[Logwatch] Announce: New postfix filter available for testing

lists-logwatch at cappella.us lists-logwatch at cappella.us
Wed Jan 17 22:41:33 MST 2007


[ posted in logwatch and logwatch-devel ]

Hello logwatch / postfix users,

I have rewritten the postfix reporting filter, and would like to get some
final feedback before submission.  The script has been in use by myself and
several early evaluators.  Some of my goals with the postfix filter were to:

  - Facilitate spotting problematic senders
  - Better summarize postfix's log data
  - Provide increasing detail as requested via --detail
  - Provide more useful information and summaries
  - Provide ability to configure per section maximum detail
  - Reduce the amount of manual scanning of postfix mail logs
  - Optimize and combine the numerous REs
  - Eliminate excessive copy/pasted reporting code
  - Generalize log line capturing and reporting

Below is a summary of some key features:

Changes
  - Multiple levels of reporting
    Logwatch detail levels <5 provide basic summaries, whereas
    levels 5 - 10 provide increasingly more detail.  Detail level 22
    provides uncropped log lines. Try them all to determine which detail
    level best suits your needs.

  - Configuration of per section maximum detail
    Maximum depth level of each detailed section can limited by setting a
maximum 
    depth variable in the postfix.conf file. This helps reduce the report
size as
    desired.

  - Report formatting more easily shows totals and sub-totals
    Counts have been moved to the left of report lines.  Each level contains
    totals of its sub-levels.  This removes the excessive Time(s), at the
right
    of each line (which I find difficult to quickly scan for obvious
offenders).

  - More counts available in summary report

  - Better categorization of reject reasons, with percentages

  - Groups reject reasons based on postfix's "optional text" (man 5 access)

  - Configuration or other critical postfix errors are pinned to top of
summary report

  - Includes inline sample test data

  - Detailed summary lines are sorted first by count, then by IP and
lexically

  - Capture additional postfix log lines caught in the Other Items report.
  
Future Consideration
  - Create amavis+postfix filter that better evaluates and summarizes email
disposition

The new postfix logwatch filter can be downloaded from:

   http://www.mikecappella.com/logwatch

Download and expand the postfix.tgz file, and see the enclosed README file
for
installation instructions and customization information.  The filter has
been
tested with logwatch 7.3.x but probably works with older version too.  I
have
not determined the oldest version of logwatch that will work with this
filter.

Feedback (on list preferred) is welcome and encouraged.  If you have log
lines that are not captured or processed correctly, please send me a copy of
the line in some form of archive so that whitespace is not altered, and I'll
update the script.  Either alter private information, or leave it as is, and
rest assured your data will remain confidential.

MrC
---

Sample Output:

 --------------------- postfix Begin ------------------------ 

 ****** Summary *******************************************************
 
   12.131M  Bytes accepted                        12,720,255
   15.015M  Bytes delivered                       15,744,474
 ========   ================================================
 
      910   Accepted                                  69.36%
      402   Rejected                                  30.64%
 --------   ------------------------------------------------
     1312   Total                                    100.00%
 ========   ================================================
 
        1   Reject relay denied                        0.25%
      109   Reject HELO/EHLO                          27.11%
       17   Reject unknown user                        4.23%
       11   Reject recipient address                   2.74%
      126   Reject sender address                     31.34%
        8   Reject client host                         1.99%
      120   Reject via RBL                            29.85%
        7   Reject header                              1.74%
        3   Reject body                                0.75%
 --------   ------------------------------------------------
      402   Total Rejects                            100.00%
 ========   ================================================
 
     1305   Connections made      
      214   Connections lost      
     1305   Disconnections        
      910   Removed from queue    
      926   Delivered             
       25   Sent                  
       11   Forwarded             
 
        2   Timeout (inbound)     
        1   Numeric hostname      
       57   Hostname verification errors 
       17   TLS connections (inbound) 
       17   SASL authenticated messages 
 
 
 ****** Detailed ******************************************************
 
        1   Reject relay denied ------------------------------------
        1      192.168.0.55    192-169-0-55.example.com 
        1         support at sample.net
 
      109   Reject HELO/EHLO ---------------------------------------
       54      Non-qualified EHLO/HELO greetings are typically used by spam
senders. If this...

[ intentionally truncated ]



More information about the Logwatch mailing list