Discussion:
[Sqlgrey-users] How can I tell that local whitelists are being used
Douglas Mortensen
2010-11-17 21:32:05 UTC
Permalink
Besides making a connection attempt from a whitelisted IP/FQDN & watching the sqlgrey logging, is there any way that I can simply query the locally loaded whitelist for the IP/FQDN in question, or have it output the entire currently loaded whitelist to the console or logging?

Thanks,
-
Doug Mortensen
Network Consultant
Impala Networks Inc
CCNA, MCSA, Security+, A+
Linux+, Network+, Server+
.
www.impalanetworks.com
P: (505) 327-7300
F: (505) 327-7545
Karl O. Pinc
2010-11-17 21:43:05 UTC
Permalink
Post by Douglas Mortensen
Besides making a connection attempt from a whitelisted IP/FQDN &
watching the sqlgrey logging, is there any way that I can simply
query
the locally loaded whitelist for the IP/FQDN in question, or have it
output the entire currently loaded whitelist to the console or
logging?
All the data's in postgresql. Use psql to write an sql query,
connecting as the postgresql user or some other user with
rights.




Karl <***@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
Bruce Bodger
2010-11-17 21:56:48 UTC
Permalink
Doug,
Post by Douglas Mortensen
Besides making a connection attempt from a whitelisted IP/FQDN &
watching the sqlgrey logging, is there any way that I can simply
query the locally loaded whitelist for the IP/FQDN in question, or
have it output the entire currently loaded whitelist to the console
or logging?
Have you had a look at the "Sqlgrey WebInterface" sgwi? http://www.vanheusden.com/sgwi/
You can also see a screenshot here: www.beebeec.nl/sgwi/

B. Bodger
Steve Heaven
2011-01-20 07:06:43 UTC
Permalink
Early this morning our Postgres db crashed and restarted several times.
In the logs I found this:

Jan 20 03:43:53 frigga sqlgrey: grey: from awl match: updating
71.81.141.83(71.81.141.83),
sᅵ***@1800hurt911.com(sᅵ***@1800hurt911.com)
Jan 20 03:43:53 frigga sqlgrey: dbaccess: warning: couldn't do query:
UPDATE from_awl SET last_seen = NOW(), first_seen = first_seen WHERE
sender_name = 'sï¿œnchez85' AND sender_domain = '1800hurt911.com' AND src
= '71.81.141.83': ERROR: invalid byte sequence for encoding "UTF8":
0xe16e63 HINT: This error can also happen if the byte sequence does not
match the encoding expected by the server, which is controlled by
"client_encoding". , reconnecting to DB
Jan 20 03:43:53 frigga sqlgrey: warning: Use of uninitialized value in
concatenation (.) or string at /usr/sbin/sqlgrey line 1154.
Jan 20 03:43:53 frigga sqlgrey: dbaccess: error: couldn't access
from_awl table:

It looks like it crashed because the email address had a non UTF8
character. What should the 'client_encoding' be set to?

We are running sqlgrey 1.7.6 and postgresql 8.1.11

Thanks

Steve
--
thorNET
Internet Services, Consultancy &Training
www.thornet.co.uk
Kenneth Marshall
2011-01-20 13:48:28 UTC
Permalink
Post by Steve Heaven
Early this morning our Postgres db crashed and restarted several times.
Jan 20 03:43:53 frigga sqlgrey: grey: from awl match: updating
71.81.141.83(71.81.141.83),
UPDATE from_awl SET last_seen = NOW(), first_seen = first_seen WHERE
sender_name = 's???nchez85' AND sender_domain = '1800hurt911.com' AND src
0xe16e63 HINT: This error can also happen if the byte sequence does not
match the encoding expected by the server, which is controlled by
"client_encoding". , reconnecting to DB
Jan 20 03:43:53 frigga sqlgrey: warning: Use of uninitialized value in
concatenation (.) or string at /usr/sbin/sqlgrey line 1154.
Jan 20 03:43:53 frigga sqlgrey: dbaccess: error: couldn't access
It looks like it crashed because the email address had a non UTF8
character. What should the 'client_encoding' be set to?
We are running sqlgrey 1.7.6 and postgresql 8.1.11
Thanks
Steve
You will need to use SQL_ASCII or C encoding for the database
in initdb. Been there, done that, have the crash dump... :)

Ken

Dan Faerch
2010-11-18 07:02:14 UTC
Permalink
Its possible to test sqlgrey by talking to it like posfix does, using
telnet or netcat

Example:
$ nc localhost 2501
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
client_address=66.102.13.104
client_name=unknown
reverse_client_name=ez-in-f104.1e100.net
helo_name=ez-in-f104.1e100.net
sender=***@ez-in-f104.1e100.net
recipient=***@ez-in-f104.1e100.net
< hit return to add a blank line >

And the server will respond with its verdict:
action=451 Greylisted for 1 minutes (10)


It should be fairly easy to use this to validate a whitelist entry.
Simply modify the appropriate fields in the above and paste it to the
sqlgrey port. Hit return once more to make a blank line at the end and
read the output. Additional information may also be in the log,
depending on your loglevel.

- Dan Faerch
--
http://www.phpappwall.com
Post by Douglas Mortensen
Besides making a connection attempt from a whitelisted IP/FQDN & watching the sqlgrey logging, is there any way that I can simply query the locally loaded whitelist for the IP/FQDN in question, or have it output the entire currently loaded whitelist to the console or logging?
Thanks,
-
Doug Mortensen
Network Consultant
Impala Networks Inc
CCNA, MCSA, Security+, A+
Linux+, Network+, Server+
.
www.impalanetworks.com
P: (505) 327-7300
F: (505) 327-7545
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
_______________________________________________
Sqlgrey-users mailing list
https://lists.sourceforge.net/lists/listinfo/sqlgrey-users
Michal Ludvig
2010-11-18 07:24:37 UTC
Permalink
Post by Dan Faerch
Its possible to test sqlgrey by talking to it like posfix does, using
telnet or netcat
$ nc localhost 2501
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=SMTP
client_address=66.102.13.104
client_name=unknown
reverse_client_name=ez-in-f104.1e100.net
helo_name=ez-in-f104.1e100.net
< hit return to add a blank line>
action=451 Greylisted for 1 minutes (10)
Actually there is a "tester.pl" script in the GIT repo for doing exactly
this :)

~/src/sqlgrey-work.git> ./tester.pl --help
Test tool for SQLgrey daemon.
Author: Michal Ludvig <***@logix.net.nz> (c) 2009
http://www.logix.net.nz
Usage: tester.pl --client-ip <address> [--options]
--host address to talk to (default: 127.0.0.1)
--port TCP port SQLgrey daemon listens on (2501)
--client-ip IP or IPv6 address of the 'client' (Required).
--client-fqdn Domain name corresponding to --ip
--sender / --from
Envelop MAIL FROM value
--recipient / --to
Envelop RCPT TO value

Michal
Loading...