#1  
Old 9th December 2005, 01:23
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default Mailgraph

I guess you all know by now that I love graphs

I found a new tool: http://people.ee.ethz.ch/~dws/software/mailgraph/
its called mailgraph and is supposed to display mail statistics like sent/received/rejected/spam/virus and bounced...

unfortunately it will not really show spam for me and it shows a little bit too few of my virus mails ;-(

first of all it is set to monitor the syslog file but I changed that to the /var/log/mail.log.ispconfigsave which seemed a better idea to me - right?

I added one line to catch viruses is this ok?
Quote:
elsif($prog eq 'TrashScan') {
if($text =~ /Suspicious/) {
event($time, 'virus');
}
}
are there other lines indicating virus?

the standard line to find infected mails is this but it does not work for me:
Quote:
elsif($prog eq 'spamd') {
if($text =~ /^(?:spamd: )?identified spam/) {
event($time, 'spam');
}
}
any other idea on how to identify spam?


###edit###
Or maybe you know another tool to display this kind of information graphically?

Last edited by Ovidiu; 9th December 2005 at 11:13.
Reply With Quote
Sponsored Links
  #2  
Old 20th December 2005, 13:34
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

no one has got any ideas? any other soft that can do this?
Reply With Quote
  #3  
Old 9th February 2006, 05:00
ecorona ecorona is offline
Junior Member
 
Join Date: Jan 2006
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default Mailgraph

I set it up, but no spam/virus graph at all.
Reply With Quote
  #4  
Old 12th September 2006, 02:59
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

anyone got an update on this? I am using the perfect debian 3.1 setup

no graphs show up at all,.... while I followed this tutorial: http://www.howtoforge.com/mail_stati...raph_pflogsumm

although I must admit I had a manually installed version of rrdtool, but right now I also installed the apt-get version and still no graphs to be seen here: http://www.web-designerz.de/cgi-bin/mailgraph.cgi

also the pflogsumm has this entry:
Quote:
Sender address rejected: Domain not found (total: 2)
2 pw-auth@02.ebay.com
which seems to be a legitimate email from ebay - does it not?
on the other hand it seems its a forgery, sorry for misusing this post
Quote:
Sep 10 01:08:44 h898552 postfix/smtpd[11574]: connect from fmmailgate03.web.de[217.72.192.234]
Sep 10 01:08:44 h898552 postfix/smtpd[11574]: NOQUEUE: reject: RCPT from fmmailgate03.web.de[217.72.192.234]: 450 <pw-auth@02.ebay.com>: Sender address rejec
ted: Domain not found; from=<pw-auth@02.ebay.com> to=<postmaster@web-designerz.de> proto=ESMTP helo=<fmmailgate03.web.de>
Sep 10 01:08:44 h898552 postfix/smtpd[11574]: disconnect from fmmailgate03.web.de[217.72.192.234]
in case you want to help I have some more hints:

Quote:
www.web-designerz.de||||1215||||62.159.242.114 - - [12/Sep/2006:08:36:43 +0200] "GET /cgi-bin/mailgraph.cgi?0-e HTTP/1.1" 500 1215 "http://www.web-designerz.de/cgi-bin/mailgraph.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6"
it seems like an 500 server error but I can see the basic page, just not the graphs...
Ok this is solved too: the mailgraph was trying to store its images here: /var/lib/mailgraph/,cgi-bin meaning inside /var/lib/mailgraph which was by default owned by www-data:www-data so I had to change to the user the suexec of that virtualhost was running :-)
no I am just wondering why the directory looks this strange: /var/lib/mailgraph/,cgi-bin?? well does not matter, but what about this:

I thought I could just download the newest version 1.12 and replace the 3 files of which mailgraph consists with the newer version as debian stable is using version 1.10 but if I do this I do not see any graphs, no idea why as the directories and the owners and groups stay the same...

any chance to get SA and clamav to make logs that could be used to count spam and viruses instead of having to somehow implement amavis?

Last edited by Ovidiu; 12th September 2006 at 11:02.
Reply With Quote
  #5  
Old 12th September 2006, 18:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by Tenaka
any chance to get SA and clamav to make logs that could be used to count spam and viruses instead of having to somehow implement amavis?
I don't know if that's possible...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 13th September 2006, 12:51
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

I found severall issues:

a) saying spamd is faster and better than spamassassin: http://mail-archives.apache.org/mod_...comcast.net%3E

b) Mail::SpamAssassin::Logger http://www.annocpan.org/~FELICITY/Ma...ssin/Logger.pm can you look at those links? there is also a Mail::SpamAssassin::Logger::File http://www.annocpan.org/~FELICITY/Ma...Logger/File.pm and a Mail::SpamAssassin::Logger::Syslog http://www.annocpan.org/~FELICITY/Ma...gger/Syslog.pm

I do not have any clue how to use b) and I do not know much about a)...

maybe someone interested too can get me going...

Last edited by Ovidiu; 13th September 2006 at 12:57.
Reply With Quote
  #7  
Old 13th September 2006, 20:24
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,596 Times in 4,407 Posts
Default

Quote:
Originally Posted by Tenaka
a) saying spamd is faster and better than spamassassin: http://mail-archives.apache.org/mod_...comcast.net%3E
Spamd is faster, but we can not simply switch from spamassassin to spamd as the spamc command that is used to send the messages to spamd does not support the commandline switch for specifying the spamassassin configuartion file that ISPConfig uses. There is a workaround for that by symlinking the spamassassin config files in every users directory but I we will have to test that in the dev branch if it is reliable.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 13th September 2006, 22:25
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
Default

ok thx for explaining, but how about those SA "modules" I linked above? I am not sure how these modules are to be used.. but they seem to be doing what we need: bring logging to spamassassin
Reply With Quote
  #9  
Old 14th September 2006, 09:51
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,596 Times in 4,407 Posts
Default

Quote:
Originally Posted by Tenaka
ok thx for explaining, but how about those SA "modules" I linked above? I am not sure how these modules are to be used.. but they seem to be doing what we need: bring logging to spamassassin
I've never tested one of them, but I see no reason why they should not work if you load them in the spamassassin configuration uder /home/admispconfig/ispconfig/tools/spamassassin
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 14th September 2006, 13:54
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts
 
Default

hi,

I'll try out Mail::SpamAssassin::Logger::Syslog that seems the most appropiate one to use but can you give me some hints about where to put?

Quote:
h898552:/home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin# ls -al
total 24
drwxr-xr-x 2 admispconfig admispconfig 4096 Jul 19 07:37 .
drwxr-xr-x 3 admispconfig admispconfig 4096 May 22 22:20 ..
-rwxr-xr-x 1 admispconfig admispconfig 890 Aug 9 12:41 init.pre
-rwxr-xr-x 1 admispconfig admispconfig 789 Aug 9 12:41 local.cf
-rwxr-xr-x 1 admispconfig admispconfig 2395 Aug 9 12:41 v310.pre
-rwxr-xr-x 1 admispconfig admispconfig 806 Aug 9 12:41 v312.pre
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 19:39.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.