MailScanner snd SpamAssassin

Cj B black at comet.n-polk.k12.ia.us
Thu Feb 12 16:09:48 CET 2004 

On Wednesday 11 February 2004 01:55 am, Wytze van der Raay wrote:
> I would be interested too ...
> But in my opinion the problem with MailScanner is its fairly limited
> logging, which doesn't contain all that much data for detailed reports
> (depending of course on what kind of details you are after). For
> instance the destination of a spam-labelled e-mail isn't logged by
> MailScanner. You could try to derive that from some subsequent sendmail
> records (assuming that you are running sendmail, and logging MailScanner
> and sendmail to the same logfile), but it's kind of tricky. A better
> approach would seem to first improve MailScanner's logging to contain
> all the information you want to be reported on.
> Any volunteers?

I guess what I'm looking for isn't really all that advanced. 
The things I'm looking for are;

1) The top relayers of spam, which is given in the spam line: 
Feb 12 08:39:46 Vermont MailScanner[13735]: Message i1CEdOPI014866 from 
64.108.191.11 (news at americanjobs.com) to XXXXXXXXX.org is spam, SpamAssassin 
(score=7.1, required 5, BIG_FONT 0.34, CLICK_BELOW 0.31, CLICK_BELOW_CAPS 
0.41, CLICK_HERE_CAPS_LINK 0.61, CLICK_HERE_LINK 0.31, HTML_50_70 0.30, 
HTML_FONT_COLOR_BLUE 0.20, HTML_FONT_COLOR_GRAY 0.33, HTML_FONT_COLOR_RED 
0.32, HTML_FONT_COLOR_UNSAFE 0.30, MAY_BE_FORGED 0.04, MISSING_OUTLOOK_NAME 
1.11, NO_REAL_NAME 1.28, SPAM_PHRASE_13_21 1.34, UNSUB_PAGE 0.10)

2) The top offending checks. IE, the spam checks that get set off the most, 
etc. 

3) The number of virus caught.
4) The breakdown of the viruses, IE: 
http://www.sng.ecs.soton.ac.uk/mailscanner/graphs/ECS_Viruses_Detected.htm (I 
think this is done with MRTG, but I have no idea really. Even though I don't 
really know much about the coding behind logreport, I think it's doable. I 
just wish I understood the dev docs better!)

5) Anything else that might be interesting which is stored in these log files.

I'm sure someone out there has already done something like this, it seems as 
though both Mailscanner and logreport are in wide spread enough use.

Thanks,
Cj B


-- 
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
questions-request at logreport.org

More information about the Questions mailing list