[Logwatch] Filter questions

Mike Tremaine mgt at stellarcore.net
Fri Sep 17 15:01:37 MST 2004


On Fri, 2004-09-17 at 11:16, Lists wrote:
> Hello, 
> 
>   I hope this is an OK question to ask here. I was wondering how I could
> go about doing the following. I have setup a mail server which
> references several sbls before accepting mail.  I was wondering if there
> is any way I can setup a filter that counts up the number of times one
> of those is seen in the maillog instead of putting the line in the
> email. 
> 
> ## line as output in the logwatch email
> 
> killabee05 at 100mile.net (553 5.3.0 Spam blocked see:
> http://spamcop.net/bl.shtml?211.173.189.111): 1 Time(s)
> 
> So instead of writing this it would count it
> and in the end write something like
> 
> Rejected Mail:
> Total rejected messages: 129563
> 
> Reason:
>    NJABL blocking list:      3388
>    ORDB blocking list:       10
>    SPAMCOP blocking list:    118003
>    A-Reject list:            986
>    A-Discard list:           1630
>    Not Resolvable Domain:    4749
>    Not Existing Domain:      339
>    Relaying Denied:          428
>    Other:        	     


What mailserver? [Sendmail/Postfix/Exim/Other]

Since I really can only talk about Sendmail I'll give you an example
from it. Right now the sendmail service [~/scripts/services/sendmail]
has a few RBL matches which will total up AND also give you a line by
line listing. With more then 100 or so I turn that part off by upping
the Detail limit. [Note to self I should add this is logwatch.conf ;)
]...

Sample Output

BlackHole Totals:
    www.spamhaus.org: 608 Time(s)


.
.
.

Summary:
        Total Mail Rejected: 7278


The whole report can be a bit too long for large mail-servers but thats
another issue for another day.


If you have some perl skills look at the HASH values

      $BlackHoled{$Temp}++;
      $BlackHoles{$BlSite}++;


Those are the ones you want to add to or expand on. [Again this is
Sendmail. The other servers each have their own script in services.]

-- 
Mike Tremaine
mgt at stellarcore.net
http://www.stellarcore.net



More information about the Logwatch mailing list