track messages

[Rick Gutierrez <xs...@gmail.com>]

Hi list , I need to do a trace of all the messages that spamassassin
cataloged as spam yesterday, I have found a bash statement but I do
not make it work, some idea that it may be failing, I am using centos
6 and spamassassin 3.4.2

grep "$(date +"%b %_d" -d "yesterday")" /var/log/maillog | grep
'score=[5]\.' | sed -e 's/^\(...............\).*\( score=...\).*\(
from=[^ ]*\).*\( to=[^ ]*\).*/\1\2\4\3/' ; echo ; grep "$(date +"%b
%_d" -d "yesterday")" /var/log/maillog | grep 'score=[567]\.' | sed -e
's/^\(...............\).*\( score=...\).*\( from=[^ ]*\).*\( to=[^
]*\).*/\1\2\4\3/'

spam score of my Spamassassin is 5.

regards!


-- 
rickygm

http://gnuforever.homelinux.com

Fwd: track messages

[Rick Gutierrez <xs...@gmail.com>]

El lun., 25 mar. 2019 a las 14:28, Grant Taylor
(<gt...@tnetconsulting.net>) escribió:

>
> It looks like the spam-tag log may have part of what you want.
>
> awk '($7 == "spam-tag," && $11 == "Yes,"){print "From: " $8; print "To:
> " $10; print "Score: " $12}'
>
> I don't know how well it will paly when you have multiple recipients.

ok, if I can get the data from the email accounts, but not formatted ;) ,
I can similiate an email with multiple accounts and spamassassin
capture it as spam, and we could try to get the data with multiple
accounts,
let me know and upload it to pastebin


>
> How are you interfacing with SpamAssassin?

amavisd with Spamassassin

>
> Can you modify your LDA to copy spam messages to another folder for
> further analysis?  (Or is that too privacy invading?)
>
this is a gateway, there are no accounts on this server, some time ago
try to do with procmail that everything that marked as spam moved it
to an account/folder ,
 but I did not succeed



--
rickygm

http://gnuforever.homelinux.com


-- 
rickygm

http://gnuforever.homelinux.com

Re: track messages

[Grant Taylor <gt...@tnetconsulting.net>]

On 3/25/19 1:49 PM, Rick Gutierrez wrote:
> https://pastebin.com/nsJ4PUBM

It looks like the spam-tag log may have part of what you want.

awk '($7 == "spam-tag," && $11 == "Yes,"){print "From: " $8; print "To: 
" $10; print "Score: " $12}'

I don't know how well it will paly when you have multiple recipients.

> it would be nice to be able to see or extract a report of the email 
> addresses with the date that were marked as spam with a score equal to 
> 5 or greater than 5 , the from:, to:,

How are you interfacing with SpamAssassin?

Can you modify your LDA to copy spam messages to another folder for 
further analysis?  (Or is that too privacy invading?)



-- 
Grant. . . .
unix || die

Re: track messages

[Martin Gregorie <ma...@gregorie.org>]

On Mon, 2019-03-25 at 13:49 -0600, Rick Gutierrez wrote:
> 
> https://pastebin.com/nsJ4PUBM
> 
I'd use awk to extract information from logs like that rather than
messing around with an assemblage of grep and sed held together with
bash glue: its exactly the sort of job that awk was written to tackle.
Its much easier, and quicker, to write an awk script than it would be
to write the equivalent Perl script.

OTOH, while the awk manpage is a great reference once you know how awk
scripts work, but not a great way to learn about it. If you're
interested in trying it, get a copy of Dale Dougherty's "sed & awk" -
its an O'Reilly book and quite readable.
  

Martin

Re: track messages

[Rick Gutierrez <xs...@gmail.com>]

El mar., 26 mar. 2019 a las 10:39, Bowie Bailey
(<Bo...@buc.com>) escribió:
>

> >> That looks to be far too complicated for most purposes, and reading back
> >> and forth I don't think it's even intended for the standard spamd
> >> logging;  it's looking at log traces from some other SA library caller
> >> entirely.  Can you post a couple of example log entries you're expecting
> >> this to match and extract fields from?
> > https://pastebin.com/nsJ4PUBM
>
> Based on your original question, it looks like you could just grep the logs for
> 'spam-tag', but if you want to be sure, you could also check the score.  This would
> also give you a bit more flexibility if you wanted to do a search for only
> high-scoring spam or something.
>
> I would do it with Perl.  Here's an untested one-liner (assuming the file with the
> logs is called "maillog"):
>
> perl -ne '($score) = /spam-tag.*score=([\d.]+)/; if ($score > 5) {print}' maillog
>
> This could easily be expanded to output various parts of the log line, counts,
> average scores, etc.

thank Bowie and grant very useful both , I'll keep Martin's advice in mind.

-- 
rickygm

http://gnuforever.homelinux.com

Re: track messages

[Bowie Bailey <Bo...@BUC.com>]

On 3/25/2019 3:49 PM, Rick Gutierrez wrote:
> El lun., 25 mar. 2019 a las 9:44, Kris Deugau (<kd...@vianet.ca>) escribió:
>
>> That looks to be far too complicated for most purposes, and reading back
>> and forth I don't think it's even intended for the standard spamd
>> logging;  it's looking at log traces from some other SA library caller
>> entirely.  Can you post a couple of example log entries you're expecting
>> this to match and extract fields from?
> https://pastebin.com/nsJ4PUBM

Based on your original question, it looks like you could just grep the logs for
'spam-tag', but if you want to be sure, you could also check the score.  This would
also give you a bit more flexibility if you wanted to do a search for only
high-scoring spam or something.

I would do it with Perl.  Here's an untested one-liner (assuming the file with the
logs is called "maillog"):

perl -ne '($score) = /spam-tag.*score=([\d.]+)/; if ($score > 5) {print}' maillog

This could easily be expanded to output various parts of the log line, counts,
average scores, etc.

-- 
Bowie

Re: track messages

[Rick Gutierrez <xs...@gmail.com>]

El lun., 25 mar. 2019 a las 9:44, Kris Deugau (<kd...@vianet.ca>) escribió:

> That looks to be far too complicated for most purposes, and reading back
> and forth I don't think it's even intended for the standard spamd
> logging;  it's looking at log traces from some other SA library caller
> entirely.  Can you post a couple of example log entries you're expecting
> this to match and extract fields from?

https://pastebin.com/nsJ4PUBM

>
> I would just do:
>
> grep 'Mar 24' /var/log/maillog |grep 'result: Y'
>
> Note that this would not return "messages scored 5 or more", just
> "messages flagged as spam", which would depend on your required_score
> setting in SA.

I have tried but it does not show any output

>
> The scan result line should contain all the detail you need to do
> further lookups.  You don't say what you want to do with these log entries.
>

the idea is to be able to take out the messages that yesterday and
today were marked as spam, when the score is equal to or greater than
5

> For anything much more complicated I'd write a short Perl script to do
> more complex pattern matching and data extraction, as well as any
> summary reporting I'm looking for.
>
> -kgd

ok, I'm not an expert in bash or perl, but it would be nice to be able
to see or extract a report of the email addresses with the date that
were marked as spam with a score equal to 5 or greater than 5 , the
from:, to:,

Thanks for the help,
-- 
rickygm

http://gnuforever.homelinux.com

Re: track messages

[Kris Deugau <kd...@vianet.ca>]

Rick Gutierrez wrote:
> Hi list , I need to do a trace of all the messages that spamassassin
> cataloged as spam yesterday, I have found a bash statement but I do
> not make it work, some idea that it may be failing, I am using centos
> 6 and spamassassin 3.4.2
> 
> grep "$(date +"%b %_d" -d "yesterday")" /var/log/maillog | grep
> 'score=[5]\.' | sed -e 's/^\(...............\).*\( score=...\).*\(
> from=[^ ]*\).*\( to=[^ ]*\).*/\1\2\4\3/' ; echo ; grep "$(date +"%b
> %_d" -d "yesterday")" /var/log/maillog | grep 'score=[567]\.' | sed -e
> 's/^\(...............\).*\( score=...\).*\( from=[^ ]*\).*\( to=[^
> ]*\).*/\1\2\4\3/'
> 
> spam score of my Spamassassin is 5.

That looks to be far too complicated for most purposes, and reading back 
and forth I don't think it's even intended for the standard spamd 
logging;  it's looking at log traces from some other SA library caller 
entirely.  Can you post a couple of example log entries you're expecting 
this to match and extract fields from?

I would just do:

grep 'Mar 24' /var/log/maillog |grep 'result: Y'

Note that this would not return "messages scored 5 or more", just 
"messages flagged as spam", which would depend on your required_score 
setting in SA.

The scan result line should contain all the detail you need to do 
further lookups.  You don't say what you want to do with these log entries.

For anything much more complicated I'd write a short Perl script to do 
more complex pattern matching and data extraction, as well as any 
summary reporting I'm looking for.

-kgd