Leonardo Rodrigues,
> i would like to have a full email report, which, intentionally,
> would give me for each message:
> 1) sender
> 2) recipient or recipients in case of CCs
> 3) subject
> 4) message size
> 5) name and mime-type of attachments, if present
> i have tried getting this from postfix logs, but i couldnt. i can
> have some header/body checks with WARNING and logs somethings, but my
> tries were completly wasted on trying to get all that information together.
The 1..4 are faily easy, either through adjusting $log_templ
or through SQL logging. For 5 you will need to add some code
to present the information (which is available in internal
data structures) in a coherent way - a MIME structure could
be fairly complex, multilevel and long.
> i know amavisd have all this informations, some of them even easier
> than postfix, like name and mime-type of attachments, which can be seen
> on logs with log_level=2.
>
> would it be possible to have all these informations parsed from
> amavisd logs and presented in a easy way ? It can be a comma-delimited
> or tab-delimited text, no problem. I can convert it to HTML, the raw
> information would be enough.
Following up on Mike's suggestion, the mail log entry can be extended
by including additional macros in a template - see README.customize
for the full list. I'm currently using the following (with 2.6.0)
(to go into amavisd.conf, probably an overkill for most uses):
$log_templ = <<'EOD';
[?%#D|#|Passed #
[? [:ccat|major] |OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)]#
, [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%D|,]#
[? [:tls_in] ||, tls: [:tls_in]]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
, mail_id: %i#
, Hits: [:SCORE]#
, size: %z#
[? [:partition_tag] ||, pt: [:partition_tag]]#
[~[:remote_mta_smtp_response]|["^$"]||[", queued_as: "]]\
[remote_mta_smtp_response|[~%x|["queued as ([0-9A-Z]+)$"]|["%1"]|["%0"]]|/]#
[? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject|100]]]#
[? [:header_field|From] ||, From: [:uquote|[:header_field|From|100]]\
[? [:dkim|author] || (dkim:AUTHOR)]]#
[? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[:supplementary_info|SCTYPE|, shortcircuit=%%s]#
[:supplementary_info|AUTOLEARN|, autolearn=%%s]#
[:supplementary_info|AUTOLEARNSCORE|, autolearnscore=%%s]#
[? [:supplementary_info|LANGUAGES] ||,
languages=[:uquote|[:supplementary_info|LANGUAGES]]]#
[? [:supplementary_info|RELAYCOUNTRY] ||,
relaycountry=[:uquote|[:supplementary_info|RELAYCOUNTRY]]]#
[? [:supplementary_info|ASN] ||, asn=[:uquote|[:supplementary_info|ASN]
[:supplementary_info|ASNCIDR]]]#
[? [:supplementary_info|DCCREP] ||, dcc_rep=[:supplementary_info|DCCREP]]#
[? [:dkim|identity] ||, dkim_id=[:dkim|identity]]#
, %y ms#
]
[?%#O|#|Blocked #
[? [:ccat|major|blocking] |#
OTHER|CLEAN|MTA-BLOCKED|OVERSIZED|BAD-HEADER|SPAMMY|SPAM|\
UNCHECKED|BANNED (%F)|INFECTED (%V)]#
, [? %p ||%p ][?%a||[?%l||LOCAL ]\[%a\] ][?%e||\[%e\] ]%s -> [%O|,]#
[? [:tls_in] ||, tls: [:tls_in]]#
[? %q ||, quarantine: %q]#
[? %Q ||, Queue-ID: %Q]#
[? %m ||, Message-ID: %m]#
[? %r ||, Resent-Message-ID: %r]#
, mail_id: %i#
, Hits: [:SCORE]#
, size: %z#
[? [:partition_tag] ||, pt: [:partition_tag]]#
#, smtp_resp: [:smtp_response]#
[? [:header_field|Subject] ||, Subject: [:dquote|[:header_field|Subject|100]]]#
[? [:header_field|From] ||, From: [:uquote|[:header_field|From|100]]\
[? [:dkim|author] || (dkim:AUTHOR)]]#
[? [:useragent|name] ||, [:useragent|name]: [:uquote|[:useragent|body]]]#
[? %#T ||, Tests: \[[%T|,]\]]#
[:supplementary_info|SCTYPE|, shortcircuit=%%s]#
[:supplementary_info|AUTOLEARN|, autolearn=%%s]#
[:supplementary_info|AUTOLEARNSCORE|, autolearnscore=%%s]#
[? [:supplementary_info|LANGUAGES] ||,
languages=[:uquote|[:supplementary_info|LANGUAGES]]]#
[? [:supplementary_info|RELAYCOUNTRY] ||,
relaycountry=[:uquote|[:supplementary_info|RELAYCOUNTRY]]]#
[? [:supplementary_info|ASN] ||, asn=[:uquote|[:supplementary_info|ASN]
[:supplementary_info|ASNCIDR]]]#
[? [:supplementary_info|DCCREP] ||, dcc_rep=[:supplementary_info|DCCREP]]#
[? [:dkim|identity] ||, dkim_id=[:dkim|identity]]#
, %y ms#
]
EOD
The $log_template may also produce multiple lines (i.e. a '#' at the end
of each line in a default template discards each NL following it, see
README.customize), so one can produce separate log lines, each with different
information to facilitate parsing. The following example appends a second
line to each default log entry:
$log_templ .= q{
Custom log: %s -> [%R|,]#
, size: %z#
, Subject: [:dquote|[:header_field|Subject]]#
, From: [:uquote|[:header_field|From]]#
};
Now for the MIME structure, either parse the log entries suggested by Mike,
or modify code to match your needs. Same goes for SQL logging: it covers
most of the basic info about each message (see schemas for tables
msgs, msgrcpt and addrs in README.sql*), but to include MIME info
that would need to be added.
Wazir Shpoon writes:
> @lookup_sql_dsn =
> ( ['DBI:mysql:dbname=mail;host=localhost', 'sqluser', 'sqlpassword'] );
> @storage_sql_dsn = @lookup_sql_dsn;
> $virus_quarantine_method='sql:';
> $banned_files_quarantine_method='sql:';
> $spam_quarantine_method='sql:';
> $bad_header_quarantine_method='sql:';
If one needs SQL logging only (for pen pals feature or for a bounce killer
feature or just for data mining), there is no need to also switch quarantining
to sql, and neither do SQL lookups have to be enabled.
Setting the @storage_sql_dsn suffices, e.g.:
@storage_sql_dsn =
(['DBI:Pg:database=mail_log', 'amavis', 'somesecretpassword']);
Mark
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
