Does anyone know of a log analysis script that will give summaries of rule hits and average the SA score by sending domain?
I am using MailScanner with MailWatch which puts the SA report into a MySQL database along with headers and other email details. This allows me to run some SQL queries every Saturday night to find potential candidates for whitelist_auth entries based on the past week. If a sending domain hits SPF_PASS and DKIM_VALID_AU plus a few other reputation-based rules and had an average score below a certain number with more than a minimum number of emails seen, then they are a whitelist_auth candidate. I am asking this question for those who doing have their SA reports in a database. Seems like this would be helpful to determine patterns of both consistently safe and bad senders. This would be similar to pflogsumm.pl and dnsblcount.pl but specific to SA. Dave
