Changes

Changes

1,048 bytes added , 16:31, 10 May 2019

→‎Display messages that would have been blocked via DNSBL: fix typo

Line 190: Line 190:

echo -n "Days of logfiles to scan [$DAYS]: "; read NEWDAYS; \

if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \

−

awk -F"[\t]" ' /logterse ~~plugin~~/ { svc=$6; count[svc]++; count["Total"]++; } END \

awk -F"[\t]" ' /logterse/ { svc=$6; count[svc]++; count["Total"]++; } END \

{ for (j in count) print count[j] "\t" j; }' \

$(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -type f -name "@*" -o -name current) \

Line 206: Line 206:

6 check_spamhelo

6 auth::auth_cvm_unix_local</nowiki>

I extended the above script to show % of each one:

if [ -z $DAYS ]; then DAYS=1; fi; \

echo -n "Days of logfiles to scan [$DAYS]: "; read NEWDAYS; \

if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \

awk -F"[\t]" ' /logterse/ { svc=$6; count[svc]++; count["Total"]++; } END \

{ for (j in count) print count[j] "\t" j "\t" expr count[j]/count["Total"]*100"%" ; }' \

$(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -type f) \

|sort -n

</nowiki>

Sample output of extended version:

1 headers 0.00769468%

2 auth::auth_cvm_unix_local 0.0153894%

33 earlytalker 0.253924%

355 spamassassin 2.73161%

401 naughty 3.08556%

698 tls 5.37088%

774 rhsbl 5.95568%

1127 check_goodrcptto 8.6719%

1359 queued 10.4571%

8246 resolvable_fromhost 63.4503%

12996 Total 100%

</nowiki>

===Display messages that would have been blocked via DNSBL===

Line 241: Line 266:

if [ $NEWDAYS ]; then DAYS=$NEWDAYS; fi; \

if [ $NEWTESTBL ]; then TESTBL=$NEWTESTBL; fi; \

−

grep -h logging::logterse \

grep -h logging::logterse $(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -name "@*" -o -name current) \

−

$(find /var/log/qpsmtpd /var/log/sqpsmtpd -ctime -$DAYS -name "@*" -o -name current) \

|grep -v dnsbl.903 \

|tai64nlocal \

−

|awk -v DNSBL=$TESTBL -F"\t" '{split($1,intro," "); split(intro[8],ip,"."); split($9,hits," "); split( intro[2],time,"."); \

|awk -v DNSBL=$TESTBL -F"\t" '{split($1,intro," "); \

−

print "echo -ne \"" intro[1] " " time[1] "\t" $6 "\t" (hits[2]) \

intro[6] == "`" ? split(intro[7],ip,".") : split(intro[8],ip,"."); split($9,hits," "); \

−

"\tFrom: " gensub("[<>]","","g",$4) \

split( intro[2],time,"."); \

−

"\tTo: " gensub("[<>]","","g",$5) \

print \

−

"\tA: `dig +short " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL \

"echo -ne \"" intro[1] " " time[1] \

−

"`\tTXT: \" ; echo -e \"`dig +short txt " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL "`\""}' |bash | grep 127\.0</nowiki>

"\t" $6 \

"\t" ip[1] "." ip[2] "." ip[3] "." ip[4] \

"\t" (hits[2]) \

"\tFrom: " gensub("[<>]","","g",$4) \

"\tTo: " gensub("[<>]","","g",$5) \

"\tA: `dig +short " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL " |tr \"\n\" \",\" |sed \"s/,$//\" `"\

"\tTXT: \" ; echo -e \"`dig +short txt " ip[4] "." ip[3] "." ip[2] "." ip[1] "." DNSBL "`\""}'\

|bash\

|grep 127\.0</nowiki>

===List Recent Emails with sending IP===

Line 277: Line 309:

<nowiki>export LC_ALL=C; \

mydate=$(date "+%Y-%m-%d")\|$(date -d "yesterday" "+%Y-%m-%d"); \

−

cat -v $(find /var/log/qpsmtpd -ctime -1 -type f) |tai64nlocal |egrep $mydate | grep -v ^# | \

cat -v $(find /var/log/qpsmtpd /var/log/sqpsmtpd/ -ctime -1 -type f -name "@*" -o -name current) \

|tai64nlocal |egrep $mydate | grep -v ^# | \

awk -v date="$mydate" -v tots=" {{Total}} " -F"[\t]" ' \

−

/logterse ~~plugin~~/ {split($4,ss,"."); ssn=0; for (i in ss) { ssn++}; \

/logterse/ {split($4,ss,"."); ssn=0; for (i in ss) { ssn++}; \

sendtld=tolower( ss[ssn]); sub(">","",sendtld); \

tld=sprintf("%-20s",sendtld); plugin=sprintf("%-35s",$6); \

Mmccarn

Administrators

687

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/32800...38054"

Email Statistics (view source)

Revision as of 16:31, 10 May 2019

Navigation menu

Search