You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by David Jones <dj...@ena.com> on 2017/05/03 20:58:18 UTC
Mail log analysis
Does anyone know of a log analysis script that will give summaries of rule hits and average the SA score by sending domain?
I am using MailScanner with MailWatch which puts the SA report into a MySQL database along with headers and other email details. This allows me to run some SQL queries every Saturday night to find potential candidates for whitelist_auth entries based on the past week.
If a sending domain hits SPF_PASS and DKIM_VALID_AU plus a few other reputation-based rules and had an average score below a certain number with more than a minimum number of emails seen, then they are a whitelist_auth candidate.
I am asking this question for those who doing have their SA reports in a database. Seems like this would be helpful to determine patterns of both consistently safe and bad senders.
This would be similar to pflogsumm.pl and dnsblcount.pl but specific to SA.
Dave