You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rick Gutierrez <xs...@gmail.com> on 2019/03/25 02:24:48 UTC
track messages
Hi list , I need to do a trace of all the messages that spamassassin
cataloged as spam yesterday, I have found a bash statement but I do
not make it work, some idea that it may be failing, I am using centos
6 and spamassassin 3.4.2
grep "$(date +"%b %_d" -d "yesterday")" /var/log/maillog | grep
'score=[5]\.' | sed -e 's/^\(...............\).*\( score=...\).*\(
from=[^ ]*\).*\( to=[^ ]*\).*/\1\2\4\3/' ; echo ; grep "$(date +"%b
%_d" -d "yesterday")" /var/log/maillog | grep 'score=[567]\.' | sed -e
's/^\(...............\).*\( score=...\).*\( from=[^ ]*\).*\( to=[^
]*\).*/\1\2\4\3/'
spam score of my Spamassassin is 5.
regards!
--
rickygm
http://gnuforever.homelinux.com
Fwd: track messages
Posted by Rick Gutierrez <xs...@gmail.com>.
El lun., 25 mar. 2019 a las 14:28, Grant Taylor
(<gt...@tnetconsulting.net>) escribió:
>
> It looks like the spam-tag log may have part of what you want.
>
> awk '($7 == "spam-tag," && $11 == "Yes,"){print "From: " $8; print "To:
> " $10; print "Score: " $12}'
>
> I don't know how well it will paly when you have multiple recipients.
ok, if I can get the data from the email accounts, but not formatted ;) ,
I can similiate an email with multiple accounts and spamassassin
capture it as spam, and we could try to get the data with multiple
accounts,
let me know and upload it to pastebin
>
> How are you interfacing with SpamAssassin?
amavisd with Spamassassin
>
> Can you modify your LDA to copy spam messages to another folder for
> further analysis? (Or is that too privacy invading?)
>
this is a gateway, there are no accounts on this server, some time ago
try to do with procmail that everything that marked as spam moved it
to an account/folder ,
but I did not succeed
--
rickygm
http://gnuforever.homelinux.com
--
rickygm
http://gnuforever.homelinux.com
Re: track messages
Posted by Grant Taylor <gt...@tnetconsulting.net>.
On 3/25/19 1:49 PM, Rick Gutierrez wrote:
> https://pastebin.com/nsJ4PUBM
It looks like the spam-tag log may have part of what you want.
awk '($7 == "spam-tag," && $11 == "Yes,"){print "From: " $8; print "To:
" $10; print "Score: " $12}'
I don't know how well it will paly when you have multiple recipients.
> it would be nice to be able to see or extract a report of the email
> addresses with the date that were marked as spam with a score equal to
> 5 or greater than 5 , the from:, to:,
How are you interfacing with SpamAssassin?
Can you modify your LDA to copy spam messages to another folder for
further analysis? (Or is that too privacy invading?)
--
Grant. . . .
unix || die
Re: track messages
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2019-03-25 at 13:49 -0600, Rick Gutierrez wrote:
>
> https://pastebin.com/nsJ4PUBM
>
I'd use awk to extract information from logs like that rather than
messing around with an assemblage of grep and sed held together with
bash glue: its exactly the sort of job that awk was written to tackle.
Its much easier, and quicker, to write an awk script than it would be
to write the equivalent Perl script.
OTOH, while the awk manpage is a great reference once you know how awk
scripts work, but not a great way to learn about it. If you're
interested in trying it, get a copy of Dale Dougherty's "sed & awk" -
its an O'Reilly book and quite readable.
Martin
Re: track messages
Posted by Rick Gutierrez <xs...@gmail.com>.
El mar., 26 mar. 2019 a las 10:39, Bowie Bailey
(<Bo...@buc.com>) escribió:
>
> >> That looks to be far too complicated for most purposes, and reading back
> >> and forth I don't think it's even intended for the standard spamd
> >> logging; it's looking at log traces from some other SA library caller
> >> entirely. Can you post a couple of example log entries you're expecting
> >> this to match and extract fields from?
> > https://pastebin.com/nsJ4PUBM
>
> Based on your original question, it looks like you could just grep the logs for
> 'spam-tag', but if you want to be sure, you could also check the score. This would
> also give you a bit more flexibility if you wanted to do a search for only
> high-scoring spam or something.
>
> I would do it with Perl. Here's an untested one-liner (assuming the file with the
> logs is called "maillog"):
>
> perl -ne '($score) = /spam-tag.*score=([\d.]+)/; if ($score > 5) {print}' maillog
>
> This could easily be expanded to output various parts of the log line, counts,
> average scores, etc.
thank Bowie and grant very useful both , I'll keep Martin's advice in mind.
--
rickygm
http://gnuforever.homelinux.com
Re: track messages
Posted by Bowie Bailey <Bo...@BUC.com>.
On 3/25/2019 3:49 PM, Rick Gutierrez wrote:
> El lun., 25 mar. 2019 a las 9:44, Kris Deugau (<kd...@vianet.ca>) escribió:
>
>> That looks to be far too complicated for most purposes, and reading back
>> and forth I don't think it's even intended for the standard spamd
>> logging; it's looking at log traces from some other SA library caller
>> entirely. Can you post a couple of example log entries you're expecting
>> this to match and extract fields from?
> https://pastebin.com/nsJ4PUBM
Based on your original question, it looks like you could just grep the logs for
'spam-tag', but if you want to be sure, you could also check the score. This would
also give you a bit more flexibility if you wanted to do a search for only
high-scoring spam or something.
I would do it with Perl. Here's an untested one-liner (assuming the file with the
logs is called "maillog"):
perl -ne '($score) = /spam-tag.*score=([\d.]+)/; if ($score > 5) {print}' maillog
This could easily be expanded to output various parts of the log line, counts,
average scores, etc.
--
Bowie
Re: track messages
Posted by Rick Gutierrez <xs...@gmail.com>.
El lun., 25 mar. 2019 a las 9:44, Kris Deugau (<kd...@vianet.ca>) escribió:
> That looks to be far too complicated for most purposes, and reading back
> and forth I don't think it's even intended for the standard spamd
> logging; it's looking at log traces from some other SA library caller
> entirely. Can you post a couple of example log entries you're expecting
> this to match and extract fields from?
https://pastebin.com/nsJ4PUBM
>
> I would just do:
>
> grep 'Mar 24' /var/log/maillog |grep 'result: Y'
>
> Note that this would not return "messages scored 5 or more", just
> "messages flagged as spam", which would depend on your required_score
> setting in SA.
I have tried but it does not show any output
>
> The scan result line should contain all the detail you need to do
> further lookups. You don't say what you want to do with these log entries.
>
the idea is to be able to take out the messages that yesterday and
today were marked as spam, when the score is equal to or greater than
5
> For anything much more complicated I'd write a short Perl script to do
> more complex pattern matching and data extraction, as well as any
> summary reporting I'm looking for.
>
> -kgd
ok, I'm not an expert in bash or perl, but it would be nice to be able
to see or extract a report of the email addresses with the date that
were marked as spam with a score equal to 5 or greater than 5 , the
from:, to:,
Thanks for the help,
--
rickygm
http://gnuforever.homelinux.com
Re: track messages
Posted by Kris Deugau <kd...@vianet.ca>.
Rick Gutierrez wrote:
> Hi list , I need to do a trace of all the messages that spamassassin
> cataloged as spam yesterday, I have found a bash statement but I do
> not make it work, some idea that it may be failing, I am using centos
> 6 and spamassassin 3.4.2
>
> grep "$(date +"%b %_d" -d "yesterday")" /var/log/maillog | grep
> 'score=[5]\.' | sed -e 's/^\(...............\).*\( score=...\).*\(
> from=[^ ]*\).*\( to=[^ ]*\).*/\1\2\4\3/' ; echo ; grep "$(date +"%b
> %_d" -d "yesterday")" /var/log/maillog | grep 'score=[567]\.' | sed -e
> 's/^\(...............\).*\( score=...\).*\( from=[^ ]*\).*\( to=[^
> ]*\).*/\1\2\4\3/'
>
> spam score of my Spamassassin is 5.
That looks to be far too complicated for most purposes, and reading back
and forth I don't think it's even intended for the standard spamd
logging; it's looking at log traces from some other SA library caller
entirely. Can you post a couple of example log entries you're expecting
this to match and extract fields from?
I would just do:
grep 'Mar 24' /var/log/maillog |grep 'result: Y'
Note that this would not return "messages scored 5 or more", just
"messages flagged as spam", which would depend on your required_score
setting in SA.
The scan result line should contain all the detail you need to do
further lookups. You don't say what you want to do with these log entries.
For anything much more complicated I'd write a short Perl script to do
more complex pattern matching and data extraction, as well as any
summary reporting I'm looking for.
-kgd