[Logwatch] [Fwd: sendmail logwatch script]

Kenneth Porter shiva@sewingwitch.com
14 Jul 2002 12:46:19 -0700

I put this in my Todo folder and kept forgetting it (sorry about that!),
so I'll share it with the list instead. Hopefully Kirk can integrate it
into the distribution.


-----Forwarded Message-----

From: Alex Knowles <Alex@wtwf.com>
To: shiva@well.com
Subject: sendmail logwatch script
Date: 02 Jul 2002 11:09:28 -0700


I just thought I'd send you the changes I made to your sendmail
logwatchign script. I block mail based on open relays (ordb) and
spamcop's blacklist. I like to know how much spam I am rejecting just
because it makes me feel good that I am rejecting spam.

the lines are similar and look like those that you test for open

my solution is not a general one, although I could cobble one together
if you were interested.

here is an ordb and spamcop example

Jul  3 01:24:20 barongreenback sendmail[19579]: g62HOK019579: ruleset=check_relay, arg1=user-112v96s.biz.mindspring.com, arg2=, relay=user-112v96s.biz.mindspring.com [], reject=553 5.3.0 Rejected - see http://ordb.org/

Jul  2 20:47:53 barongreenback sendmail[18458]: g62Clc018458: ruleset=check_relay, arg1=[], arg2=, relay=[], reject=553 5.3.0 Spam blocked see: http://spamcop.net/bl.shtml?

I guess you could easily check for reject=553 and a URL at the end of
the line?

> $ordb = 0;
> $spamcop = 0;

> while (defined($ThisLine = <STDIN>)) {
>   if ( ( $ThisLine =~ m/Spam blocked see: http:\/\/spamcop.net/ ) ){
>     $spamcop++;
>   }

>   if ( ( $ThisLine =~ m/Rejected - see http:\/\/ordb.org/ ) ){
>     $ordb++;
>   }

and then

>     if ($spamcop > 0 or $ordb >0) {
>         print "\n" . $ordb . " messages blocked by ordb";
>         print "\n" . $spamcop . " messages blocked by spamcop";
>     }

just thought you might be interested.

thanks again for a great and useful script! I especially like the
Unknown users: feature, that's the section I look at most.