You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2017/06/06 01:27:08 UTC
Quarantine processing...
Hi,
Does anyone have a script or something that goes through the
quarantine (amavis in my case, gzipped) and produces some kind of
report about the messages that have been tagged?
I'd like to find something that can be used to print the header info
(from/to/subject/date, etc) as well as perhaps some rule information
so I can get a better idea of what's being quarantined.
I have a few scripts that I use on a regular basis to look for
specific changes, but something more general would be really useful to
me.
I'm hoping to use these scripts to better identify false positives and
narrow down the type of mail that's being tagged that perhaps
shouldn't.
Thanks,
Alex
Re: Quarantine processing...
Posted by Lucio Chiappetti <lu...@lambrate.inaf.it>.
On Mon, 5 Jun 2017, Alex wrote:
> Does anyone have a script or something that goes through the
> quarantine (amavis in my case, gzipped) and produces some kind of
> report about the messages that have been tagged?
we have a crontab script [/lnx/util/mailspam] which (among other things)
generates for each user who has received quarantined spam a mail message
like this
-----
During last day user lucio has received the following 1 spams or viruses
blocked by spamassassin
VIA APPARENTLY TO lucio@lambrate.inaf.it
FROM "LVC" <ez...@mitersone.eu> TO <pi...@kiwiuno.it>
SUBJECT Re: Online Pharmacy - Only quality drugs!
-----
The script de facto uses formail to split the (institute-wide, daily)
quarantine mail folder (which here has names like
/var/spool/amavis/spamvirus/spam.Jun02 ... there is ONE folder PER DAY for
ALL users together) and pass the output to an awk script which generates
and mails the report.
It is not in a shape immediately usable anywhere (it does other local
things, and relies on the site having mail aliases in NIS maps), but if
you ask me personally I could send you excerpts.
--
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html
------------------------------------------------------------------------
Nature (http://tinyurl.com/natureaboutrenzi) 09/12/2016 says:
"Italian scientists won't miss departing Prime Minister Matteo Renzi"
Re: Quarantine processing...
Posted by Alex <my...@gmail.com>.
Hi,
On Tue, Jun 6, 2017 at 8:37 AM, Martin Gregorie <ma...@gregorie.org> wrote:
> On Mon, 2017-06-05 at 21:27 -0400, Alex wrote:
>> Hi,
>>
>> Does anyone have a script or something that goes through the
>> quarantine (amavis in my case, gzipped) and produces some kind of
>> report about the messages that have been tagged?
>>
> This rather depends on exactly what you want to see and the nunmber of
> messages in quarantine. My volumes are low, so the scripts I find
> useful are:
>
> - a PHP script that summarises the quarantine contents and lets
> me select and inspect mails
This sounds very helpful.
> - a logwatch report that scans the maillog and summarises statistics
> (total ham, total spam number of times my top 10 private rules have
> fired over the last 24 hours). This is a Perl script.
This may also be helpful.
I wasn't specific because I don't want to discount anything that may
help improve my workflow, as well as something that may help to
increase visibility for users with what's going on in the quarantine.
My primary goal is to get as much information about the files that are
in the quarantine, including as much info about how they got there.
This will help with determining spam trends and rules we may have
written which are causing false-positives.
A web-based front-end that can be used to manage them (release,
inspect, sort, etc) would also be really helpful.
Thanks,
Alex
Re: Quarantine processing...
Posted by Martin Gregorie <ma...@gregorie.org>.
On Mon, 2017-06-05 at 21:27 -0400, Alex wrote:
> Hi,
>
> Does anyone have a script or something that goes through the
> quarantine (amavis in my case, gzipped) and produces some kind of
> report about the messages that have been tagged?
>
This rather depends on exactly what you want to see and the nunmber of
messages in quarantine. My volumes are low, so the scripts I find
useful are:
- a PHP script that summarises the quarantine contents and lets
me select and inspect mails
- a logwatch report that scans the maillog and summarises statistics
(total ham, total spam number of times my top 10 private rules have
fired over the last 24 hours). This is a Perl script.
If either is useful I can send you a copy.
If volumes are higher, you need different info or you don't want to get
the info in your logwatch report, you're probably better off writing
your own awk script.
Martin