++ed by:
SHLOMIF KEEDI VOEGELAS SYP SREZIC

5 PAUSE users
1 non-PAUSE user.

Theo Van Dinter

NAME

sa-stats.pl - Builds received spam/ham report from mail log

VERSION

    $Revision: 1.17 $

SYNOPSIS

 Usage: sa-stats.pl [options]

 Options:
   -l, --logfile=filename       logfile to read
                                (default: /var/log/maillog)
   -s, --start                  Sets date/time for start of reporting period
   -e, --end                    Sets date/time for end of reporting period
   -u, --userstats              Generates stats for the top spam victims
                                (default is 25; see -T)
   -H, --html                   Generates HTML report
                                (default: plain text)
   -T, --top=#                    Display top # spam victims
                                (# defaults to 25; -T implies -u)
   -h, --help                   Displays this message
   -V, --version                Display version info
   --mail=emailaddress          Sends report to emailaddress
   --sendmail=/path/to/sendmail Location of sendmail binary
                                (default: /usr/sbin/sendmail)
   --from=emailaddress          Sets From: field of mail
   -v, --verbose                Sets verbose mode (requires -D)
   -D, --debug                  Sets debug mode

DESCRIPTION

Creates simple text report of spam/ham detected by SpamAssassin by parsing spamd entries in the mail log (generally /var/log/maillog)

EXAMPLES

To generate a text report from midnight to present using /var/log/maillog:

 ./sa-stats.pl -s 'midnight' -e 'now' > sa_stats.txt

To generate an HTML report including the top 5 spam victims for the month of January 2004 from compressed mail logs:

 gunzip -c /var/log/maillog-200401*.gz | ./sa-stats.pl -H -T 5 -l - \
 -s '2001-01-01 00:00:00' -e '2004-01-31 23:59:59' > jan_2004_stats.html

Note the use of '-' as a filename to represent STDIN.

To generate a text report with per-user stats from yesterday, reading from /var/log/mail and turning on all debugging output:

 ./sa-stats.pl -v -D -u -l /var/log/mail \
 -s 'yesterday midnight' 1>stats.txt 2>stats.err

TIPS

  • Are you running spamd? Currently sa-stats.pl only reads syslog entries from spamd; it doesn't work with MTA-level calls to Mail::SpamAssassin or with logs generated by the spamassassin perl script.

  • Are there spamd entries in your mail log? Use 'grep spamd /var/log/maillog' to find out.

  • Are there spamd entries in your mail log within the analysis interval? Run 'sa-stats.pl -v -D ...' to see the entries that are found and discarded as well as to see the actual analysis interval.

DEPENDENCIES

  • Getopt::Long

  • POSIX

  • Time::Local

  • Date::Manip

  • Parse::Syslog;

BUGS

  • Because of poor year handling in Parse::Syslog, the script may not work well when the log file dates back to the previous year.

TO DO

  • Find bugs

  • Fix bugs

  • Don't call /usr/sbin/sendmail directly; use Mail::Internet or Net::SMTP or other standard module

  • Add support for compressed logs (see gzopen() from Compress::Zlib)

  • Have --verbose work without --debug

AUTHORS

Brad Rathbun <brad@computechnv.com> http://www.computechnv.com/

Bob Apthorpe <apthorpe+sa@cynistar.net> http://www.cynistar.net/~apthorpe/

Duncan Findlay <duncf@debian.org>

SEE ALSO

Mail::SpamAssassin, Date::Manip, spamd(1)