Sendmail log Analyzer is a tool to monitor sendmail usage and generate HTML and graph reports. It reports all you ever wanted to know about email trafic on your network. You can also use it in ISP environment with per domain and per mailbox report.
Home Page: http://sendmailanalyzer.darold.net/
License: GNU General Public License v3.0
Hi,
I want to ask it is possible to append the log grep for top sender where the default is 100? we want to grep the today sender top sender at the gui report in this link http://domain.net/sareport/sa_report.cgi?host=smtp-1&date=20170113&hour=&type=sender&peri=address&domain=&search=user%40domain.net
Thanks and regards,
Hi,
I have some difficulties to configure the MAIL_GW parameter.
On file senders.dat, no relay is stored for mail managed by the server (the last field is empty on each line).
So there is non difference between external/internal mails.
Is this normal ?
Regards,
hi I am new here installed your sendmailanalyser
cant figure it out how to print postfix logs on to my local html pages
please guide how would i do it i am not bale to figure out
To keep track about incoming/outgoing signed/validated/failed SPF and DKIM records it would be nice to have that feature in an upcoming sendmail report.
A postscreen option would be nice too.
i.e.
SPF + DKIM in:
Feb 14 09:38:17 mail amavis[25650]: (25650-04) Passed CLEAN {RelayedInbound}, [40.100.x.x]:33160 [40.100.x.x] [email protected] -> [email protected], Queue-ID: DFA8A20EA, Message-ID: [email protected], mail_id: vxMxxxxxkbRF, Hits: -3.298, size: 16059, queued_as: BE1xxxx89F, dkim_sd=selector1-domain.com, 1837 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,RCVD_IN_DNSWL_NONE=-0.0001,RCVD_IN_MSPIKE_H2=-3.296,SPF_HELO_PASS=-0.001,SPF_PASS=-0.001]
SPF in:
Feb 15 14:26:45 mail amavis[25709]: (25709-15) Passed CLEAN {RelayedInbound}, [212.0.x.x]:63329 [192.168.0.1] [email protected] -> [email protected], Queue-ID: 40Dxxx8A1, Message-ID: [email protected], mail_id: brShxxxxx3y1, Hits: -0.201, size: 2002, queued_as: 2FCxxxx9D5, 1815 ms, Tests: [FREEMAIL_FROM=0.001,RCVD_IN_DNSWL_LOW=-0.7,RCVD_IN_SORBS_SPAM=0.5,RP_MATCHES_RCVD=-0.001,SPF_PASS=-0.001]
Postscreen:
Feb 20 19:56:34 v19368 postfix/postscreen[20462]: CONNECT from [216.x.x.x]:53699 to [31.x.x.x]:25
I've been using a policy deamon for postgreying called iredapd form the iRedMail project. Would be nice to add this daemon as well to the sendmailreport.
The logs look like this:
Feb 20 19:12:58 mail postfix/postscreen[11395]: PASS NEW [216.x.x.x]:51520
...
Feb 20 19:22:29 mail postfix/postscreen[14248]: PASS OLD [216.x.x.x]:51992
Feb 20 19:22:29 mail postfix/smtpd[14249]: NOQUEUE: reject: RCPT from www4.checktls.com[216.x.x.x]: 451 4.7.1 [email protected]: Recipient address rejected: Intentional policy rejection, please try again later; from=[email protected] to=[email protected] proto=ESMTP helo=<checktls.com>
...
Feb 20 19:56:34 mail postfix/postscreen[20462]: CONNECT from [216.68.85.112]:53699 to [31.172.95.219]:25
Feb 20 19:56:34 mail postfix/postscreen[20462]: PASS OLD [216.x.x.x]:53699
Feb 20 19:56:34 mail postfix/smtpd[20463]: connect from www4.checktls.com[216.x.x.x]
Feb 20 19:56:34 mail postfix/smtpd[20463]: Anonymous TLS connection established from www4.checktls.com[216.x.x.x]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
After Run perl Makefile.PL
and run make && make install
I get error: make: command not found
Debian 8.5
In the current trunk are the SMTP-Auth logins not being analyzed and displayed.
Did I miss somewhere a variable that I have to adjust or is it a bug?
Thank you for your program, which I have been testing on my mail system. The server is CentOS 6 with Postfix MTA, SpamAssassin and SQLgrey. SpamAssassin daemon (spamd) connects to Postfix by milter (spamass-milter). Cyrus-IMAP runs on the same server. Postfix passes clean inbound mail via LMTP to Cyrus-IMAP, which handles the delivery.
Testing SendmailAnalyzer on this setup I find these issues:
Configuration is basically at default settings. I have tried setting LOCAL_DOMAIN to 127.0.0.1 or mydomain.com but same result.
Am I missing something, or is it just SendmailAnalyzer is not compatible with my setup?
Thanks,
Steve Jones
LSB tags should be added to the start script for Debian servers. Otherwise you will get warnings when installing/updating other software (like "insserv: warning: script 'sendmailanalyser' missing LSB tags and overrides").
My starting script looks as follows now and all is working fine.
# Slackware and generic starter script.
#
# Start/stop/restart SendmailAnalyzer.
#
### BEGIN INIT INFO
# Provides: sendmailanalyzer
# Required-Start: $syslog $local_fs
# Required-Stop: $syslog $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/stop/restart the sendmailanalyzer daemon
### END INIT INFO
i see there are two process running, a parent and a child
#ps -auxf
root 3662 0.0 0.2 7668 4924 ? Ss 12:25 0:00 sendmailanalyzer
root 3663 0.0 0.0 1972 568 ? S 12:25 0:00 \_ /usr/bin/tail -n 0 -F /var/log/maillog
rc.sendmailanalyzer stop is trying to stop process 3662 that is saved in the sendmailanalyzer.pid file. In my case it always fails. Even if if i force kill the parent, the child still remains and becomes a zombie.
Both processes belong to same PGID
# ps x -o "%p %r %c"
PID PGID COMMAND
3662 3662 sendmailanalyze
3663 3662 tail
so i modified the script to kill all processes belonging to that GPID:
kill **-- -**$pid 1> /dev/null 2> /dev/null
Hi
If the connection is done in IPv6, the logs in Postfix are :
connect from unknown[2001:660:530d:203::1b]
And the report display "unknown2001" instead of [2001:660:530d:203::1b]
Hello!
First of all thank you for sendmailanalyzer! We use it in for analyze statistic our mail forwarding farms.
We use it with some custom patches. One of them filters out some postscreen (new postfix subsystem) messages, which are not errors, but info messages. This messages are "BARE NEWLINE" and "WHITELIST VETO". Such message appears very often in case using postscreen and all comes into the "Rejection & Events" section "System messages" part. Considering that such messages appears 800-1000 times in one hour, result cache file for one month contains more than a half million of them. The messages described here http://www.postfix.org/POSTSCREEN_README.html#barelf and here http://www.postfix.org/POSTSCREEN_README.html#white_veto. Can you please add this messages to filtering out in the sendmailanalyzer and sa_cache.
Regards,
Dmitriy F.
Hi I installed the sendmailanalyzer following the instruction, but when I open the page: https://xx.xx.xx.xx/sareport/; it doesn't give me any UI page, it only show all perl scripts; please review the attached file; do you know why is that?
Thanks
This is a great piece of software, thanks for writing it.
I am getting an issue where the SpamAssassin and Amavis show 'No record for this period' I have not changed anything from the default settings, including AMAVIS_NAME
Log File Example:
Nov 5 12:04:24 destroyer amavis[1282]: (01282-01) S68df6LqJbl7 FWD from <_@.com> -> <**@**_.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 925141A1A9B
Nov 5 12:04:24 destroyer amavis[1282]: (01282-01) Passed, <_@.com> -> <**@_.com>, quarantine S68df6LqJbl7, Message-ID: <100216.142193907.201511051804145510819.1144933885@*.com>,
What am I not doing right?
Ubuntu 14.04 SpamAssassin 3.4 postfix 2.11
Thank you.
Hi,
It looks like the top senders stats (and possibly recipients, too are showing figures that are way off). For some reason, sometimes the entries in SA show a x5 or x2 next to the number of emails which makes the figures incorrect. For example. I sent you @darold 2 emails today from my personal a/c. However, when viewing the SA stats, it actually shows the first mail as x5.
And as you can see from the MTA, it was only 1 mail.
For info, the second email I sent to you only appears as one (correctly) in the SA stats. On a side note, not sure my the magic from my log contains a contuse.com ID instead of my own domain (that only happened with that 1 email - but that's an issue for me to resolve)
This is even more apparent with recipients.
I received 37 emails today to my primary address. MTA logs confirm. SA shows 37 lines when I click the entry (correct). but actually shows a figure of 182 in the statistics and this is because every email has a x5 or a x10 next to it.
Cheers
Paul
Hello,
All shipments are not listed.
Today, for example, is shown in 1800 shipments.
If I do a search in / var / log / maillog, I said more than 10,000 email sent.
As this problem?
Thank you in advance.
Hi Darolnd,
I have installed SendmailAnalyzer on Centos7. But Hourly logs are not updating. What could be the issue?
Its showing no record for this period
If no "host" is specified in querystring, the sa_report.cgi output tells little about what's going wrong and shows an empty page.
I suggest that there is somewhere (footer?) a line saying: "HOST is $HOST" or something along those lines to give a clue.
Maybe even better show an error saying "No host provided"
This would save some time to the next newbie trying to troubleshoot what's wrong :)
Hi
If you install clamav-milter on Postfix, the logs are :
May 14 15:24:00 testdebian clamav-milter[25827]: Message 94800224BB from [email protected] to [email protected] with subject 'SubXXject' message-id '[email protected]' date 'Tue, 14 May 2013 15:23:47 +0200 (CEST)' infected by Eicar-Test-Signature
They are not seen by your fantastic soft ! Could you add it ?
Thanks
On my Debian Stretch box, I have the header of the report only. Even the first two menu points - Global statistics and Top statistics - are missing, there are only empty 'li' HTML elements.
I have Postfix installed.
It worked while I used Debian Jessie.
Would you help me, please?
THX,
Attila
i had problem with spamassasin:
I had my own spamassasin log file, but i realised that sendmaianalyzer takes spamassasin information form syslog.
I was looking for a tool that can get statistics about TLS encrypted emails sent via sendmail. I am particularly interested in the STARTTLS=client emails, but the server statistics would be nice too.
Is this a feature you think would be possible with your analyzer?
Hi Gilles,
I notice that in my setup. In Global Statistics -> Messaging
In Messaging Flows, both the Incoming and outgoing message numbers are displayed. However, in the messaging flows section, only the Internal -> External (which does correctly correspond with the Outgoing Message Flow) is displayed. The External -> Internal (which should correspond with Incoming Message flow) remains at 0.
I think these should correspond with each other.
Thanks
Similar to issue https://github.com/darold/sendmailanalyzer/issues/51 The Spamming flows are a bit off.
It would seem local incoming should correspond with External -> Internal, but as you can see, that is still showing 0
Also, the outgoing section in the spamming flows suggest 435 email sent from my relay were classed as SPAM. This figure is definitely incorrect. I doubt my system would flag anything it sent as SPAM.
The Incoming Spamming flows suggests a figure of 1328, which when I view the Top statistics -> Spamming section does correspond with the "top spammers"
However, I cannot find any evidence of any outgoing SPAM. So not sure where the figure of 435 outgoing has come from.
Cheers
Hi Darold,
Sorry if i ask again, in my testing area when i see from top sender detail the recipients with same domain not grep at all but with different domain it appear like google, yahoo, hotmail,etc
it is my topology :
haproxy (25) > smtp1/smtp2 > recipient
So i have haproxy to load balance the blast email to smtp1 or smtp2. When i check the /var/log/mail.log on both server the recipient is show.
Thanks
Hi,
in my mail.log amavis logs like this:
[..removed the log entry...]
and sendmailanalazyer show no records found
Hi,
I have troubles understanding the Message delivery flows.
Our Postfix server is used as a "Gateway/AntiSpam-AntiVirus Filter" mail server for multiple domains for Incoming and Outgoing mail flows.
But I don't quite understand the statistics shown under Messaging/Message delivery flows:
External -> Internal
External -> External
Internal -> Internal
Internal -> External
I have been playing with next directives to make some sense, but still I don't understand the results:
LOCAL_DOMAIN domain.com, domain2.com
MAIL_HUB 127.0.0.1,::1,mail.domain.com, mail.domain2.com
MAIL_GW
Would this be ok?
What is the interpretation for:
External -> External
Internal -> Internal
Thank you and regards
Hi,
when checking the .dat files I see the next:
head -n1 data/goban/2017/11/30/senders.dat
000001:870121789C:[email protected]:12895:1:localhost:
tail -n1 data/goban/2017/11/30/senders.dat
075750:46F6F17F00:...@...:4598:1::
I believe that all "*.dat" files would have to end at 235959...
So I believe that the results in the statistics show wrong data...
I have one more question.
How to parse maillog from another host (smtp server) to sendmailanalyzer ? Do I have to install certain application on my smtp server to send maillog to sendmailanalyzer ? like i have to install and start the service of snmp in my server to send syslog to cacti server.
Thanks Darold
I've been starting to use sendmailanalyzer to watch a pair of DMZ relays and it's working well. But I messed up my logrotate and I think I missed a bunch of log files. What's the best way to go back and (re)parse my log files to bring everything back upto date?
I would assume that if I have a conf file, I could just do:
/etc/init.d/sendmailanalyzer stop
for log in ls -tr /var/log/dmz-relays*
do
/usr/local/sendmailanalyzer/sendmailanalyzer -b -f -i -l $log
done
/etc/init.d/sendmailanalyzer start
but when I did this, it didn't re-build the data, esp for the several days of data that I missed at one point. Would it be possible to either document the method to rebuild from scratch, or a way to skip checking dates? It's not a perfect solution unless you keep a DB somewhere of all parsed messages, which would get expensive.
It might be that the best way would be to go through each of the gzip'd logs cat them together into a single big file which is then sorted by date, then push it all through sendmailanalyzer again.
I'm doing the above now... with some tweaks, because I was able to blow away all my data/* directory and re-index from scratch since I only have three weeks worth of data to process..
Hi
If the connection is done in IPv6, the logs in Postfix are :
connect from unknown[2001:660:530d:203::1b]
And the report display "unknown2001" instead of [2001:660:530d:203::1b]
Hello,
I would like to describe direction of incoming and outgoing messages to sendmailanalyzer. I don't understand which variable(s) has to be set in sendmailanalyzer.conf (LOCAL_DOMAIN, MAIL_HUB, or MAIL_GATEWAY) in a simple case like : one server receives messages for one domain (mydom.com), deliveries on same server.
Example of two messages receives on this mail server :
External -> Internal
--
Jun 30 15:48:21 mailserver postfix/smtpd[27023]: 1337C408E962: client=mail.external.dom.com[X.X.X.X]
Jun 30 15:48:21 mailserver postfix/cleanup[27880]: 1337C408E962: message-id=<[email protected]>
Jun 30 15:48:21 mailserver postfix/qmgr[4893]: 1337C408E962: from=<[email protected]>, size=72836, nrcpt=1 (queue active)
Jun 30 15:48:26 mailserver amavis[25313]: (25313-19) Passed CLEAN {RelayedInbound}, [X.X.X.X]:23370 [X.X.X.X] <[email protected]> -> <[email protected]>, Queue-ID: 1337C408E962, Message-ID: <[email protected]>, mail_id: 7g3-dt1nSbsg, Hits: -3.578, size: 72836, queued_as: 59C16408E98C, 5027 ms
Jun 30 15:48:26 mailserver postfix/smtp[26243]: 1337C408E962: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.6, delays=0.58/0/0/5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 59C16408E98C)
Jun 30 15:48:26 mailserver postfix/qmgr[4893]: 1337C408E962: removed
Jun 30 15:48:26 mailserver postfix/smtpd[27039]: 59C16408E98C: client=localhost.localdomain[127.0.0.1]
Jun 30 15:48:26 mailserver postfix/cleanup[24169]: 59C16408E98C: message-id=<[email protected]>
Jun 30 15:48:26 mailserver postfix/qmgr[4893]: 59C16408E98C: from=<[email protected]>, size=73566, nrcpt=1 (queue active)
Jun 30 15:48:26 mailserver amavis[25313]: (25313-19) Passed CLEAN {RelayedInbound}, [X.X.X.X]:23370 [X.X.X.X] <[email protected]> -> <[email protected]>, Queue-ID: 1337C408E962, Message-ID: <[email protected]>, mail_id: 7g3-dt1nSbsg, Hits: -3.578, size: 72836, queued_as: 59C16408E98C, 5027 ms
Jun 30 15:48:26 mailserver postfix/smtp[26243]: 1337C408E962: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.6, delays=0.58/0/0/5, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 59C16408E98C)
Jun 30 15:48:26 mailserver postfix/pipe[25085]: 59C16408E98C: to=<[email protected]>, relay=dovecot, delay=0.04, delays=0.01/0/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)
Jun 30 15:48:26 mailserver postfix/qmgr[4893]: 59C16408E98C: removed
Internal -> Internal
--
Jun 30 16:40:23 mailserver postfix/pickup[37730]: 29EB4408E990: uid=33 from=<[email protected]>
Jun 30 16:40:23 mailserver postfix/cleanup[32814]: 29EB4408E990: message-id=<[email protected]>
Jun 30 16:40:23 mailserver postfix/qmgr[4893]: 29EB4408E990: from=<[email protected]>, size=1031, nrcpt=1 (queue active)
Jun 30 16:40:23 mailserver postfix/pipe[39533]: 29EB4408E990: to=<[email protected]>, relay=dovecot, delay=0.06, delays=0.01/0.01/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Jun 30 16:40:23 mailserver postfix/qmgr[4893]: 29EB4408E990: removed
Hi, I'm using zimbra. I triggered the antivirus using a EICAR file. Maybe you can help me.
The logs is:
Sep 30 17:01:03 zimbraserver postfix/smtpd[11557]: 535721E1E6C: client=pccenofi35.ldomain.local[192.0.0.135], sasl_method=LOGIN, sasl_username=[email protected]
Sep 30 17:01:03 zimbraserver postfix/smtpd[11557]: message repeated 2 times: [ 535721E1E6C: client=pccenofi35.ldomain.local[192.0.0.135], sasl_method=LOGIN, sasl_username=[email protected]]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: 535721E1E6C: message-id=[email protected]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: message repeated 2 times: [ 535721E1E6C: message-id=[email protected]]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 535721E1E6C: from=[email protected], size=3454, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: message repeated 2 times: [ 535721E1E6C: from=[email protected], size=3454, nrcpt=1 (queue active)]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: connect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: message repeated 2 times: [ connect from localhost[127.0.0.1]]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: 6CE4E1E1E71: client=localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: message repeated 2 times: [ 6CE4E1E1E71: client=localhost[127.0.0.1]]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: 6CE4E1E1E71: message-id=[email protected]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: message repeated 2 times: [ 6CE4E1E1E71: message-id=[email protected]]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 6CE4E1E1E71: from=<>, size=4209, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 6CE4E1E1E71: from=<>, size=4209, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 6CE4E1E1E71: from=<>, size=4209, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: connect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: message repeated 2 times: [ connect from localhost[127.0.0.1]]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: 73C6D1E1E73: client=localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: message repeated 2 times: [ 73C6D1E1E73: client=localhost[127.0.0.1]]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: 73C6D1E1E73: message-id=[email protected]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: message repeated 2 times: [ 73C6D1E1E73: message-id=[email protected]]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 73C6D1E1E73: from=[email protected], size=2513, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 73C6D1E1E73: from=[email protected], size=2513, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 73C6D1E1E73: from=[email protected], size=2513, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/smtp[20923]: 73C6D1E1E73: to=[email protected], relay=none, delay=0.01, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for zimbraserver.ldomain.local loops back to myself)
Sep 30 17:01:03 zimbraserver postfix/smtp[20923]: message repeated 2 times: [ 73C6D1E1E73: to=[email protected], relay=none, delay=0.01, delays=0/0/0/0, dsn=5.4.6, status=bounced (mail for zimbraserver.ldomain.local loops back to myself)]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: connect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: message repeated 2 times: [ connect from localhost[127.0.0.1]]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: 764B91E1E75: message-id=[email protected]
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: message repeated 2 times: [ 764B91E1E75: message-id=[email protected]]
Sep 30 17:01:03 zimbraserver postfix/bounce[20924]: 73C6D1E1E73: sender non-delivery notification: 764B91E1E75
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 764B91E1E75: from=<>, size=4492, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/bounce[20924]: 73C6D1E1E73: sender non-delivery notification: 764B91E1E75
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: 77B3F1E1E74: client=localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 764B91E1E75: from=<>, size=4492, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/bounce[20924]: 73C6D1E1E73: sender non-delivery notification: 764B91E1E75
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 764B91E1E75: from=<>, size=4492, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: 77B3F1E1E74: client=localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: 77B3F1E1E74: client=localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 73C6D1E1E73: removed
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: 77B3F1E1E74: message-id=[email protected]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 73C6D1E1E73: removed
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: 77B3F1E1E74: message-id=[email protected]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 73C6D1E1E73: removed
Sep 30 17:01:03 zimbraserver postfix/cleanup[19459]: 77B3F1E1E74: message-id=[email protected]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 77B3F1E1E74: from=[email protected], size=1322, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/amavisd/smtpd[17226]: disconnect from localhost[127.0.0.1]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 77B3F1E1E74: from=[email protected], size=1322, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 77B3F1E1E74: from=[email protected], size=1322, nrcpt=1 (queue active)
Sep 30 17:01:03 zimbraserver postfix/smtp[20923]: 764B91E1E75: to=[email protected], relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounced (mail for zimbraserver.ldomain.local loops back to myself)
Sep 30 17:01:03 zimbraserver postfix/smtp[20923]: message repeated 2 times: [ 764B91E1E75: to=[email protected], relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounced (mail for zimbraserver.ldomain.local loops back to myself)]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 764B91E1E75: removed
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: message repeated 2 times: [ 764B91E1E75: removed]
Sep 30 17:01:03 zimbraserver postfix/smtp[20566]: 535721E1E6C: to=[email protected], relay=127.0.0.1[127.0.0.1]:10026, delay=0.21, delays=0.06/0/0.01/0.14, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=25930-18 - INFECTED: Eicar-Test-Signature)
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 535721E1E6C: removed
Sep 30 17:01:03 zimbraserver postfix/smtp[20566]: 535721E1E6C: to=[email protected], relay=127.0.0.1[127.0.0.1]:10026, delay=0.21, delays=0.06/0/0.01/0.14, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=25930-18 - INFECTED: Eicar-Test-Signature)
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 535721E1E6C: removed
Sep 30 17:01:03 zimbraserver postfix/smtp[20566]: 535721E1E6C: to=[email protected], relay=127.0.0.1[127.0.0.1]:10026, delay=0.21, delays=0.06/0/0.01/0.14, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=25930-18 - INFECTED: Eicar-Test-Signature)
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 535721E1E6C: removed
Sep 30 17:01:03 zimbraserver postfix/lmtp[19468]: 77B3F1E1E74: to=[email protected], relay=svcenmbx01.ldomain.local[192.0.0.21]:7025, delay=0.15, delays=0.01/0/0.09/0.05, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 77B3F1E1E74: removed
Sep 30 17:01:03 zimbraserver postfix/lmtp[19468]: 77B3F1E1E74: to=[email protected], relay=svcenmbx01.ldomain.local[192.0.0.21]:7025, delay=0.15, delays=0.01/0/0.09/0.05, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Sep 30 17:01:03 zimbraserver postfix/lmtp[19468]: 77B3F1E1E74: to=[email protected], relay=svcenmbx01.ldomain.local[192.0.0.21]:7025, delay=0.15, delays=0.01/0/0.09/0.05, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 77B3F1E1E74: removed
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 77B3F1E1E74: removed
Sep 30 17:01:03 zimbraserver postfix/lmtp[19465]: 6CE4E1E1E71: to=[email protected], relay=svcenmbx01.ldomain.local[192.0.0.21]:7025, delay=0.21, delays=0.02/0/0.1/0.09, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)
Sep 30 17:01:03 zimbraserver postfix/lmtp[19465]: message repeated 2 times: [ 6CE4E1E1E71: to=[email protected], relay=svcenmbx01.ldomain.local[192.0.0.21]:7025, delay=0.21, delays=0.02/0/0.1/0.09, dsn=2.1.5, status=sent (250 2.1.5 Delivery OK)]
Sep 30 17:01:03 zimbraserver postfix/qmgr[15025]: 6CE4E1E1E71: removed
But nothing are listed in sendmailanalyzer's amavis statspage. Same thing with spam.
Sep 30 17:10:30 svcenmta01 postfix/smtpd[11557]: message repeated 2 times: [ disconnect from unknown[192.168.0.17]]
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: connect from pccenofi35.ldomain.local[192.168.0.135]
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: message repeated 2 times: [ connect from pccenofi35.ldomain.local[192.168.0.135]]
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: Anonymous TLS connection established from pccenofi35.ldomain.local[192.168.0.135]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: message repeated 2 times: [ Anonymous TLS connection established from pccenofi35.ldomain.local[192.168.0.135]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)]
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: NOQUEUE: filter: RCPT from pccenofi35.ldomain.local[192.168.0.135]: [email protected]: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=[email protected] to=[email protected] proto=ESMTP helo=
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: message repeated 2 times: [ NOQUEUE: filter: RCPT from pccenofi35.ldomain.local[192.168.0.135]: [email protected]: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=[email protected] to=[email protected] proto=ESMTP helo=]
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: CDBF11E1E6C: client=pccenofi35.ldomain.local[192.168.0.135], sasl_method=LOGIN, sasl_username=[email protected]
Sep 30 17:10:43 svcenmta01 postfix/smtpd[11557]: message repeated 2 times: [ CDBF11E1E6C: client=pccenofi35.ldomain.local[192.168.0.135], sasl_method=LOGIN, sasl_username=[email protected]]
Sep 30 17:10:43 svcenmta01 postfix/cleanup[26180]: CDBF11E1E6C: message-id=[email protected]
Sep 30 17:10:43 svcenmta01 postfix/cleanup[26180]: message repeated 2 times: [ CDBF11E1E6C: message-id=[email protected]]
Sep 30 17:10:43 svcenmta01 postfix/qmgr[15025]: CDBF11E1E6C: from=[email protected], size=3499, nrcpt=1 (queue active)
Sep 30 17:10:43 svcenmta01 postfix/qmgr[15025]: message repeated 2 times: [ CDBF11E1E6C: from=[email protected], size=3499, nrcpt=1 (queue active)]
Sep 30 17:10:43 svcenmta01 postfix/dkimmilter/smtpd[26184]: connect from localhost[127.0.0.1]
Sep 30 17:10:43 svcenmta01 postfix/dkimmilter/smtpd[26184]: message repeated 2 times: [ connect from localhost[127.0.0.1]]
Sep 30 17:10:43 svcenmta01 postfix/dkimmilter/smtpd[26184]: E82171E1E71: client=localhost[127.0.0.1]
Sep 30 17:10:43 svcenmta01 postfix/dkimmilter/smtpd[26184]: message repeated 2 times: [ E82171E1E71: client=localhost[127.0.0.1]]
Sep 30 17:10:43 svcenmta01 postfix/cleanup[26180]: E82171E1E71: message-id=[email protected]
Sep 30 17:10:43 svcenmta01 postfix/cleanup[26180]: message repeated 2 times: [ E82171E1E71: message-id=[email protected]]
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: E82171E1E71: from=[email protected], size=3961, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/dkimmilter/smtpd[26184]: disconnect from localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: E82171E1E71: from=[email protected], size=3961, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/dkimmilter/smtpd[26184]: disconnect from localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: E82171E1E71: from=[email protected], size=3961, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/dkimmilter/smtpd[26184]: disconnect from localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/smtp[26181]: CDBF11E1E6C: to=[email protected], relay=127.0.0.1[127.0.0.1]:10026, delay=0.26, delays=0.07/0/0/0.18, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as E82171E1E71)
Sep 30 17:10:44 svcenmta01 postfix/smtp[26181]: message repeated 2 times: [ CDBF11E1E6C: to=[email protected], relay=127.0.0.1[127.0.0.1]:10026, delay=0.26, delays=0.07/0/0/0.18, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10030): 250 2.0.0 Ok: queued as E82171E1E71)]
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: CDBF11E1E6C: removed
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: message repeated 2 times: [ CDBF11E1E6C: removed]
Sep 30 17:10:44 svcenmta01 postfix/amavisd/smtpd[26191]: connect from localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/amavisd/smtpd[26191]: message repeated 2 times: [ connect from localhost[127.0.0.1]]
Sep 30 17:10:44 svcenmta01 postfix/amavisd/smtpd[26191]: C71221E1E6C: client=localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/amavisd/smtpd[26191]: message repeated 2 times: [ C71221E1E6C: client=localhost[127.0.0.1]]
Sep 30 17:10:44 svcenmta01 postfix/cleanup[26180]: C71221E1E6C: message-id=[email protected]
Sep 30 17:10:44 svcenmta01 postfix/cleanup[26180]: message repeated 2 times: [ C71221E1E6C: message-id=[email protected]]
Sep 30 17:10:44 svcenmta01 postfix/amavisd/smtpd[26191]: disconnect from localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: C71221E1E6C: from=[email protected], size=4436, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/amavisd/smtpd[26191]: disconnect from localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/amavisd/smtpd[26191]: disconnect from localhost[127.0.0.1]
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: C71221E1E6C: from=[email protected], size=4436, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: C71221E1E6C: from=[email protected], size=4436, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/smtp[26187]: E82171E1E71: to=[email protected], relay=127.0.0.1[127.0.0.1]:10032, delay=0.88, delays=0.08/0/0.01/0.79, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=15303-02 - spam)
Sep 30 17:10:44 svcenmta01 postfix/smtp[26187]: E82171E1E71: to=[email protected], relay=127.0.0.1[127.0.0.1]:10032, delay=0.88, delays=0.08/0/0.01/0.79, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=15303-02 - spam)
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: E82171E1E71: removed
Sep 30 17:10:44 svcenmta01 postfix/smtp[26187]: E82171E1E71: to=[email protected], relay=127.0.0.1[127.0.0.1]:10032, delay=0.88, delays=0.08/0/0.01/0.79, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=15303-02 - spam)
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: E82171E1E71: removed
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: E82171E1E71: removed
Sep 30 17:10:44 svcenmta01 postfix/smtp[26192]: C71221E1E6C: to=[email protected], relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounced (mail for svcenmta01.ldomain.local loops back to myself)
Sep 30 17:10:44 svcenmta01 postfix/smtp[26192]: message repeated 2 times: [ C71221E1E6C: to=[email protected], relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounced (mail for svcenmta01.ldomain.local loops back to myself)]
Sep 30 17:10:44 svcenmta01 postfix/cleanup[26180]: CB5D81E1E73: message-id=[email protected]
Sep 30 17:10:44 svcenmta01 postfix/cleanup[26180]: message repeated 2 times: [ CB5D81E1E73: message-id=[email protected]]
Sep 30 17:10:44 svcenmta01 postfix/bounce[27320]: C71221E1E6C: sender non-delivery notification: CB5D81E1E73
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: CB5D81E1E73: from=<>, size=6415, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/bounce[27320]: C71221E1E6C: sender non-delivery notification: CB5D81E1E73
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: CB5D81E1E73: from=<>, size=6415, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/bounce[27320]: C71221E1E6C: sender non-delivery notification: CB5D81E1E73
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: CB5D81E1E73: from=<>, size=6415, nrcpt=1 (queue active)
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: C71221E1E6C: removed
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: message repeated 2 times: [ C71221E1E6C: removed]
Sep 30 17:10:44 svcenmta01 postfix/smtp[26192]: CB5D81E1E73: to=[email protected], relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounced (mail for svcenmta01.ldomain.local loops back to myself)
Sep 30 17:10:44 svcenmta01 postfix/smtp[26192]: message repeated 2 times: [ CB5D81E1E73: to=[email protected], relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.6, status=bounced (mail for svcenmta01.ldomain.local loops back to myself)]
Sep 30 17:10:44 svcenmta01 postfix/qmgr[15025]: CB5D81E1E73: removed
Thanks in advance
I downloaded the current master code and built a RPM package on CentOS using the spec file provided. Initial build attempt failed with an error about sp_SP in the %files section. Looking at the files, I see that language sp_SP has been renamed to es_ES. I also see languages it_IT and ru_RU are there, but not included in the spec file. Therefore, I think the spec file %files section should be updated with:
--del-- %attr(0644,root,root) %{webdir}/lang/sp_SP
+add+ %attr(0644,root,root) %{webdir}/lang/es_ES
+add+ %attr(0644,root,root) %{webdir}/lang/it_IT
+add+ %attr(0644,root,root) %{webdir}/lang/ru_RU
Regards,
Steve Jones
It seems not all mails are recognized as spam even though in maillog spamd logs them ok.
I have 9 messages as spam but sendmailanalyzer shows only 4.
I can provide the maillog.
Thank you for you very usefull tool!
Hi there,
first of all, I am very impressed with your software it looks great!!
I am having problems processing some data.
When in the web frontend I check under "AntiSpam details" and click for example on "Amavis" I see a message "No record for this period".
Then in cli when I check the data files here:
ls -la /usr/local/sendmailanalyzer/data/goban/2016/04/21/
total 29540
drwxr-sr-x 2 root staff 4096 Apr 21 13:50 .
drwxr-sr-x 3 root staff 4096 Apr 21 13:50 ..
-rw-r--r-- 1 root staff 181406 Apr 21 14:55 dnsbl.dat
-rw-r--r-- 1 root staff 2695 Apr 21 14:55 dsn.dat
-rw-r--r-- 1 root staff 22957161 Apr 21 14:55 other.dat
-rw-r--r-- 1 root staff 1851746 Apr 21 13:50 postgrey.dat
-rw-r--r-- 1 root staff 1340382 Apr 21 14:55 recipient.dat
-rw-r--r-- 1 root staff 1290418 Apr 21 14:55 rejected.dat
-rw-r--r-- 1 root staff 1932148 Apr 21 14:55 senders.dat
-rw-r--r-- 1 root staff 343786 Apr 21 14:55 spam.dat
-rw-r--r-- 1 root staff 289446 Apr 21 14:55 syserr.dat
I noticed that the next data files are missing:
virus.dat: viruses informations.
miltername.dat: message related to a milter, antivir or antispam.
At the conf file I see that for example Amavis I have the next parameter:
grep -B 2 AMAVIS /usr/local/sendmailanalyzer/sendmailanalyzer.conf
Syslog name of Amavis. Syslog write it to maillog with the pid as follow:
... amavis[1234] ... This is required to only parse relevant logged lines
AMAVIS_NAME amavis|maiad
I wonder if your application is missing the logs since amavis is writting logs with the next format?
/usr/sbin/amavisd-new[3403]:
Any ideas?
Thank you,
Hello,
it seems that my (standard) log for amavis (in mail.log) is not recongnized. The log is:
Feb 13 11:02:43 mx-1 amavis[5136]: (05136-09) Passed CLEAN, [194.167.55.26] [193.54.112.219] ossecm@monitor -> [email protected],[email protected], mail_id: 0gehnk-A5kVd, Hits: -, size: 1332, queued_as: B60132CB20, 152 ms
and noting appears in GUI under amavis menu or spamassasin menu.
I have:
AMAVIS_NAME amavis|maiad
SPAM_TOOLS spamassassin,amavis
Versions:
Sendmailanalyzer 9.0
Ubuntu 12.04.5 LTS
amavisd-new 1:2.6.5-0ubuntu3.2
MTA is postfix 2.9.6-1~12.04.2
Is it a configuration problem ?
thanks for your help
Serge
Hi
If the connection is done in IPv6, the logs in Postfix are :
connect from unknown[2001:660:530d:203::1b]
And the report display "unknown2001" instead of [2001:660:530d:203::1b]
Hello,
What's log format use for sendmailanalyzer ?
I use postfix default format but sendmailanalyzer don't find sender and recipient...
I use this log format:
Sep 15 20:05:24 smtp postfix/qmgr[1350]: 10963200D7: from=[email protected], size=2579, nrcpt=1 (queue active)
Sep 15 20:05:24 smtp postfix/local[2245]: 10963200D7: to=[email protected], orig_to=, relay=local, delay=0.05, delays=0.03/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "dsi")
Sep 15 20:05:24 smtp postfix/cleanup[2240]: 1AD602018D: message-id=[email protected]
Thank you for response,
Best regards,
Hi Darold,
I have a little question about "Antispam Details Menu" in sendmailanalyzer web application. How can I show the information about antispam log in sendmailanalyzer ? should I define amavis log to sendmailanalyzer ? what configuration should I add in /etc/sendmailanalyzer.conf file?
I have a suggestion for a simple improvement. I have been testing this software on a CentOS system. I built the source into RPM with the spec file provided.
The SendmailAnalyzer service must be restarted after a mail log rotation. A conditional restart would be best in this case to avoid reactivating the service if it has been manually stopped. However, the init script provided does not support this feature. I modified the init script to add a 'condrestart' function thus:
`case "$1" in
'start')
sa_start
;;
'stop')
sa_stop
;;
'restart')
sa_restart
;;
'condrestart')
[ -e $LOCKFILE ] && $0 restart || :
;;
'status')
status sendmailanalyzer
;;
*)
echo "usage $0 start|stop|restart|condrestart|status"
esac
`
This is fairly typical code for the conditional restart function. Perhaps this could be added in future updates.
Thanks,
Steve Jones
I have a little question about sendmailanalyzer.
for example the information displayed in sendmailanalyzer from maillog file on Tuesday 3 October 2017, then the next day Wednesday 4 october 2017 file maillog already replace. Whether sendmailanalyzer will display the information from October 3 to 4 october or just 4 october only?
thanks darold
I've tried the latest master.zip and I get no stats for Virus, Amavis, SpamAssassin or Spamd. Any ideas?
My mail.log file looks like that:
Feb 26 09:43:26 mail2 amavis[9360]: (09360-09) SPAM, [email protected] -> [email protected], Yes, score=16.685 tag=0 tag2=6.31 kill=6.31 tests=[BAYES_99=3.5, FSL_HELO_DEVICE=0.806, FUZZY_CPILL=0.001, HELO_LH_HOME=1.736, HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_RP_RNBL=1.31, RCVD_IN_XBL=0.375, URIBL_BLACK=1.725, URIBL_DBL_SPAM=1.7, URIBL_JP_SURBL=1.25, URIBL_WS_SURBL=1.608, URI_NOVOWEL=0.5] autolearn=spam, quarantine dtB5+2MguKHm ([email protected])
Feb 26 09:43:26 mail2 amavis[9360]: (09360-09) Blocked SPAM, [217.133.62.152] [217.133.62.152] [email protected] -> [email protected], quarantine: [email protected], Message-ID: [email protected], mail_id: dtB5+2MguKHm, Hits: 16.685, size: 3721, 4737 ms
Feb 26 09:43:26 mail2 amavis[9360]: (09360-09) sending SMTP response: "250 2.7.0 Ok, discarded, id=09360-09 - SPAM"
Feb 26 09:43:26 mail2 postfix/smtp[9767]: E692E2F006CF: to=[email protected], relay=127.0.0.1[127.0.0.1]:10024, delay=5.2, delays=0.44/0/0/4.7, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=09360-09 - SPAM)
But nothing will be listed in sendmailanalyzer's amavis statistik page.
Any idea why?
(Ubuntu 12.04, amavisd-new 2.6.5, postfix 2.9.3-2, sendmailanalyzer 8.7)
Thx a lot - great tool!
I'm not able to stop sendmailanalyzer via
"systemctl stop sendmailanalyzer.service"
under opensuse 12.3.
The service definition has the following line:
ExecStop=/bin/kill -TERM sendmailanalyzer
But kill needs the process id, not the process name.
I tried to change that line to
ExecStop=/bin/kill -TERM $MAINPID
as from systemd docs, but it does not work.
That bug make me unable to have senmailanalyze restarted after syslog rotation, and it fails every night.
Hi - SA is great but I'm finding the charts pretty tricky to read. Would it be possible to fix them so I can see what I'm looking at?
(BTW I can't tell from the pie chart below what the largest slice actually represents)
I'm wondering if it's possible to get the blank fields like "recipients" and also know where com from the Id FaKeJb3dcXK8GQZtzOUz
http://screenpresso.com/=ngYHe
Thanks in advance.
Hi!
we are using sendmailanalyzer on most of our mailservers and really like the benefits of this software to analyze the mailflow.
However, we are using on a couple machines also policyd-weight to fight spam. policyd-weight is a policy-service for postfix which works pretty well.
On such machines the policyd-weight maillog records are being counted as Syserr.
So, is it possible to add support to sendmailanalyzer, or alternatively exclude such messages from counting as Syserror?
Some examples of policyd:
postfix/policyd-weight[8552]: weighted check: IN_DYN_PBL_SPAMHAUS=3 IN_SBL_XBL_SPAMHAUS=4 IN_SPAMCOP=2 IN_BARRACUDA=4; <client=1-163-218-184.dynamic.hinet.net[1.163.218.184]> <helo=ss-a959f2b015ee> <[email protected]> <[email protected]>; rate: 13
postfix/policyd-weight[647]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs (multirecipient mail); <client=unknown[178.23.204.126]> <helo=host126-204.net23-178.net.connetti.it> <[email protected]> <[email protected]>; delay: 0s
postfix/policyd-weight[8583]: decided action=DUNNO using cached result; rate: -9.5; <client=mout.gmx.net[212.227.15.19]> <helo=mout.gmx.net> <[email protected]> <[email protected]>; delay: 0s
Thank you!
Regards,
Mike
Spanish locale must be es_ES, not sp_SP, which doesn't exist. Perhaps this doesn't affect the normal behavior of the scripts, but it's good having the stuff sorted ;-)
Regards
No DSN records are parsed on my system.
root:~# /usr/local/sendmailanalyzer/sendmailanalyzer -f -b -d
Running in verbose mode...
sendmailanalyzer v9.0. (c) 2002-2014 - Gilles Darold <[email protected]>
DEBUG: Detach from terminal with pid: 17041
DEBUG: Entering main loop...
DEBUG: Parsing full /var/log/mail.log
DEBUG: Flushing data to disk...
DEBUG: Writing sender data to disk...
DEBUG: Wrote 276 sender objects
DEBUG: Writing reject data to disk...
DEBUG: Wrote 392 reject object.
DEBUG: Writing DSN data to disk...
*DEBUG: Wrote 0 DSN object.*
DEBUG: Writing recipient data to disk...
DEBUG: Wrote 263 recipient object.
DEBUG: Writing Spam data to disk...
DEBUG: Wrote 8 spam object.
DEBUG: Writing Spam detail data to disk...
DEBUG: Writing Spam detail for amavis into [...]/2014/10/05/amavis.dat
DEBUG: Writing Spam detail for dnsbl into [...]/2014/10/05/dnsbl.dat
DEBUG: Wrote 8 spam detail object.
DEBUG: Writing Postgrey detail data to disk...
DEBUG: Wrote 8 postgrey object.
DEBUG: Writing Virus data to disk...
DEBUG: Wrote 0 virus object.
DEBUG: Writing syserr data to disk...
DEBUG: Wrote 911 syserr object.
DEBUG: Writing warning message data to disk...
DEBUG: Wrote 6 warning message object.
DEBUG: Writing warning auth data to disk...
DEBUG: Wrote 7 auth object.
DEBUG: Writing last parsed line...
A "grep" on mail.log shows 532 deliveries
root:~# grep 'status=sent' /var/log/mail.log |wc -l
532
Oct 5 19:30:48 xxxxxx postfix/smtpd[16932]: connect from st11p05mm-asmtp002.mac.com[17.172.108.250]
Oct 5 19:30:49 xxxxxx postfwd2/policy[11195]: [DNSBL] 17.172.108.250 listed on rbl:list.dnswl.org (answer: 127.0.5.2, time: 0.01s, ttl: 43200s, 'mac.com http://dnswl.org/s?s=1776')
Oct 5 19:30:49 xxxxxx postfwd2/policy[11195]: [RULES] rule=0, id=OK_DNSWL, client=st11p05mm-asmtp002.mac.com[17.172.108.250], sender=<[email protected]>, recipient=<[email protected]>, helo=<st11p05mm-asmtp002.mac.com>, proto=ESMTP, state=RCPT, delay=0.02s, hits=OK_DNSWL, action=OK
Oct 5 19:30:49 xxxxxx postfix/smtpd[16932]: 0CB3413C018D: client=st11p05mm-asmtp002.mac.com[17.172.108.250]
Oct 5 19:30:49 xxxxxx postfix/cleanup[21999]: 0CB3413C018D: message-id=<[email protected]>
Oct 5 19:30:49 xxxxxx postfix/qmgr[10619]: 0CB3413C018D: from=<[email protected]>, size=1337, nrcpt=1 (queue active)
Oct 5 19:30:49 xxxxxx postfix/smtpd[16932]: disconnect from st11p05mm-asmtp002.mac.com[17.172.108.250]
Oct 5 19:30:49 xxxxxx postfix/smtpd[22003]: connect from localhost.localdomain[127.0.0.1]
Oct 5 19:30:49 xxxxxx postfix/smtpd[22003]: 79A3A13C0578: client=localhost.localdomain[127.0.0.1]
Oct 5 19:30:49 xxxxxx postfix/cleanup[21999]: 79A3A13C0578: message-id=<[email protected]>
Oct 5 19:30:49 xxxxxx postfix/smtpd[22003]: disconnect from localhost.localdomain[127.0.0.1]
Oct 5 19:30:49 xxxxxx postfix/qmgr[10619]: 79A3A13C0578: from=<[email protected]>, size=1791, nrcpt=1 (queue active)
Oct 5 19:30:49 xxxxxx amavis[19981]: (19981-07) Passed CLEAN {RelayedInbound}, [17.172.108.250]:37214 [88.134.138.69] <[email protected]> -> <[email protected]>, Queue-ID: 0CB3413C018D, Message-ID: <[email protected]>, mail_id: CZzPtLQlvLe1, Hits: -1.9, size: 1337, queued_as: 79A3A13C0578, 352 ms
Oct 5 19:30:49 xxxxxx postfix/smtp[22000]: 0CB3413C018D: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.58, delays=0.21/0.01/0/0.35, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 79A3A13C0578)
Oct 5 19:30:49 xxxxxx postfix/qmgr[10619]: 0CB3413C018D: removed
Oct 5 19:30:49 xxxxxx dovecot: lda([email protected]): sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Oct 5 19:30:49 xxxxxx postfix/pipe[22004]: 79A3A13C0578: to=<[email protected]>, relay=dovecot, delay=0.25, delays=0.09/0.01/0/0.15, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 5 19:30:49 xxxxxx postfix/qmgr[10619]: 79A3A13C0578: removed
Oct 5 19:44:09 xxxxxx postfix/smtpd[23496]: connect from unknown[11.22.33.44]
Oct 5 19:44:09 xxxxxx postfix/smtpd[23496]: 9476813C015D: client=unknown[11.22.33.44], sasl_method=PLAIN, [email protected]
Oct 5 19:44:09 xxxxxx postfix/cleanup[23498]: 9476813C015D: message-id=<[email protected]>
Oct 5 19:44:09 xxxxxx postfix/qmgr[10619]: 9476813C015D: from=<[email protected]>, size=4658, nrcpt=1 (queue active)
Oct 5 19:44:09 xxxxxx postfix/smtpd[23496]: disconnect from unknown[11.22.33.44]
Oct 5 19:44:10 xxxxxx postfix/smtpd[23502]: connect from localhost.localdomain[127.0.0.1]
Oct 5 19:44:10 xxxxxx postfix/smtpd[23502]: 147D813C018D: client=localhost.localdomain[127.0.0.1]
Oct 5 19:44:10 xxxxxx postfix/cleanup[23498]: 147D813C018D: message-id=<[email protected]>
Oct 5 19:44:10 xxxxxx postfix/qmgr[10619]: 147D813C018D: from=<[email protected]>, size=5120, nrcpt=1 (queue active)
Oct 5 19:44:10 xxxxxx postfix/smtpd[23502]: disconnect from localhost.localdomain[127.0.0.1]
Oct 5 19:44:10 xxxxxx amavis[19981]: (19981-14) Passed CLEAN {RelayedOpenRelay}, [11.22.33.44]:62460 [11.22.33.44] <[email protected]> -> <aaa@bbb@com>, Queue-ID: 9476813C015D, Message-ID: <[email protected]>, mail_id: tza8DTSKUjpO, Hits: -2.9, size: 4657, queued_as: 147D813C018D, 404 ms
Oct 5 19:44:10 xxxxxx postfix/smtp[23499]: 9476813C015D: to=<aaa@bbb@com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.57, delays=0.15/0.01/0/0.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 147D813C018D)
Oct 5 19:44:10 xxxxxx postfix/qmgr[10619]: 9476813C015D: removed
Oct 5 19:44:15 xxxxxx postfix/smtp[23503]: 147D813C018D: to=<aaa@bbb@com>, relay=mx5.mail.icloud.com[17.172.34.68]:25, delay=4.9, delays=0.05/0.01/2.8/2, dsn=2.5.0, status=sent (250 2.5.0 Ok, envelope id [email protected])
Oct 5 19:44:15 xxxxxx postfix/qmgr[10619]: 147D813C018D: removed
Oct 5 19:44:18 xxxxxx dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=11.22.33.44, lip=99.88.77.66, mpid=23505, TLS, session=<7Rb2g7AEAwBYhopF>
Oct 5 19:44:27 xxxxxx postfix/smtpd[18410]: connect from localhost.localdomain[127.0.0.1]
Oct 5 19:44:27 xxxxxx postfix/smtpd[18410]: disconnect from localhost.localdomain[127.0.0.1]
Any ideas?
KR, Wolfgang
Hello,
I follow packaging/README doc for a Debian install. When I run dpkg -i sendmailanalyzer_9.1-1_all.deb in sendmailanalyzer source directory, I get the following errors :
Selecting previously unselected package sendmailanalyzer.
(Reading database ... 50483 files and directories currently installed.)
Unpacking sendmailanalyzer (from sendmailanalyzer_9.1-1_all.deb) ...
Setting up sendmailanalyzer (9.1-1) ...
[....] Starting Sendmail Analyzer: sendmailanalyzerFATAL: Output directory /usr/lib/sendmailanalyzer should exists !
failed!
invoke-rc.d: initscript sendmailanalyzer, action "start" failed.
dpkg: error processing sendmailanalyzer (--install):
subprocess installed post-installation script returned error exit status 1
Processing triggers for man-db ...
Errors were encountered while processing:
sendmailanalyzer
Creating /usr/lib/sendmailanalyzer fixes issue.
In sendmailanalyzer/debian/sendmailanalyzer/usr, I don't see a lib directory.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.