Topic: Announce - alpha Spam and Anti virus analysis script

[CharlieBrady]

The problem with qpsmtpd is that it rotates the qpsmtpd logs once the current log size reaches 5MB not every 24 hours so in my case qpsmtpd/current usually only has 3-4 hours worth of logs before it rotates.

You could adjust the parameters in /service/qpsmtpd/log/run to keep more old logs, or change the size at which log rotations occur. You can also adjust how verbose the qpsmtpd logs are.

[brianr]

ok, new version here:

http://mirror.contribs.org/smeserver/contribs/bread/mailstats

Now uses all the log files in the qpsmtpd log directory (and therefore takes longer!), and also gathers stats about RBL and patternfilters as well as spam and ham and viruses.  The spam delete code is no loger dependant on the actual threshold set.

comments/bugs/suggestions/etc here please..

[CharlieBrady]

ok, new version here:

http://mirror.contribs.org/smeserver/contribs/bread/mailstats

Now uses all the log files in the qpsmtpd log directory (and therefore takes longer!), and also gathers stats about RBL and patternfilters as well as spam and ham and viruses.  The spam delete code is no loger dependant on the actual threshold set.

comments/bugs/suggestions/etc here please..

Brian, please attach your code to

http://bugs.contribs.org/show_bug.cgi?id=819

and ask people to provide feedback there.

[JonB]

Brian,

The script relies on people having their Qpsmtpd log level set to 8. The default is 6 for pre3 and above which does not include the DENY or DENYSOFT messages.

To set log level to 8

Code: [Select]

sbin/e-smith/config setprop qpsmtpd LogLevel 8
/sbin/e-smith/signal-event email-update


Sorry, I should have mentioned that the logs were at log level 8 when I sent the logs.

Jon

[brianr]

Brian, please attach your code to

http://bugs.contribs.org/show_bug.cgi?id=819

done, please put comments there...

[brianr]

Sorry, I should have mentioned that the logs were at log level 8 when I sent the logs.

Anyone willing to donate me some logs with the LogLevel set to 6?

[chris burnat]

Hello Brian, earlier in this thread, you wrote:

and should be dropped into /etc/e-smith/cron.daily
Remember to make it executable (chmod +x).

In sme7, it should go into /etc/cron.daily ?

Just installed it -  288 emails analysed over past 24 hours, t'is a great job!  Thank you.

Question:  Misc.rejected                    :       24 (  8.33%)    What is this?
Regards
chris

[brianr]

In sme7, it should go into /etc/cron.daily ?

See my later post - use mailstats.cron and cron.d

Question: Misc.rejected : 24 ( 8.33%) What is this?

There are an number of other "tests" that qpsmtp does, this is the sum of all the rejects as a result of those.

Just installed it - 288 emails analysed over past 24 hours, t'is a great job! Thank you.

thanks - I am still working on it - so look out for updates on my contribs area.

[brianr]

Quote:
Sorry, I should have mentioned that the logs were at log level 8 when I sent the logs.


Anyone willing to donate me some logs with the LogLevel set to 6?

Actually it turns out that rc1 loglevel is at 8, it got put back up in order that enough detail is in the log.

I could still do with some more examples of logs though...(you could edit out parts of the addresses if you wanted).

Should have a new version tomorrow with Ham counts re-instated and checks for RBSBL and DNSBL and loglevel. also seperate spam score averages for below and above the reject threshold.

[JonB]

Brian,

The qpsmtpd log level in RC1 is 6. The bug you were pointed to on the dev list discuss's increasing it back up to 8 on the next release.

This is from a brand new rc1 install. The install cd is still warm  

Code: [Select]

qpsmtpd=service
    Bcc=disabled
    BccUser=maillog
    DNSBL=disabled
    LogLevel=6
    MaxScannerSize=25000000
    RBLList=sbl-xbl.spamhaus.org,whois.rfc-ignorant.org,dnsbl.njabl.org,relays.ordb.org
    RHSBL=disabled
    RequireResolvableFromHost=no
    SBLList=dsn.rfc-ignorant.org
    access=public
    status=enabled


Jon

[brianr]

The qpsmtpd log level in RC1 is 6. The bug you were pointed to on the dev list discuss's increasing it back up to 8 on the next release.

Strange I have an rc1 system here where I am sure I didn't change the loglevel, and it is set to 8, however i have confirmed your point with another install.

However my script now checks the LogLevel and puts out a warning if it is less than 8.

New version in my contribs directory:

http://mirror.contribs.org/smeserver/contribs/bread/

Bugs here:

http://bugs.contribs.org/show_bug.cgi?id=819

[jsheets]

I was trying to download the script to give it a try and it doesn't look like the files are there anymore.  If anybody has another location where I can get the files, I would like to test this out.  Thanks!

[chris burnat]

Jsheets, try this, checked it, its all there.
http://mirror.contribs.org/smeserver/contribs/bread/

[jsheets]

My fault, I was still looking in the old location.  I didn't realize there was a second page to this thread yet.  Doh!  Thanks for the response!

[CharlieBrady]

I was trying to download the script to give it a try and it doesn't look like the files are there anymore.  If anybody has another location where I can get the files, I would like to test this out.

Please download the script via the bug tracker entry, and return any feedback there.