* Mark Martinec <mark.martinec+ama...@ijs.si>: > Patrick, > > > I need to split rejected messages by destination, but I don't know how. > > What I see is origins and destinations: > > > > AMAVIS-MIB::inMsgsInbound.0 = Counter32: 1 > > AMAVIS-MIB::inMsgsOutbound.0 = Counter32: 10 > > AMAVIS-MIB::inMsgsInternal.0 = Counter32: 0 > > AMAVIS-MIB::inMsgsOriginating.0 = Counter32: 10 > > AMAVIS-MIB::inMsgsOpenRelay.0 = Counter32: 0 > > > > And I see all kinds of message status: > > > > AMAVIS-MIB::inMsgsStatusAccepted.0 = Counter32: 0 > > AMAVIS-MIB::inMsgsStatusRelayed.0 = Counter32: 1 > > AMAVIS-MIB::inMsgsStatusDiscarded.0 = Counter32: 10 > > AMAVIS-MIB::inMsgsStatusNoBounce.0 = Counter32: 0 > > AMAVIS-MIB::inMsgsStatusBounced.0 = Counter32: 0 > > AMAVIS-MIB::inMsgsStatusRejected.0 = Counter32: 0 > > AMAVIS-MIB::inMsgsStatusTempFailed.0 = Counter32: 0 > > > > Any idea how I could get what I want? > > This information is not currently available in the SNMP Berkeley DB or > in the final MIB. Partly because it is not clear what 'by destination' means, > and because to be able to provide this information through MIB, > the SNMP variables need to be enumerated somehow, and the > number of 'destinations' is potentially unbound. So what would > be needed is perhaps a SNMP table structure, containing 'destination' > names along with their counters (note that enumeration could change > between restarts). So far we don't provide any 'table's in the MIB.
Excuse me for being not precise. A table structure to list all content categories per every destination would be nice, but definitely far beyond what I need. FWIW data to let me know whether I need to investigate further (read: analyse log) or ignore what's going on is enough. It very likely depends on the policy you run. Our policy is: Ignore all inbound traffic unless a) the number of virus files exceeds a certain volume. Then investigate (read: query SQL DB for virus names) and take evasive actions (e.g. declare certain viruses as mass viruses) b) there's suddenly an unusual rise in rejections Ignore all internal traffic unless a) we see viruses b) there's suddenly an unusual rise in rejections Ignore all outgoing traffic unless a) we see viruses b) there's suddenly an unusual rise in rejections This said: "destination" in my unprecise manner means "incoming, internal, or outgoing". > Regarding the 'by destination', it could mean: a recipient domain, > or a forwarder IP address from a perspective of amavisd, or Now that you mention it. If we, acting as gateway, reject viruses from internal MXes knowing their IP and counting the number of rejected messages would certainly be nice to have. But then again. Deeper inspection can be done using a log analyzer. Our primary question is: Do we need to take care? p...@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org