pflogsumm
"M. Tolga Özses"
I installed pflogsumm, and what I am wondering is how to tell pflogsumm
to show blockages by blocklist. I mean I want it to show me how many
spams were blocked using bl.spamcop.net or sbl-xbl.spamhaus.org etc. I
have a few added with reject_rbl_client
--
M. Tolga Özses
Bilgi Teknolojisi
Sabanci Üniversitesi
Orhanli 34956 Tuzla
Istanbul
Tel: (216) 483 91 98
Web: http://people.sabanciuniv.edu/mtozses
"M. Tolga Özses"
I want output like this:
blocked using bl.spamcop.net (total: 847932)
blocked using dnsbl.ahbl.org (total: 2039)
blocked using dnsbl.njabl.org (total: 5645)
blocked using dul.dnsbl.sorbs.net (total: 165920)
blocked using list.dsbl.org (total: 32070)
blocked using sbl-xbl.spamhaus.org (total: 332590)
blocked using spamsources.fabel.dk (total: 9261)
pflogsumm.pl -d yesterday =syslog_name=postfix /var/log/messages is what I use to fetch data and my main.cf is at http://www.rafb.net/paste/results/m37Pv791.html.
Thanks a lot :)
Anthony Messina wrote:
> M. Tolga Özses wrote:
>
>> Hi,
>>
>> I installed pflogsumm, and what I am wondering is how to tell pflogsumm
>> to show blockages by blocklist. I mean I want it to show me how many
>> spams were blocked using bl.spamcop.net or sbl-xbl.spamhaus.org etc. I
>> have a few added with reject_rbl_client
>>
>>
> it should already do that. without additional configuration, it works
> for me.
Jorey Bump
> Hi,
>
> I installed pflogsumm, and what I am wondering is how to tell pflogsumm
> to show blockages by blocklist. I mean I want it to show me how many
> spams were blocked using bl.spamcop.net or sbl-xbl.spamhaus.org etc. I
> have a few added with reject_rbl_client
I don't know about pflogsumm, but I wrote my own perl script for just
this purpose. It produces output like this:
bl.spamcop.net 1089
sbl-xbl.spamhaus.org 804
combined.njabl.org 408
list.dsbl.org 31
=================================
Total DNSBL rejections: 2332
You can get the latest version of the script here:
"M. Tolga Özses"
Sorry for the late reply. Here is my syslog-ng.conf
<http://www.rafb.net/paste/results/mCDefv94.html>. I don't get any
results with grep -ir blocked\ using /var/log/*
Jorey Bump wrote:
> Can you show me an example of an RBL rejection from your log? If you
> can't find one, try this:
>
> grep -i "blocked using" /var/log/*
>
> You may get a lot of input, but it will show you where such messages
> are logged by Postfix. When you determine the correct log, run:
>
> dnsblcount /path/to/mail/log
>
> Let me know if it works for you.
>
> M. Tolga Özses wrote:
>> I am using Gentoo Linux.
>>
>> kunduz bin # grep mail /etc/syslog-ng/syslog-ng.conf
>> kunduz bin #
>
> That's broken. There should be lines for your mail facility. Maybe you
> are logging to /var/log/messages as a default. I recommend checking
> the gentoo and syslog-ng documentation to fix this. Your messages log
> must be huge and incomprehensible!
>
>> Jorey Bump wrote:
>>> It's unusual for Postfix to log to /var/log/messages. What platform
>>> are you using? Look for /var/log/maillog or /var/log/mail.info, or
>>> similar variations. Your syslog.conf will also show where mail
>>> messages are logged. Look for the line beginning with "mail.*".
>>>
>>> M. Tolga Özses wrote:
>>>> I wget'd it, and followed the instructions too, and this is the
>>>> output I get
>>>>
>>>> kunduz bin # dnsblcount /var/log/messages
>>>> =================================
>>>> Total DNSBL rejections:
>>>>
>>>> Regards,
--
Jorey Bump
> Sorry for the late reply. Here is my syslog-ng.conf
> <http://www.rafb.net/paste/results/mCDefv94.html>. I don't get any
> results with grep -ir blocked\ using /var/log/*
I don't use syslog-ng, but your mail facility is conspicuously missing.
Perhaps a syslog-ng user on this list could offer some tips. There are
plenty of logs that can be ignored; a mail log isn't one of them. :)