumn. If you use UDP transport, you can enter multiple log hosts in a comma-separated list; in this case, log lines will be forwarded to each host. Additionally, you can use a different port for each host by following the host name or IP address with/port.

If you use TCP transport, then you can only enter a single log host and cannot override the port. 3. Enter the port number in thePortcolumn. The standard SYSLOG port is 514.

4. Select the transport (either UDP or TCP) from theTransportcolumn.

5. ClickSubmit Changes

To disable forwarding for a realm, delete the entry with theDelete?check box, or enter a blank string for the host name.

Note: Forwarded logs are always forwarded with the mail facility and info priority, regardless of the original priority. Also, the entire original log line is forwarded including a high-resolution time-stamp. The receiving machine may log some redundant information with each received log line because of the way it is forwarded.

Because CanIt-Domain-PRO must correlate log lines and ensure that all lines pertaining to a realm are forwarded (and no linesnot pertaining to the realm are inappropriately forwarded), logs are not forwarded in real-time. There may be a delay of up to 30 minutes between a line being logged on the CanIt-Domain-PRO system and the line being forwarded to the remote host. Nevertheless, the original timestamp is preserved.

Chapter 17

Tips

Managing spam requires constant attention, but there are many things you can do to reduce the work- load of the administrator. This chapter offers advice for fine-tuning CanIt-Domain-PRO and making it more effective.

17.1

Greylisting

Note: This section describes features that only the CanIt-Domain-PRO System Administrator can use. In the past, spammers would use open SMTP relays to send spam. With the advent of inexpensive residential broadband, many spammers use special software to send bulk mail directly from their PC’s. Because spammers want wide distribution, they want each message to be sent as cheaply as possible. Some spam software, therefore, ignores SMTP errors if a message cannot be delivered.

CanIt-Domain-PRO can deal very effectively with software that never retries by sending a temporary failure indication at the end of DATA when mail from an unknown sender arrives. If you set the “Tempfail unknown senders on first transmission” stream setting to Yes, then CanIt-Domain-PRO uses the combination of sender e-mail address, recipient e-mail address, sending relay IP address and message subject to calculate a hash. If this hash has never been seen before, CanIt-Domain- PRO tempfails the message. Once the hash reappears, CanIt-Domain-PRO marks the host as “known to retry” and lets the message to proceed to content-scanning. A host marked “known to retry” is allowed to bypass greylisting for 40 days.

There are some down-sides to using greylisting. Valid mail from new senders may be delayed by anywhere from 15 minutes to four hours, depending on the retry interval on the sending relay. You can avoid this delay by setting up a secondary MX record. In fact, you can simply give the CanIt- Domain-PRO machine a virtual interface with another IP address and publish this other IP address as a secondary MX record. In this way, when proper SMTP relays receive a temporary failure indication on the primary MX machine, they immediately try to send to the secondary MX machine. Often, spamware won’t retry.

On a similar note, CanIt-Domain-PRO will not issue temporary failures for messages relayed from any server in a Known Network withSkip Greylistingconfigured (see Section5.7 on page 67). If

a message is received by such a server, greylisting will not be used. In some cases, this can cause greylisting statistics to be skewed. For example, if mail is initially received by a CanIt-Domain-PRO server and marked as greylisted, then is received by a secondary MX server and either relayed to the CanIt-Domain-PRO server, or to an internal mail server, the message will appear in the CanIt-Domain- PRO statistics as having been greylisted, even if it was received and processed.

In general, we find that settingTempfail unknown senders on first transmissiontoYesis a cheap and effective way to reduce spam.

WARNING: Some mailing list programs use “disposable” sender addresses which always change. These lists donotwork well with greylisting. To work around the problem, you should whitelist the domain of the mailing list sender.

CanIt-Domain-PRO tries to detect disposable-address schemes. It ignores everything in the sender address following a plus sign or a dash followed by a digit. These rules catch most common methods for generating disposable addresses, but they are not exhaustive.