.TH SLOWEDIT 8 "$Date: 2003/11/13 01:39:35 $"
.SH NAME
slowedit
\- manually modify and view the slowlists database
.SH SYNOPSIS
.B slowedit switches command IPnumber event_list
.SH DESCRIPTION
.B Slowedit
modifies the slowlists database maintained by the
.B slowmilt
Milter.
The location of the database is defined by the configuration
file, whose location is generally hardcoded when
.B slowmilt
is built. If you wish to use a different configuration file,
specify the location of that file with the
.B -C configfile
switch.
.PP
The elements of the command line vary depending on what
.B slowedit
is asked to do. Each
.B command
is covered in a section of its own.
.SH SLOWEDIT ADD
Usage:
.B slowedit add IPnumber event,event,event,...
.PP
The
.B add
command adds an event record for a given IP number as of today's date
and time. If the IP number has
not yet been recorded in the database, it is added, otherwise its records
are updated. The
.B IPnumber
must be specified as a dotted quad (like ``192.168.1.2''). IPv6 addresses
are not supported yet.
The record update is as-of this current date/time. There is no way to specify
an arbitray time.
.PP
The events are selected from the following, where an arbitrary number of
events may be combined in a single record. Event names are either
two-letter followed by an equal sign and a positive count, or are
three-letter boolean expressions. Events names are case insensitive and
may be expressed, for example, as
.B mmx,
.B MMX,
or
.B MmX,
with no difference in meaning.
.IP
.B er=#
The number of envelope recipients, where # is a positive integer.
.IP
.B hr=#
The number of header recipients (the total from all
.B To:,
.B Cc:,
and
.B Bcc:
header lines), where # is a positive integer.
.IP
.B ho=#
The number of honey-pot addresses listed in the envelope of the received
message. See the ``HoneyFile'' entry in the configuration file.
The # is a positive integer.
.IP
.B br=#
The number of bad envelope recipients listed in the envelope of the
message, where # is a positive integer.
.IP
.B hed
A boolean event, whose presence indicates that there were too
many header recipients (see the ``MaxHeaderRcpts'' item in
the configuration file).
.IP
.B env
A boolean event, whose presence indicates that there were too
many envelope recipients (see the ``MaxRcptsPerEnvelope'' item in
the configuration file).
.IP
.B hon
A boolean event, whose presence indicates that there was
at least one honey-pot recipient detected
(see the ``HoneyFile'' item in the configuration file).
.IP
.B mid
A boolean event, whose presence indicates that there was
a bad or missing
.B Message-Id:
header
(see the ``CheckMessageId'' item in the configuration file).
.IP
.B frm
A boolean event, whose presence indicates that there was
a bad or missing
.B From:
header
(see the ``CheckFromHeader'' item in the configuration file).
.IP
.B bho
A boolean event, whose presence indicates that there was
a bad envelope sender host specification
(see the ``CheckSenderHost'' item in the configuration file).
.IP
.B rbl
A boolean event, whose presence indicates that there the
IP number was looked up at the ordb.org site and found
to be that of an open relay
(see the ``LookupIPatRBL'' item in the configuration file).
.IP
.B abo
A boolean event, whose presence indicates that
.I sendmail
or a previous Milter rejected the messsage for its own
reasons
(see the ``MilterAbort'' item in the configuration file).
.IP
.B pip
A boolean event, whose presence indicates illegal piplineing
was attemted by the sending host
(see the ``AdvanceWrite'' item in the configuration file).
.IP
.B for
A boolean event, whose presence indicates that
.I sendmail
thought the sending host's hostname/IP-number were forged.
.IP
.B mmx
A boolean event, whose presence indicates that
the message was received from one of our MX servers
(see the ``LocalHostName'' and ``LookBackOne''
items in the configuration file).
.IP
.B net
A boolean event, whose presence indicates that
the message was received on a non-AF_INET network
(such as the loopback network).
.SH SLOWEDIT DELETE
Usage:
.B slowedit delete IPnumber [date]
.PP
The
.B delete
command allows you to remove entries from the database. You mail remove
a single event by specifying the
.B date,
or you can remove an IP number and all its events by omitting the
.B date.
IP numbers must be in the form of a dotted quad (i.e. 198.162.2.3).
Badly formed IP numbers will be rejected. IPv6 numbers are not
allowed.
.PP
The
.B date,
if present, must be in the form MM.DD.YYYY.HH.MM.SS. The dots separating
each part of the date may be any non-numeric character (for example:
11/23/2003.11:23:45), but if you use a space character, you will need
to quote the entire date expression ("11/23/2003 11:23:45").
Non-parsable or illegal dates will be rejected. It is easiest to find
the date to use by running:
.PP
.B slowedit list
.I IPnumber
.PP
Then just copy the date it prints to the delete command.
.br
.SH SLOWEDIT LIST
Usage:
.B slowedit list IPnumber | all
.PP
The
.B list
command allows you to view the database contents.
If you specify the special keyword ``all'', the contents of the
entire database will be listed. If you specify an
.I IPnumber,
just that IP number's records will be reported.
.PP
Each listed line will, for example, look like the following:
.IP
\f(CW1.2.3.4: 11/20/2003.07:50:33 envrcpts=0 hdrrcpts=5 honeyrcpts=0 bad=0 bits=[HED] msgid=\fP
.PP
An IP number begins each line (in dotted quad form), followed by the date of the event.
These dates can be copied as-is into the
.B slowedit delete
command.
.PP
The remainder of the line describes the event, with each item shown as an equate separated from
the next by a space. The items in this event are described under the
.B slowedit add
command.
.br
.SH SEE ALSO
slowmilt(8)
slow.conf(4)
.SH HISTORY
The
.B slowedit
command appeared with the first version of
.B slowmilt .
Added rbl lookup support and testing for same.
Folded in support for smfi_stop().
Added lots of slowedit commands
Fixed a serious bug in MX lookups.
Added to documentation.