Mark Scholten put forth on 7/31/2010 6:53 PM:
> I want the following information (per day or per hour, it should be possible
> to exclude email addresses or to only get information for certain email
> addresses):
/usr/sbin/pflogsumm.pl --smtpd_stats /var/log/mail.log /var/log/mail.log.1
Grand Totals
------------
messages
3658 received
5323 delivered
0 forwarded
480 deferred (2631 deferrals)
1 bounced
1740 rejected (24%)
0 reject warnings
0 held
0 discarded (0%)
25387k bytes received
49655k bytes delivered
825 senders
728 sending hosts/domains
19 recipients
18 recipient hosts/domains
> - Number of email attempts made by other systems
smtpd
5304 connections
1399 hosts/domains
10 avg. connect time (seconds)
14:54:24 total connect time
> - Number of messages blocked based on the HELO requirements (I have a few
> regexp lines with blocked HELOs (botnets/spammers))
If these are done with something like "check_helo_access
regexp:/etc/postfix/helo.regexp" then you'd see something like this, but with
"Helo command rejected: ". I don't do any custom HELO checks, only client
checks, but the output is otherwise the same in pflogsumm.
Client host rejected: Dynamic - Please relay via ISP (chello.nl) (total: 1)
1 dhcp-077-248-074-059.chello.nl
Client host rejected: Dynamic - Please relay via ISP (embarqhsd.net)
(total: 1)
1 embarqhsd.net
Client host rejected: Dynamic - Please relay via ISP (eunet.rs) (total: 1)
1 dynamic-78-30-138-239.adsl.eunet.rs
** I have separate rejection messages for each expression in my regexp table.
Pflogsumm counts each one as distinct, and gives a total for each one,
instead of a total for all "custom HELO checks" If you want a singular total
for yours, you probably don't want to specify rejection text for each, but use
the Postfix default. Doing so should give you the total you want.
> - Number of connections greylisted (we use postgrey)
Recipient address rejected: Greylisted (total: 30)
30 s...@hardwarefreak.com
** greylisting here is used as a last ditch bot blocker. Some call this "very
selective greylisting".
> - Number of attempts for an invalid recipient
Recipient address rejected: User unknown in local recipient table (total:
24)
21 4050...@hardwarefreak.com
1 4c4f0705.2050...@hardwarefreak.com
1 4c4f17db.7010...@hardwarefreak.com
1 4c20361c.7090...@hardwarefreak.com
> - Number of messages blocked based on blacklists
message reject detail
---------------------
RCPT
Client host rejected: Access denied (total: 262)
22 annaeyes.com
...
Client host rejected: Email not accepted from Africa (total: 34)
3 41.140.254.160
...
Client host rejected: Mail not accepted from Belarus (total: 4)
3 93.85.201.97
...
Client host rejected: Mail not accepted from China (total: 23)
6 60.190.77.242
...
Client host rejected: Mail not accepted from Hungary (total: 1)
1 www.imac.hu
Client host rejected: Mail not accepted from Indonesia (total: 14)
6 118.96.252.201
...
Client host rejected: Mail not accepted from Korea (total: 32)
3 61.105.220.135
...
Client host rejected: Mail not accepted from Malaysia (total: 1)
1 110.74.129.155
...
Client host rejected: Mail not accepted from Romania (total: 10)
3 81.181.221.62
...
Client host rejected: Mail not accepted from Russia (total: 34)
3 77.34.255.9
...
Client host rejected: Mail not accepted from Thailand (total: 6)
3 113.53.213.186
...
Client host rejected: Mail not accepted from Ukraine (total: 11)
3 79.135.202.145
> - Number of messages blocked by content filter (not really important)
Here neither. I don't use content filters. If you saw my entire A/S Postfix
config and my user base you'd understand why.
> - Number of messages accepted (not blocked at any stage)
This is a gripe of my own. Once you get an accurate method for counting this
via the mail log, please share it with the pflogsumm dev. My guess is that
it's not at all straightforward, due to the multiple delivery methods available.
> I did check pflogsumm, however most information isn't provided by pflogsumm
> (same for awstats). At least not with the package debian provides.
All of the above snippets are from Version: 1.1.0-3 (Lenny)
It appears pflogsumm meets all of your requirements but one. Maybe not in the
exact mode of operation you'd like, but this is open source code. Change it
as you see fit to meet your needs. Just share your patches. :)
--
Stan
