Felix Buenemann wrote: > Hi Erik, > > Am 19.10.2008 3:13 Uhr, Eric Shubert schrieb: >> Felix Buenemann wrote: >>> Hi Erik, >>> >>> Am 18.10.2008 20:39 Uhr, Eric Shubert schrieb: >>>> Sergio Minini wrote: >>>>> Erik, try: >>>>> # cat /var/log/maillog | ./spamdyke_stats.pl >>> [...] >>>>> % Valid: 29.11% >>>>> % Spam : 69.42% >>>>> % Error: 1.47% >>>>> >>>>> Good luck/ >>>>> Sergio >>>> Thanks, but that doesn't work for me. My spamdyke log messages are going >>>> to the qmail smtp log (log-target=0|stderr). Perhaps that's where the >>>> problem lies, as the formatting would be slightly different. >>>> >>> Yes, the script currently expects syslog syntax. If you can provide a >>> few sample lines from the log and I can modify the script to work with it. >>> >>> -- Felix >> Thanks, Felix. Here's a sample rejection (each line begins with @40000): >> @4000000048fa5df51149c60c tcpserver: status: 1/100 >> @4000000048fa5df51149d5ac tcpserver: pid 22865 from 209.133.101.250 >> @4000000048fa5df51149e164 tcpserver: ok 22865 >> doris.shubes:192.168.171.11:25 :209.133.101.250::58673 >> @4000000048fa5dfc34b1ebec DENIED_SENDER_NO_MX from: >> [EMAIL PROTECTED] >> to: [EMAIL PROTECTED] origin_ip: 209.1 >> 33.101.250 origin_rdns: broadcaster.eonline.com auth: (unknown) >> @4000000048fa5dfd01593124 tcpserver: end 22865 status 0 >> @4000000048fa5dfd015a7d2c tcpserver: status: 0/100 >> >> In case you don't know, the first (@4000...) field is a date/time stamp, >> and can be converted to local time with the tai64nlocal program. I don't >> know if that'll be necessary or not. >> >> Thanks again. I'm eager to see the results. > > Please test the attached version. You have to pass --nosyslog parameter > to the script. Also please check which of the $linematch variants > beginning at line 33 is the fastest (run time cat /your/log | > spamdyke-stats.pl --nosyslog to find out) and report it back to me. > > Btw. the new version is about 25% faster than the last one, due to > optimizations of the regular expression matching, so updating might be > useful to others aswell. > > -- Felix >
First $linematch: # time cat /var/log/qmail/smtp/@4000000048fb90032cd228c4.s | ./spamdyke-stats.pl --nosyslog 372 DENIED_RBL_MATCH -- Breakdown -- --------------- 366 DENIED_RDNS_RESOLVE 363 DENIED_RDNS_MISSING 242 ALLOWED 213 DENIED_IP_IN_CC_RDNS 104 DENIED_SENDER_NO_MX 45 DENIED_OTHER 1 TIMEOUT Allowed: 242 Denied : 1463 Errors : 1 Total : 1706 % Valid: 14.19% % Spam : 85.76% % Error: 0.06% real 0m0.395s user 0m0.239s sys 0m0.145s # Second $linematch: # time cat /var/log/qmail/smtp/@4000000048fb90032cd228c4.s | ./spamdyke-stats.pl --nosyslog 372 DENIED_RBL_MATCH -- Breakdown -- --------------- 366 DENIED_RDNS_RESOLVE 363 DENIED_RDNS_MISSING 242 ALLOWED 213 DENIED_IP_IN_CC_RDNS 104 DENIED_SENDER_NO_MX 45 DENIED_OTHER 1 TIMEOUT Allowed: 242 Denied : 1463 Errors : 1 Total : 1706 % Valid: 14.19% % Spam : 85.76% % Error: 0.06% real 0m0.349s user 0m0.231s sys 0m0.109s # Third $linematch: # time cat /var/log/qmail/smtp/@4000000048fb90032cd228c4.s | ./spamdyke-stats.pl --nosyslog 372 DENIED_RBL_MATCH -- Breakdown -- --------------- 366 DENIED_RDNS_RESOLVE 363 DENIED_RDNS_MISSING 242 ALLOWED 213 DENIED_IP_IN_CC_RDNS 104 DENIED_SENDER_NO_MX 45 DENIED_OTHER 1 TIMEOUT Allowed: 242 Denied : 1463 Errors : 1 Total : 1706 % Valid: 14.19% % Spam : 85.76% % Error: 0.06% real 0m0.331s user 0m0.177s sys 0m0.142s # Thanks Felix. BTW, couldn't the script simply test for "@" in the first position of any line to determine that it's not a syslog, so the flag wouldn't be necessary? Seems simpler to me. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
