You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jean-Paul Natola <jn...@familycareintl.org> on 2006/11/09 22:10:45 UTC
MAILLOG
I hope I don't get bashed as it seems like this should be common knowledge,
but with the significant increase in spam I need to PROVE to management that
SA is still doing a good job- (and that I'm doing mine)
I see that spamstats as well as sa-stats both read/process/parse/examine
only maillog files I do not have a maillog file.
How does one create a functioning maillog and have it record the appropriate
info for retrieving stats?
My setup is as follows
BSD 5.4
EXIM
CLAMAV
SPAMASSASSIN
Currently the logs I have to record mail activity and spam data are
Mainlog
Rejectlog
Paniclog
Jean-Paul Natola
Network Administrator
Information Technology
Family Care International
588 Broadway Suite 503
New York, NY 10012
Phone:212-941-5300 xt 36
Fax: 212-941-5563
Mailto: Jnatola@Familycareintl.org
Re: MAILLOG
Posted by neil <ne...@supanet.net.uk>.
Hi;
Or even...
eximstats -ne -nr -nt -tnl -t30 -t_remote_users \
-pattern 'Total Mails REJECTED ' '/DENIED/' \
-pattern ' Blacklist Spamhaus ' '/www.spamhaus.org/' \
<blah etc>
-html exim_mainlog.01 >stats.html
(Can you spot the deliberate error in my previous posting :)
rgds
n
neil wrote:
> Hi;
>
>> I see that spamstats as well as sa-stats both
>> read/process/parse/examine
>> only maillog files I do not have a maillog file.
>
>
> Thats one way to it.
> A better way would be to use exim and the eximstats package.
> That way you can count all the mail that exim blocks via RBL, sender
> verify and other tricks.
>
> In your ACLs when you drop or deny someone have your logs lines start:
> log_message = DENIED <blah some error message>
> The same for your spamassassin ACL, if you are dropping mail after a
> particular score.
>
> You can then use eximstats to show stats with some pretty pie charts
> (never underestimate how impressed managers are by pie charts)
> You can also aggregate logs from various servers to make a master
> report, you can even output data in .xml format if you wish.
>
> eximstats -ne -nr -nt -tnl -t30 -t_remote_users \
> -pattern 'Total Mails REJECTED ' '/DENIED/' \
> -pattern ' Blacklist Spamhaus ' '/www.spamhaus.org/' \
> <blah etc>
> -html >stats.html
>
> rgds
> n
>
> Jean-Paul Natola wrote:
>
>> I hope I don't get bashed as it seems like this should be common
>> knowledge,
>> but with the significant increase in spam I need to PROVE to
>> management that
>> SA is still doing a good job- (and that I'm doing mine)
>>
>> I see that spamstats as well as sa-stats both
>> read/process/parse/examine
>> only maillog files I do not have a maillog file.
>> How does one create a functioning maillog and have it record the
>> appropriate
>> info for retrieving stats?
>>
>> My setup is as follows
>>
>> BSD 5.4
>> EXIM
>> CLAMAV
>> SPAMASSASSIN
>>
>> Currently the logs I have to record mail activity and spam data are
>>
>> Mainlog
>> Rejectlog
>> Paniclog
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Jean-Paul Natola
>> Network Administrator
>> Information Technology
>> Family Care International
>> 588 Broadway Suite 503
>> New York, NY 10012
>> Phone:212-941-5300 xt 36
>> Fax: 212-941-5563
>> Mailto: Jnatola@Familycareintl.org
>>
>>
>>
>>
>
>
Re: MAILLOG
Posted by neil <ne...@supanet.net.uk>.
Hi;
>I see that spamstats as well as sa-stats both read/process/parse/examine
>only maillog files I do not have a maillog file.
Thats one way to it.
A better way would be to use exim and the eximstats package.
That way you can count all the mail that exim blocks via RBL, sender
verify and other tricks.
In your ACLs when you drop or deny someone have your logs lines start:
log_message = DENIED <blah some error message>
The same for your spamassassin ACL, if you are dropping mail after a
particular score.
You can then use eximstats to show stats with some pretty pie charts
(never underestimate how impressed managers are by pie charts)
You can also aggregate logs from various servers to make a master
report, you can even output data in .xml format if you wish.
eximstats -ne -nr -nt -tnl -t30 -t_remote_users \
-pattern 'Total Mails REJECTED ' '/DENIED/' \
-pattern ' Blacklist Spamhaus ' '/www.spamhaus.org/' \
<blah etc>
-html >stats.html
rgds
n
Jean-Paul Natola wrote:
>I hope I don't get bashed as it seems like this should be common knowledge,
>but with the significant increase in spam I need to PROVE to management that
>SA is still doing a good job- (and that I'm doing mine)
>
>I see that spamstats as well as sa-stats both read/process/parse/examine
>only maillog files I do not have a maillog file.
>How does one create a functioning maillog and have it record the appropriate
>info for retrieving stats?
>
>My setup is as follows
>
>BSD 5.4
>EXIM
>CLAMAV
>SPAMASSASSIN
>
>Currently the logs I have to record mail activity and spam data are
>
>Mainlog
>Rejectlog
>Paniclog
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>Jean-Paul Natola
>Network Administrator
>Information Technology
>Family Care International
>588 Broadway Suite 503
>New York, NY 10012
>Phone:212-941-5300 xt 36
>Fax: 212-941-5563
>Mailto: Jnatola@Familycareintl.org
>
>
>
>
RE: MAILLOG
Posted by Jean-Paul Natola <jn...@familycareintl.org>.
Jean-Paul Natola
Network Administrator
Information Technology
Family Care International
588 Broadway Suite 503
New York, NY 10012
Phone:212-941-5300 xt 36
Fax: 212-941-5563
Mailto: Jnatola@Familycareintl.org
________________________________
From: Kris Deugau [mailto:kdeugau@vianet.ca]
Sent: Thu 11/9/2006 5:29 PM
To: users@spamassassin.apache.org
Subject: Re: MAILLOG
Jean-Paul Natola wrote:
> I hope I don't get bashed as it seems like this should be common knowledge,
> but with the significant increase in spam I need to PROVE to management
that
> SA is still doing a good job- (and that I'm doing mine)
Turn it off for an hour? <g>
If you divert spam on a per-account basis to individual spam folders,
hack up a quick script to count messages in the spam folder, and send
that data (broken down by day, maybe) along with "How many times have
you had a legitimate message go missing?" or "How many spams do you see
in your inbox?".
> I see that spamstats as well as sa-stats both read/process/parse/examine
> only maillog files I do not have a maillog file.
> How does one create a functioning maillog and have it record the
appropriate
> info for retrieving stats?
>
> My setup is as follows
>
> BSD 5.4
> EXIM
> CLAMAV
> SPAMASSASSIN
>
> Currently the logs I have to record mail activity and spam data are
>
> Mainlog
> Rejectlog
> Paniclog
Those appear to be Exim-specific logs (handled via its own internal
logger?) If not, colour me clueless.
SA logs via the "mail" facility of syslog (IIRC - I don't think this has
changed except in the details of *what* is logged in quite some time).
Check your syslog configuration to see where mail.* syslog messages get
stored.
-kgd
I neglected to mention that i use my box only as a filter , once the mail
"passes inspection" so to speak, it passses it over to my excange box, there
are no mailboxes on the BSD box itslef.
I will look into my syslog and see what I can find.
Re: MAILLOG
Posted by Kris Deugau <kd...@vianet.ca>.
Jean-Paul Natola wrote:
> I hope I don't get bashed as it seems like this should be common knowledge,
> but with the significant increase in spam I need to PROVE to management that
> SA is still doing a good job- (and that I'm doing mine)
Turn it off for an hour? <g>
If you divert spam on a per-account basis to individual spam folders,
hack up a quick script to count messages in the spam folder, and send
that data (broken down by day, maybe) along with "How many times have
you had a legitimate message go missing?" or "How many spams do you see
in your inbox?".
> I see that spamstats as well as sa-stats both read/process/parse/examine
> only maillog files I do not have a maillog file.
> How does one create a functioning maillog and have it record the appropriate
> info for retrieving stats?
>
> My setup is as follows
>
> BSD 5.4
> EXIM
> CLAMAV
> SPAMASSASSIN
>
> Currently the logs I have to record mail activity and spam data are
>
> Mainlog
> Rejectlog
> Paniclog
Those appear to be Exim-specific logs (handled via its own internal
logger?) If not, colour me clueless.
SA logs via the "mail" facility of syslog (IIRC - I don't think this has
changed except in the details of *what* is logged in quite some time).
Check your syslog configuration to see where mail.* syslog messages get
stored.
-kgd