[Logwatch-Devel] LogWatch Patches: sendmail, in.qpopper and amavis

Jim O'Halloran jim@kendle.com.au
Fri, 17 Oct 2003 10:50:57 +0930


This is a multi-part message in MIME format.

------=_NextPart_000_0259_01C3949C.8BA1ED80
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi,

Three new patches for LogWatch...  Firstly, the amavis script when running
at high detail now reports the from address of the virus sender.  This
allows someone running amavis to turn off the administrator notifies for
each individual virus but still make sure no local users have been infected.
I've included both a patch against the last version and the complete script.
The complete script may be easier for Kirk to work with because the original
version doesn't seem to have made it into CVS yet.

The in.qpopper patch is against the in.qpopper script included with LogWatch
4.3.2.  This patch suppresses a few more log messages, and reports on failed
logins.

The sendmail patch is also against LogWatch 4.3.2.  It includes Mark Smith's
patch from May 2003, and repeats my patch from 25/3/03 (which also doesn't
seem to have made it into CVS).  I haven't explicitly included Michael
Stovenour's patch to set $Detail, as this was also done in my earlier patch.
In addition to bundling these earlier patches together into one patch this
also suppresses a few log messages and reports on oversized messages.  Kirk,
if you apply this patch to what's currently in CVS, the CVS should then
include all patches posted to the mailing list since 4.3.2 was released.

Jim.

------=_NextPart_000_0259_01C3949C.8BA1ED80
Content-Type: application/octet-stream;
	name="amavis.patch.031017"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="amavis.patch.031017"

--- amavis.orig	Thu Oct 16 15:29:10 2003=0A=
+++ amavis	Fri Oct 17 09:43:43 2003=0A=
@@ -14,6 +14,7 @@=0A=
 $Detail =3D $ENV{'LOGWATCH_DETAIL_LEVEL'};=0A=
 $CleanMsgs =3D 0;=0A=
 $InfectedMsgs =3D 0;=0A=
+$BannedNames =3D 0;=0A=
 =0A=
 # Parse logfile=0A=
 while (defined($ThisLine =3D <STDIN>)) {=0A=
@@ -27,12 +28,24 @@=0A=
        # We don't care about these=0A=
    } elsif ($ThisLine =3D~ /^Passed, /) {=0A=
       $CleanMsgs++;=0A=
-   } elsif (($Virus) =3D ( $ThisLine =3D~ /^INFECTED \(([^\)]+)\)/ )) { =0A=
+   } elsif (($FileName, $From) =3D ( $ThisLine =3D~ /^BANNED name\/type =
\(([^\)]+)\)\, \<([^\>]+)\>/ )) { =0A=
+      $BannedNames++;=0A=
+=0A=
+      if ($Detail =3D=3D 10) {=0A=
+          $Banned{$FileName}{$From}++;=0A=
+      }; # if =0A=
+=0A=
+   } elsif (($Virus, $From) =3D ( $ThisLine =3D~ /^INFECTED =
\(([^\)]+)\)\, \<([^\>]+)\>/ )) { =0A=
       $InfectedMsgs++;=0A=
 =0A=
-      if ($Detail >=3D 10) {=0A=
+      if ($Detail =3D=3D 9) {=0A=
         $Viruses{$Virus}++;=0A=
       }; # if=0A=
+=0A=
+      if ($Detail =3D=3D 10) {=0A=
+        $Viruses{$Virus}{$From}++;=0A=
+      }; # if=0A=
+=0A=
    } # elsif=0A=
    else {=0A=
       # Report any unmatched entries...=0A=
@@ -51,13 +64,42 @@=0A=
    print "$InfectedMsgs virus infected messages were found.\n";=0A=
 }; # if=0A=
 =0A=
-if ((keys %Viruses) and ($Detail >=3D 10)) {=0A=
-   print "\n\nViruses Detected:\n";=0A=
-   foreach $Virus (sort {$Viruses{$b}<=3D>$Viruses{$a} } keys %Viruses) =
{=0A=
-      print "   $Virus: $Viruses{$Virus} Times(s)\n";=0A=
+if ($BannedNames > 0) {=0A=
+   print "$BannedNames messages rejected with banned file names.\n";=0A=
+}; # if=0A=
+=0A=
+if ((keys %Viruses)) {=0A=
+   print "\nViruses Detected:\n";=0A=
+   foreach $Virus (sort keys %Viruses) {=0A=
+      if ($Detail =3D=3D 9) {=0A=
+         print "   $Virus: $Viruses{$Virus} Times(s)\n";=0A=
+      } else {=0A=
+         $VirCount =3D 0;=0A=
+         $OutString =3D "";=0A=
+         foreach $From (sort keys %{ $Viruses{$Virus}}) {=0A=
+            $VirCount +=3D $Viruses{$Virus}{$From};=0A=
+            $OutString .=3D "      $From  $Viruses{$Virus}{$From} =
Time(s)\n";=0A=
+         }; # foreach=0A=
+         print "   $Virus: $VirCount Times(s)  From:\n$OutString\n";=0A=
+      }; # if =0A=
+   }; # foreach=0A=
+=0A=
+}; # if=0A=
+=0A=
+if (keys %Banned) {=0A=
+  print "\nBanned File Names:\n";=0A=
+   foreach $FileName (sort keys %Banned) {=0A=
+      $BanCount =3D 0;=0A=
+      $OutString =3D "";=0A=
+      foreach $From (sort keys %{ $Banned{$FileName}}) {=0A=
+         $BanCount +=3D $Banned{$FileName}{$From};=0A=
+         $OutString .=3D "      $From  $Banned{$FileName}{$From} =
Time(s)\n";=0A=
+      }; # foreach=0A=
+      print "   $FileName: $BanCount Times(s)  From:\n$OutString\n";=0A=
    }; # foreach=0A=
 }; # if=0A=
 =0A=
+=0A=
 if (keys %OtherList) {=0A=
    print "\n\n**Unmatched Entries**\n";=0A=
    foreach $line (sort {$OtherList{$b}<=3D>$OtherList{$a} } keys =
%OtherList) {=0A=

------=_NextPart_000_0259_01C3949C.8BA1ED80
Content-Type: application/octet-stream;
	name="sendmail.patch031017"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="sendmail.patch031017"

--- sendmail	Wed Feb 19 02:12:01 2003=0A=
+++ /etc/log.d/scripts/services/sendmail	Fri Oct 17 10:20:44 2003=0A=
@@ -1,6 +1,6 @@=0A=
 #!/usr/bin/perl =0A=
 =
#########################################################################=
#=0A=
-# $Id: sendmail,v 1.17 2003/02/18 15:42:01 kirk Exp $=0A=
+# $Id: sendmail,v 1.12 2002/10/18 18:58:01 kirk Exp $=0A=
 =
#########################################################################=
#=0A=
 =0A=
 ########################################################=0A=
@@ -15,17 +15,97 @@=0A=
 $BytesTransferred =3D 0;=0A=
 $HourReturns =3D 0;=0A=
 $DaysReturns =3D 0;=0A=
+$UserUnknown =3D 0;=0A=
+$ReturnUserUnknown =3D 0;=0A=
+$TLSAcceptFailed =3D 0;=0A=
+$SaveMailPanic =3D 0;=0A=
+$RemoteProtocolError =3D 0;=0A=
+$ReturnReceipt =3D 0;=0A=
 =0A=
 my %relay;=0A=
 my %abuse;=0A=
 my %largeHdrs;=0A=
 my %notLocal;=0A=
+my %MailRejected;=0A=
+=0A=
+# Get the report detail level.=0A=
+$Detail =3D $ENV{'LOGWATCH_DETAIL_LEVEL'};=0A=
+=0A=
+#Local domains, used for the per-domain analysis.=0A=
+my %LocalDomains;=0A=
+=0A=
+# Adds a new domain to the hash used for domain reporting.=0A=
+sub InitDomainHash ($) {=0A=
+   $Domain =3D $_[0];=0A=
+   if ( ($Domain) =3D ($Domain =3D~ /^([\S]+)/) ) {=0A=
+     $LocalDomains{$Domain}{"MsgsOut"} =3D 0;=0A=
+     $LocalDomains{$Domain}{"MsgsIn"} =3D 0;=0A=
+     $LocalDomains{$Domain}{"MsgsInternal"} =3D 0;=0A=
+     $LocalDomains{$Domain}{"BytesOut"} =3D 0;=0A=
+     $LocalDomains{$Domain}{"BytesIn"} =3D 0;=0A=
+     $LocalDomains{$Domain}{"BytesInternal"} =3D 0;=0A=
+   }; # if=0A=
+}; # sub=0A=
+=0A=
+if ($Detail >=3D 10) {=0A=
+   # Reads the sendmail configuration files and builds the =
%LocalDomains =0A=
+   # hash containing all local and relayed domains.=0A=
+   my ($ThisLine,$ThisName);=0A=
+   my ($LocalHostNames, $SendmailAccess);=0A=
+   =0A=
+   # Check for valid local-host-names file.=0A=
+   if (defined($ENV{'sendmaillocalhostnames'})) {=0A=
+      $LocalHostNames =3D $ENV{'sendmaillocalhostnames'};=0A=
+   } else {=0A=
+      $LocalHostNames =3D "/etc/mail/local-host-names";=0A=
+   }; # else=0A=
+   if (-s $LocalHostNames) { =0A=
+      # Read and process local-host-names=0A=
+      open (READCONFFILE, $LocalHostNames) or die "Cannot open " . =
$LocalHostNames ."\n";=0A=
+      while (defined($ThisLine =3D <READCONFFILE>)) {=0A=
+         if ( ($ThisName) =3D ($ThisLine =3D~ /^([^#][^ ]+)/) ) {=0A=
+            InitDomainHash($ThisName);=0A=
+         }; # if=0A=
+      }; # while=0A=
+      close(READCONFFILE);=0A=
+   } else {=0A=
+     print "\nERROR: Could not open $LocalHostNames\n";=0A=
+   }; # if=0A=
+=0A=
+   # Check for valid access map file.=0A=
+   if (defined($ENV{'sendmailaccess'})) {=0A=
+      $SendmailAccess =3D $ENV{'sendmailaccess'};=0A=
+   } else {=0A=
+      $SendmailAccess =3D "/etc/mail/access";=0A=
+   }; # if=0A=
+   if (-s $SendmailAccess) {=0A=
+      # Read and interpret the access map.=0A=
+      open (READCONFFILE, $SendmailAccess) or die "Cannot open " . =
$SendmailAccess ."\n";=0A=
+      while (defined($ThisLine =3D <READCONFFILE>)) {=0A=
+         if ( ($ThisName) =3D ($ThisLine =3D~ =
/^([^#0-9][\S]+)[\s]+RELAY/) ) {=0A=
+            InitDomainHash($ThisName);=0A=
+         }; # if=0A=
+      }; # while=0A=
+      close(READCONFFILE);=0A=
+   } else {=0A=
+     print "\nERROR: Could not open $SendmailAccess\n";=0A=
+   }; # if=0A=
+=0A=
+   # Initialise the Size distribution array=0A=
+   my %SizeDist;=0A=
+   @SizeNames =3D ('0 - 10k', '10k - 20k', '20k - 50k', '50k - 100k', =0A=
+                 '100k - 500k', '500k - 1Mb', '1Mb - 2Mb', '2Mb - 5Mb', =0A=
+                 '5Mb - 10Mb', '10Mb+');=0A=
+=0A=
+   # Initialise the large messages hash.=0A=
+   my %LargeMsgs;=0A=
+}; # if=0A=
+=0A=
 =0A=
 while (defined($ThisLine =3D <STDIN>)) {=0A=
    ($QueueID) =3D ($ThisLine =3D~ m/^([a-zA-Z0-9]+): / );=0A=
    $ThisLine =3D~ s/^[a-zA-Z0-9]+: //;=0A=
-   if ( ( $ThisLine =3D~ m/^to=3D.*stat=3D/ ) or=0A=
-         ( $ThisLine =3D~ m/^alias database [^ ]* (auto)?rebuilt by/ ) =
or =0A=
+   if (  ( $ThisLine =3D~ m/^alias database [^ ]* (auto)?rebuilt by/ ) =
or =0A=
          ( $ThisLine =3D~ m/[0-9]* aliases, longest [0-9]* bytes, =
[0-9]* bytes total/ ) or =0A=
          ( $ThisLine =3D~ m/^starting daemon (.*):/ ) or =0A=
          ( $ThisLine =3D~ m/premature EOM/ ) or =0A=
@@ -41,25 +121,106 @@=0A=
          ( $ThisLine =3D~ m/Milter: data/ ) or=0A=
          ( $ThisLine =3D~ m/Milter change: header/ ) or=0A=
          ( $ThisLine =3D~ m/Milter delete: header/ ) or=0A=
+         ( $ThisLine =3D~ m/Milter add: header: X-Virus-Scanned: by =
amavis/ ) or=0A=
+         ( $ThisLine =3D~ m/AUTH=3Dserver, relay=3D/ ) or=0A=
+         ( $ThisLine =3D~ m/discarded/ ) or=0A=
+         ( $ThisLine =3D~ m/headers too large/ ) or=0A=
          ( $ThisLine =3D~ m/^clone [a-zA-Z0-9]+, owner=3D/ ) ) {=0A=
       # We don't care about these=0A=
-   } elsif ( ($Bytes, $NumRcpts, $RelayHost) =3D ($ThisLine =3D~ =
/^from=3D.*size=3D([0-9]+).*nrcpts=3D([0-9]+).*relay=3D(\[[0-9\.]+\]|[^ =
]* \[[0-9\.]+\]|[^ ]+).*$/) ) {=0A=
+   } elsif ( ($FromUser, $FromDomain, $Bytes, $NumRcpts, $RelayHost) =
=3D ($ThisLine =3D~ /^from=3D[\<]?([^@]+)[@]?([^\> =
]+).*size=3D([0-9]+).*nrcpts=3D([0-9]+).*relay=3D(\[[0-9\.]+\]|[^ ]* =
\[[0-9\.]+\]|[^ ]+).*$/) ) {=0A=
       if ($NumRcpts > 0) {=0A=
          $MsgsSent++;=0A=
          $BytesTransferred +=3D $Bytes;=0A=
-      }=0A=
-      chomp($Relays{$QueueID} =3D $RelayHost); =0A=
-   } elsif ( $ThisLine =3D~ m/X-Virus-Scanned: by amavis/) {=0A=
-      $Amavis++;=0A=
+         =0A=
+         if ($Bytes <=3D 10240) {=0A=
+            $SizeDist[0]{'Num'}++;=0A=
+            $SizeDist[0]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 20480) {=0A=
+            $SizeDist[1]{'Num'}++;=0A=
+            $SizeDist[1]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 51200) {=0A=
+            $SizeDist[2]{'Num'}++;=0A=
+            $SizeDist[2]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 102400) {=0A=
+            $SizeDist[3]{'Num'}++;=0A=
+            $SizeDist[3]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 512000) {=0A=
+            $SizeDist[4]{'Num'}++;=0A=
+            $SizeDist[4]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 1048576) {=0A=
+            $SizeDist[5]{'Num'}++;=0A=
+            $SizeDist[5]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 2097152) {=0A=
+            $SizeDist[6]{'Num'}++;=0A=
+            $SizeDist[6]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 5242880) {=0A=
+            $SizeDist[7]{'Num'}++;=0A=
+            $SizeDist[7]{'Bytes'} +=3D $Bytes;=0A=
+         } elsif ($Bytes <=3D 10485760) {=0A=
+            $SizeDist[8]{'Num'}++;=0A=
+            $SizeDist[8]{'Bytes'} +=3D $Bytes;=0A=
+         } else {=0A=
+            $SizeDist[9]{'Num'}++;=0A=
+            $SizeDist[9]{'Bytes'} +=3D $Bytes;=0A=
+         };=0A=
+      };=0A=
+=0A=
+      # Add The message to a hash for later per-domain analysis.=0A=
+      $Msgs{$QueueID}{"Relay"} =3D $RelayHost;=0A=
+      if (($Detail >=3D 10)) {=0A=
+        $Msgs{$QueueID}{"FromDomain"} =3D $FromDomain;=0A=
+        $Msgs{$QueueID}{"FromUser"} =3D $FromUser;=0A=
+        $Msgs{$QueueID}{"Size"} =3D $Bytes;=0A=
+        $Msgs{$QueueID}{"Internal"} =3D 0;=0A=
+        $Msgs{$QueueID}{"Outgoing"} =3D 0;=0A=
+        $Msgs{$QueueID}{"Incomming"} =3D 0;=0A=
+      }; # if=0A=
+=0A=
+   } elsif ( ($ToUser, $ToDomain) =3D ($ThisLine =3D~ =
m/^to=3D[\<]?([^@]*)[@]?([^,\>]+).*stat=3D/ ) ) {=0A=
+      #Determine whether the message is local, inbound or outbound and =0A=
+      #update the domains hash appropriately.=0A=
+      if (($Detail >=3D 10)) {=0A=
+        $FromDomain =3D $Msgs{$QueueID}{"FromDomain"};=0A=
+        if (defined($LocalDomains{$FromDomain})) {=0A=
+           if (defined($LocalDomains{$ToDomain})) {=0A=
+              if ($Msgs{$QueueID}{"Internal"} =3D=3D 0) {=0A=
+                 $Msgs{$QueueID}{"Internal"} =3D 1;=0A=
+                 $LocalDomains{$FromDomain}{"MsgsInternal"}++;=0A=
+                 $LocalDomains{$FromDomain}{"BytesInternal"} +=3D =
$Msgs{$QueueID}{"Size"};=0A=
+              }; # if=0A=
+           } else {=0A=
+              if ($Msgs{$QueueID}{"Outgoing"} =3D=3D 0) {=0A=
+                 $Msgs{$QueueID}{"Outgoing"} =3D 1;=0A=
+                 $LocalDomains{$FromDomain}{"MsgsOut"}++;=0A=
+                 $LocalDomains{$FromDomain}{"BytesOut"} +=3D =
$Msgs{$QueueID}{"Size"};=0A=
+              }; # if=0A=
+           }; # else=0A=
+        } else {=0A=
+           if (defined($LocalDomains{$ToDomain})) {=0A=
+              if ($Msgs{$QueueID}{"Incomming"} =3D=3D 0) {=0A=
+                 $Msgs{$QueueID}{"Incomming"} =3D 1;=0A=
+                 $LocalDomains{$ToDomain}{"MsgsIn"}++;=0A=
+                 $LocalDomains{$ToDomain}{"BytesIn"} +=3D =
$Msgs{$QueueID}{"Size"};=0A=
+              }; # if=0A=
+           }; # if=0A=
+        }; # else=0A=
+=0A=
+        if ($Msgs{$QueueID}{"Size"} > 5242880) {  #10485760=0A=
+           $LargeMsgs{$Msgs{$QueueID}{"FromUser"} . "@" . $FromDomain . =
" \-\> " .$ToUser . "@" .$ToDomain}++;=0A=
+        }; # if=0A=
+      }; # if=0A=
    } elsif ( $ThisLine =3D~ m/X-Scanned-By: MIMEDefang/) {=0A=
       $Defang++;=0A=
+   } elsif (($Size) =3D ($ThisLine =3D~ m/message size \(([0-9]+)\) =
exceeds maximum/)) {=0A=
+      $OverSize++;=0A=
+      $OverSizeBytes +=3D $Size;=0A=
    } elsif ( ($User) =3D ($ThisLine =3D~ /^<([^ ]*)>... User unknown$/) =
) {=0A=
       $UnknownUsers{$User}{$QueueID}++;=0A=
    } elsif ( ($Host) =3D ($ThisLine =3D~ /\(Name server: ([^ ]+): host =
not found\)/)) {=0A=
       $UnknownHosts{$Host}++;=0A=
    } elsif ( ($Domain) =3D ($ThisLine =3D~ /Domain of sender address =
([^ ]+) does not resolve/)) {=0A=
       $UnresolvedDomains{$Domain}++;=0A=
-   } elsif ($ThisLine =3D~ /reject=3D550 5\.7\.1 <[^ ]*@([^ ]*)>\.\.\. =
Relaying Denied \(Spammer\)/) {=0A=
+   } elsif ($ThisLine =3D~ /reject=3D550 5\.7\.1 <[^ ]*@([^ ]*)>\.\.\. =
Relaying Denied/) {=0A=
       # We block some particularly annoying spam domains with the=0A=
       # following in /etc/mail/access...=0A=
       # From:worduphosting.com	ERROR:550 5.7.1 Relaying Denied (Spammer)=0A=
@@ -132,6 +293,21 @@=0A=
       $ETRNs{$ETRN}++;=0A=
    } elsif ( $ThisLine =3D~ /rejecting connections on daemon MTA: load =
average: ([0-9]+)/ ) {=0A=
       $LoadAvg{$1}++;=0A=
+   } elsif ($ThisLine=3D~ /reject=3D.*MESSAGE NOT ACCEPTED - (.+)/) {=0A=
+      chomp($host=3D$1);=0A=
+      $MailRejected{$host}++;=0A=
+   } elsif ($ThisLine=3D~ /DSN: User unknown/) {=0A=
+      $UserUnknown++;=0A=
+   } elsif ($ThisLine=3D~ /return to sender: User unknown/) {=0A=
+      $ReturnUserUnknown++;=0A=
+   } elsif ($ThisLine=3D~ /TLS: error: accept failed/) {=0A=
+      $TLSAcceptFailed++;=0A=
+   } elsif ($ThisLine=3D~ /savemail panic/) {=0A=
+      $SaveMailPanic++;=0A=
+   } elsif ($ThisLine=3D~ /DSN: Return receipt/) {=0A=
+      $ReturnReceipt++;=0A=
+   } elsif ($ThisLine=3D~ /Remote protocol error/) {=0A=
+      $RemoteProtocolError++;=0A=
    } else {=0A=
       $ThisLine =3D~ s/.*\: (DSN\: .*)/$1/;   =0A=
       $ThisLine =3D~ s/.*\: (postmaster notify\: .*)/$1/;=0A=
@@ -141,19 +317,19 @@=0A=
    }=0A=
 }=0A=
 =0A=
-if (($MsgsSent > 0) and ($Detail >=3D 5)) {=0A=
+if ($MsgsSent > 0) {=0A=
    print "\n\n" . $BytesTransferred . " bytes transferred";=0A=
    print "\n" . $MsgsSent . " messages sent";=0A=
 }=0A=
 =0A=
-if ($Amavis > 0) {=0A=
-   print "\n" . $Amavis . " messages scanned by Amavis";=0A=
-}=0A=
-=0A=
 if ($Defang > 0) {=0A=
    print "\n" . $Defang . " messages scanned by MIMEDefang";=0A=
 }=0A=
 =0A=
+if ($OverSize > 0) {=0A=
+   print "\n\nRejected $OverSizeBytes bytes in $OverSize message(s)";=0A=
+}=0A=
+=0A=
 if ($HourReturns > 0) {=0A=
    print "\n\n" . $HourReturns . " messages returned after " . =
$NumHours . " hours";=0A=
 }=0A=
@@ -162,8 +338,75 @@=0A=
    print "\n\n" . $DaysReturns . " messages returned after " . $NumDays =
. " days";=0A=
 }=0A=
 =0A=
-if ($UserUnknown > 0) {=0A=
-   print "\n\n" . $UserUnknown . " unidentified unknown users";=0A=
+if($TLSAcceptFailed > 0) {=0A=
+   print "\n\n" . $TLSAcceptFailed . " TLS Accept Fail(s)";=0A=
+}=0A=
+=0A=
+if($UserUnknown > 0) {=0A=
+   print "\n\n" . $UserUnknown . " DSN User Unknown notifications";=0A=
+}=0A=
+=0A=
+if($ReturnUserUnknown > 0) {=0A=
+   print "\n\n" . $ReturnUserUnknown . " Returned messages due to =
unknown user";=0A=
+}=0A=
+=0A=
+if($SaveMailPanic > 0) {=0A=
+   print "\n\n" . $SaveMailPanic . " Save Mail Panic's";=0A=
+}=0A=
+=0A=
+if($RemoteProtocolError > 0) {=0A=
+   print "\n\n" . $RemoteProtocolError . " Remote Protocol Errors's";=0A=
+}=0A=
+=0A=
+if($ReturnReceipt > 0) {=0A=
+   print "\n\n" . $ReturnReceipt . " Return Receipt's";=0A=
+}=0A=
+=0A=
+if (($Detail >=3D 10) and (keys %LocalDomains)) {=0A=
+   print "\n\nMessage traffic by domain:\n";=0A=
+   print "                         |   Inbound   |  Outbound   |  =
Internal   |    Total\n";=0A=
+   print "Domain                   | Msgs Kbytes | Msgs Kbytes | Msgs =
Kbytes | Msgs Kbytes\n";=0A=
+   print =
"-------------------------+-------------+-------------+-------------+----=
--------\n";=0A=
+   foreach $ThisOne (sort keys %LocalDomains) {=0A=
+      if (($LocalDomains{$ThisOne}{"BytesIn"} + =
$LocalDomains{$ThisOne}{"BytesOut"} + =
$LocalDomains{$ThisOne}{"BytesInternal"}) > 0) {=0A=
+         $LineMsgs =3D $LocalDomains{$ThisOne}{"MsgsIn"} + =
$LocalDomains{$ThisOne}{"MsgsOut"} + =
$LocalDomains{$ThisOne}{"MsgsInternal"};=0A=
+         $LineBytes =3D $LocalDomains{$ThisOne}{"BytesIn"} + =
$LocalDomains{$ThisOne}{"BytesOut"} + =
$LocalDomains{$ThisOne}{"BytesInternal"};=0A=
+         printf("%-25s|%5d %6d |%5d %6d |%5d %6d |%5d %6d\n", $ThisOne, =
$LocalDomains{$ThisOne}{"MsgsIn"}, =
$LocalDomains{$ThisOne}{"BytesIn"}/1024, =
$LocalDomains{$ThisOne}{"MsgsOut"}, =
$LocalDomains{$ThisOne}{"BytesOut"}/1024, =
$LocalDomains{$ThisOne}{"MsgsInternal"}, =
$LocalDomains{$ThisOne}{"BytesInternal"}/1024, $LineMsgs, =
$LineBytes/1024);=0A=
+=0A=
+         $TotalMsgsIn +=3D $LocalDomains{$ThisOne}{"MsgsIn"};=0A=
+         $TotalMsgsOut +=3D $LocalDomains{$ThisOne}{"MsgsOut"};=0A=
+         $TotalMsgsInternal +=3D =
$LocalDomains{$ThisOne}{"MsgsInternal"};=0A=
+         $TotalBytesIn +=3D $LocalDomains{$ThisOne}{"BytesIn"};=0A=
+         $TotalBytesOut +=3D $LocalDomains{$ThisOne}{"BytesOut"};=0A=
+         $TotalBytesInternal +=3D =
$LocalDomains{$ThisOne}{"BytesInternal"};=0A=
+      }; # if=0A=
+   }; # foreach=0A=
+   print =
"-------------------------+-------------+-------------+-------------+----=
--------\n";=0A=
+   $LineMsgs =3D $TotalMsgsIn + $TotalMsgsOut + $TotalMsgsInternal;=0A=
+   $LineBytes =3D $TotalBytesIn + $TotalBytesOut + $TotalBytesInternal;=0A=
+   printf("TOTAL                    |%5d %6d |%5d %6d |%5d %6d |%5d =
%6d\n", $TotalMsgsIn, $TotalBytesIn/1024, $TotalMsgsOut, =
$TotalBytesOut/1024, $TotalMsgsInternal, $TotalBytesInternal/1024, =
$LineMsgs, $LineBytes/1024);=0A=
+}; # if=0A=
+=0A=
+if (($Detail >=3D 10)) {=0A=
+   print "\n\nMessage Size Distribution:\n";=0A=
+   print "Range          # Msgs       KBytes\n";=0A=
+   foreach $ThisOne (0..9) {=0A=
+      printf("%-12s   %6d   %10d\n", $SizeNames[$ThisOne], =
$SizeDist[$ThisOne]{'Num'}, $SizeDist[$ThisOne]{'Bytes'}/1024);=0A=
+      $TotalNum +=3D $SizeDist[$ThisOne]{'Num'};=0A=
+      $TotalBytes +=3D $SizeDist[$ThisOne]{'Bytes'};=0A=
+   };=0A=
+   print  "----------------------------------\n";=0A=
+   printf("TOTAL          %6d   %10d\n", $TotalNum, $TotalBytes/1024);=0A=
+   if ($TotalNum > 0) {=0A=
+      printf("Avg. Size               %10d\n", ($TotalBytes / =
$TotalNum)/1024);=0A=
+   };=0A=
+};=0A=
+=0A=
+if (keys %LargeMsgs) {=0A=
+   print "\n\nLarge Msaages (From \-\> To):\n";=0A=
+   foreach $ThisOne (sort keys %LargeMsgs) {=0A=
+      print "    $ThisOne: ${LargeMsgs{$ThisOne}} Times(s)\n";=0A=
+   }=0A=
 }=0A=
 =0A=
 if (keys %ETRNs) {=0A=
@@ -183,7 +426,7 @@=0A=
 if (keys %UnknownUsers) {=0A=
    foreach $Usr (sort keys %UnknownUsers) {=0A=
       foreach $QueueID (sort keys %{ $UnknownUsers{$Usr} }) {=0A=
-         $SortedUsers{$Usr}{$Relays{$QueueID}}++;=0A=
+         $SortedUsers{$Usr}{$Msgs{$QueueID}{"Relay"}}++;=0A=
       }=0A=
    }=0A=
    print "\n\nUnknown users:\n";=0A=
@@ -268,6 +511,13 @@=0A=
    }=0A=
 }=0A=
 =0A=
+if (keys %MailRejected) {=0A=
+  print "\n\nMail was rejected because of the following entries in the =
access database:\n";=0A=
+  foreach $ThisOne (sort keys %MailRejected) {=0A=
+      printf "    %-50s : %3i Time(s)\n" , $ThisOne , =
$MailRejected{$ThisOne};=0A=
+   }=0A=
+}=0A=
+=0A=
 if (keys %relay) {=0A=
    print "\n\nWe do not relay for these (host,ruser,luser):\n";=0A=
    foreach $host (sort keys %relay) {=0A=

------=_NextPart_000_0259_01C3949C.8BA1ED80
Content-Type: application/octet-stream;
	name="in.qopper.patch.031017"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="in.qopper.patch.031017"

--- in.qpopper	Wed Feb 19 02:01:06 2003=0A=
+++ /etc/log.d/scripts/services/in.qpopper	Thu Oct 16 16:51:35 2003=0A=
@@ -1,6 +1,6 @@=0A=
 #!/usr/bin/perl -w=0A=
 =
#########################################################################=
#=0A=
-# $Id: in.qpopper,v 1.4 2003/02/18 15:31:06 kirk Exp $=0A=
+# $Id: in.qpopper,v 1.3 2002/10/12 02:08:18 kirk Exp $=0A=
 =
#########################################################################=
#=0A=
 =0A=
 ########################################################=0A=
@@ -14,12 +14,19 @@=0A=
 $Detail =3D $ENV{'LOGWATCH_DETAIL_LEVEL'};=0A=
 =0A=
 while (defined($ThisLine =3D <STDIN>)) {=0A=
-    if ( $ThisLine =3D~ /xsender/ ) { =0A=
+    if ( ($ThisLine =3D~ /xsender/) or=0A=
+         ( $ThisLine =3D~ /.drac.:/ ) or=0A=
+         ( $ThisLine =3D~ /Timing/ ) or=0A=
+         ( $ThisLine =3D~ /-ERR \[AUTH\]/ ) or =0A=
+         ( $ThisLine =3D~ /canonical name of client/ ) or=0A=
+         ( $ThisLine =3D~ /I\/O error flushing output to client/ ) or =0A=
+         ( $ThisLine =3D~ /-ERR SIGHUP or SIGPIPE flagged/ ) or=0A=
+         ( $ThisLine =3D~ /-ERR POP hangup/ ) or=0A=
+         ( $ThisLine =3D~ /-ERR POP EOF or I\/O Error/ ) or=0A=
+         ( $ThisLine =3D~ /-ERR \[IN-USE\] / ) or=0A=
+         ( $ThisLine =3D~ /Incorrect octet count/ ) ) { =0A=
         # We don't care about these=0A=
     }=0A=
-    elsif ( $ThisLine =3D~ /.drac.:/ ) { =0A=
-        # We don't worry about these for now=0A=
-    }=0A=
     ## Stats: <UserID> 0 0 0 0 <Host> <IP>=0A=
     elsif (($UserID, $NumDeleted, $BytesDeleted, $NumLeft, $BytesLeft) =
=3D ( $ThisLine =3D~ /Stats: ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+) ([^ ]+)/ )) =
{ =0A=
         $Stats{$UserID}{"Times"}++;=0A=
@@ -28,17 +35,8 @@=0A=
         $Stats{$UserID}{"NumLeft"} =3D $NumLeft;=0A=
         $Stats{$UserID}{"BytesLeft"} =3D $BytesLeft;=0A=
     }=0A=
-    elsif ( $ThisLine =3D~ /Timing/ ) { =0A=
-        # We don't worry about these for now=0A=
-    }=0A=
-    elsif ( $ThisLine =3D~ /-ERR \[AUTH\]/ ) {=0A=
-        # Drop duplicated password failure lines.=0A=
-    }=0A=
-    elsif ( $ThisLine =3D~ /Incorrect octet count/ ) { =0A=
-        # Bogus message from LX betas prior to B20=0A=
-    }=0A=
-    elsif ( $ThisLine =3D~ /canonical name of client/ ) { =0A=
-        # Redundant message, IP is already logged=0A=
+    elsif (($UserID) =3D ($ThisLine =3D~ /^\[AUTH\] Failed attempted =
login to ([^ ]+) from host/ )) {=0A=
+        $FailedLogin{$UserID}++;=0A=
     }=0A=
     elsif ( $ThisLine =3D~ s/^connect from ([^ ]+)$/$1/ ) {=0A=
         $Connections{$ThisLine}++;=0A=
@@ -84,6 +82,13 @@=0A=
     printf("TOTALS           %5d  | %5d  %6d  | %5d  %6d  |\n", $Times, =
$NumDel, $BytesDel/1024, $NumLeft, $BytesLeft/1024);=0A=
 }=0A=
 =0A=
+if (keys %FailedLogin) {=0A=
+   print "\nFailed Logins:\n";=0A=
+   foreach $UserID (sort {$FailedLogin{$b}<=3D>$FailedLogin{$a} } keys =
%FailedLogin) {=0A=
+      print "  $UserID: $FailedLogin{$UserID} time(s).\n";=0A=
+   }; # foreach=0A=
+}; # if=0A=
+=0A=
 if (keys %OtherList) {=0A=
    print "\n**Unmatched Entries**\n";=0A=
    foreach $line (sort {$OtherList{$b}<=3D>$OtherList{$a} } keys =
%OtherList) =0A=

------=_NextPart_000_0259_01C3949C.8BA1ED80
Content-Type: application/octet-stream;
	name="amavis"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="amavis"

#!/usr/bin/perl -w=0A=
#########################################################################=
#=0A=
# $Id: amavis,v 1.3 2002/10/12 02:08:18 kirk Exp $=0A=
#########################################################################=
#=0A=
=0A=
########################################################=0A=
# This was written and is maintained by:=0A=
#    Jim O'Halloran <jim@kendle.com.au>=0A=
#=0A=
# Please send all comments, suggestions, bug reports,=0A=
#    etc, to jim@kendle.com.au.=0A=
########################################################=0A=
=0A=
$Detail =3D $ENV{'LOGWATCH_DETAIL_LEVEL'};=0A=
$CleanMsgs =3D 0;=0A=
$InfectedMsgs =3D 0;=0A=
$BannedNames =3D 0;=0A=
=0A=
# Parse logfile=0A=
while (defined($ThisLine =3D <STDIN>)) {=0A=
   $ThisLine =3D~ s/^\([\d]+\) //;=0A=
   =0A=
   if ( ($ThisLine =3D~ /^do_ascii/) =0A=
        or ($ThisLine =3D~ /^Found av scanner/) =0A=
        or ($ThisLine =3D~ /^Found \$[\S]+[\s]+at/)  =0A=
        or ($ThisLine =3D~ /^No \$[\S]+,[\s]+not using it/) =0A=
        or ($ThisLine =3D~ /^starting.  amavisd at/) ) {=0A=
       # We don't care about these=0A=
   } elsif ($ThisLine =3D~ /^Passed, /) {=0A=
      $CleanMsgs++;=0A=
   } elsif (($FileName, $From) =3D ( $ThisLine =3D~ /^BANNED name\/type =
\(([^\)]+)\)\, \<([^\>]+)\>/ )) { =0A=
      $BannedNames++;=0A=
=0A=
      if ($Detail =3D=3D 10) {=0A=
          $Banned{$FileName}{$From}++;=0A=
      }; # if =0A=
=0A=
   } elsif (($Virus, $From) =3D ( $ThisLine =3D~ /^INFECTED =
\(([^\)]+)\)\, \<([^\>]+)\>/ )) { =0A=
      $InfectedMsgs++;=0A=
=0A=
      if ($Detail =3D=3D 9) {=0A=
        $Viruses{$Virus}++;=0A=
      }; # if=0A=
=0A=
      if ($Detail =3D=3D 10) {=0A=
        $Viruses{$Virus}{$From}++;=0A=
      }; # if=0A=
=0A=
   } # elsif=0A=
   else {=0A=
      # Report any unmatched entries...=0A=
      chomp($ThisLine);=0A=
      $OtherList{$ThisLine}++;        =0A=
   } # else=0A=
} # while=0A=
=0A=
=0A=
# Output report=0A=
if ($CleanMsgs > 0) {=0A=
   print "\n$CleanMsgs messages checked and passed.\n";=0A=
}; # if =0A=
=0A=
if ($InfectedMsgs > 0) {=0A=
   print "$InfectedMsgs virus infected messages were found.\n";=0A=
}; # if=0A=
=0A=
if ($BannedNames > 0) {=0A=
   print "$BannedNames messages rejected with banned file names.\n";=0A=
}; # if=0A=
=0A=
if ((keys %Viruses)) {=0A=
   print "\nViruses Detected:\n";=0A=
   foreach $Virus (sort keys %Viruses) {=0A=
      if ($Detail =3D=3D 9) {=0A=
         print "   $Virus: $Viruses{$Virus} Times(s)\n";=0A=
      } else {=0A=
         $VirCount =3D 0;=0A=
         $OutString =3D "";=0A=
         foreach $From (sort keys %{ $Viruses{$Virus}}) {=0A=
            $VirCount +=3D $Viruses{$Virus}{$From};=0A=
            $OutString .=3D "      $From  $Viruses{$Virus}{$From} =
Time(s)\n";=0A=
         }; # foreach=0A=
         print "   $Virus: $VirCount Times(s)  From:\n$OutString\n";=0A=
      }; # if =0A=
   }; # foreach=0A=
=0A=
}; # if=0A=
=0A=
if (keys %Banned) {=0A=
  print "\nBanned File Names:\n";=0A=
   foreach $FileName (sort keys %Banned) {=0A=
      $BanCount =3D 0;=0A=
      $OutString =3D "";=0A=
      foreach $From (sort keys %{ $Banned{$FileName}}) {=0A=
         $BanCount +=3D $Banned{$FileName}{$From};=0A=
         $OutString .=3D "      $From  $Banned{$FileName}{$From} =
Time(s)\n";=0A=
      }; # foreach=0A=
      print "   $FileName: $BanCount Times(s)  From:\n$OutString\n";=0A=
   }; # foreach=0A=
}; # if=0A=
=0A=
=0A=
if (keys %OtherList) {=0A=
   print "\n\n**Unmatched Entries**\n";=0A=
   foreach $line (sort {$OtherList{$b}<=3D>$OtherList{$a} } keys =
%OtherList) {=0A=
      print "   $line: $OtherList{$line} Time(s)\n";=0A=
   }; # foreach=0A=
}; # if=0A=
=0A=
exit(0);=0A=
=0A=

------=_NextPart_000_0259_01C3949C.8BA1ED80--