Part of MRTG died

Mike Kercher mike at CAMAROSS.NET
Tue Jun 25 22:25:04 IST 2002 

Pablo...are your mailogs being compressed when the logrotate runs?  For some
reason, when the sendmail.logs.pl script runs, it is to zcat the logs.  If
they are not compressed, I don't think anything is going to be found.  I was
not compressing my logs, so I changed:

open(LOG, "zcat $file|")

to

open(LOG, "cat $file|")

Now, I'm getting some activity in my spam graphs.  I just don't understand
why my Mail and Virus graphs were being updated and the spams were not.

Thanks for the awesome effort Julian!

----- Original Message -----
From: "Pablo Iranzo Gómez" <Pablo.Iranzo at UV.ES>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, June 25, 2002 4:18 PM
Subject: Re: Part of MRTG died


> It doesn't appear yet or it has the date not updated... does it needs the
> patch you released? ;)
>
> Regards
>
>
> On Tue, 25 Jun 2002 21:59:15 +0100, Julian Field
> <mailscanner at ECS.SOTON.AC.UK> wrote:
>
> >I have just posted a new sendmail.logs.pl on the website.
> >Works again :-)
> >
> >At 21:41 25/06/2002, you wrote:
> >>Mine is the same... it seems to be a problem in the sendmail.pl script
> that
> >>mrtg uses, but it worked without any change until the update... (but
virus
> >>and mail got reported ok)
> >>
> >>On Tue, 25 Jun 2002 13:58:44 -0500, Mike Kercher <mike at CAMAROSS.NET>
> wrote:
> >>
> >> >I can see the spams getting logged in my maillog...it's just that MRTG
> (or
> >> >my mrtg.cfg) isn't picking them up anymore.  It was working until ONE
> of my
> >> >upgrades :)
> >> >
> >> >Here is the mail. line from my syslog.conf
> >> >
> >> ># Log all the mail messages in one place.
> >> >mail.*
/var/log/maillog
> >> >
> >> >Mike
> >> >
> >> >----- Original Message -----
> >> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >> >Sent: Tuesday, June 25, 2002 1:51 PM
> >> >Subject: Re: Part of MRTG died
> >> >
> >> >
> >> >> At 19:44 25/06/2002, you wrote:
> >> >> >I have "Log Spam = yes" in my .conf and neither Spam nor spam in my
> >> >mrtg.cfg
> >> >> >reveal any spam in my maillog.  *boggle*
> >> >>
> >> >> Spam logging is done as mail.info, I suspect that
> your /etc/syslog.conf
> >> >> isn't logging mail.info messages.
> >> >>
> >> >> >----- Original Message -----
> >> >> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >> >> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >> >> >Sent: Tuesday, June 25, 2002 11:35 AM
> >> >> >Subject: Re: Part of MRTG died
> >> >> >
> >> >> >
> >> >> > > Check your mailscanner.conf file for "Log Spam = no".
> >> >> > >
> >> >> > > At 17:19 25/06/2002, you wrote:
> >> >> > > >I've the same problem, after updating to the last available
> >> >MailScanner
> >> >> > > >version, I've no spam reports in /var/log/maillog I've tried to
> do
> >> >also
> >> >> > > >with changing "spam" to "Spam" but it doesn't work.
> >> >> > > >   I've sent a SPAM mail throught sendmail and here are the
> headers:
> >> >> > > >
> >> >> > > >
> >> >> > > >Return-Path: <yop at nohwere.com>
> >> >> > > >Received: from localhost.localdomain (localhost.localdomain
> >> >[127.0.0.1])
> >> >> > > >         by Alufis35.uv.es (8.11.6/8.11.2) with SMTP id
> g5PG90512839
> >> >> > > >         for Pablo.Iranzo at alufis35.uv.es; Tue, 25 Jun 2002
> 18:09:14
> >> >+0200
> >> >> > > >Date: Tue, 25 Jun 2002 18:09:14 +0200
> >> >> > > >From: yop at nohwere.com
> >> >> > > >Message-Id: <200206251609.g5PG90512839 at Alufis35.uv.es>
> >> >> > > >X-Authentication-Warning: Alufis35.uv.es: localhost.localdomain
> >> >> >[127.0.0.1]
> >> >> > > >     didn't use HELO protocol
> >> >> > > >Subject: {SPAM?} Navega por telefonicaonline.com y ¡llévate
> cientos
> >> >de
> >> >> > > >     Puntos Travel Club!
> >> >> > > >Content-type: text/html
> >> >> > > >MIME-Version: 1.0
> >> >> > > >Content-Transfer-Encoding: quoted-printable
> >> >> > > >X-MailScanner: Found to be clean
> >> >> > > >X-MailScanner-SpamCheck: SpamAssassin (score=10.1, required 5,
> >> >> > > >         SUBJ_HAS_Q_MARK, NO_REAL_NAME, PLING, BIG_FONT,
> >> >CTYPE_JUST_HTML,
> >> >> > > >         MISSING_HEADERS, NO_MX_FOR_FROM)
> >> >> > > >
> >> >> > > >
> >> >> > > >(As you can see, thhe Mailscanner passed it throught
SpamAssassin
> >>and
> >> >> >gave
> >> >> > > >it "Spam" status and did modified the subject)
> >> >> > > >
> >> >> > > >And here is the maillog "conversation":
> >> >> > > >
> >> >> > > >
> >> >> > > >Jun 25 18:04:50 Alufis35 sendmail[12739]: g5PG4nv12739:
> >> >to=yop at yop.es,
> >> >> > > >delay=00:
> >> >> > > >00:01, xdelay=00:00:00, mailer=relay, pri=49438, relay=sello.,
> >> >dsn=2.0.
> >> >> > > >0, stat=Sent (g5PG4oJN009163 Message accepted for delivery)
> >> >> > > >Jun 25 18:09:00 Alufis35 sendmail[12839]: g5PG90512839:
> >> >Authentication-
> >> >> > > >Warning:
> >> >> > > >Alufis35.uv.es: localhost.localdomain [127.0.0.1] didn't use
HELO
> >> >> >protocol
> >> >> > > >Jun 25 18:09:37 Alufis35 sendmail[12839]: g5PG90512839:
> >> >> > > >from=yop at nohwere.com, si
> >> >> > > >ze=19465, class=0, nrcpts=1,
> >> >msgid=<200206251609.g5PG90512839 at Alufis35>,
> >> >> >b
> >> >> > > >odytype=8BITMIME, proto=SMTP, daemon=MTA,
> >>relay=localhost.localdomain
> >> >> > > >[127.0.0.1
> >> >> > > >]
> >> >> > > >Jun 25 18:09:49 Alufis35 mailscanner[12624]: Scanning 1
messages,
> >> >20139
> >> >> > > >bytes
> >> >> > > >Jun 25 18:10:12 Alufis35 mailscanner[12624]: Scanned 1
messages,
> >> >20139
> >> >> > > >bytes in
> >> >> > > >4 seconds
> >> >> > > >Jun 25 18:10:13 Alufis35 sendmail[12868]: g5PG90512839:
> >> >> > > >to=iranzo at amena.com, del
> >> >> > > >ay=00:00:59, xdelay=00:00:00, mailer=relay, pri=139465,
> relay=sello.
> >> >[1
> >> >> > > >47.156.1.112], dsn=5.6.0, stat=Data format error
> >> >> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839:
> to=\iranzo,
> >> >> > > >delay=00:01:
> >> >> > > >00, xdelay=00:00:01, mailer=local, pri=139465, dsn=2.0.0,
> stat=Sent
> >> >> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PG90512839:
> >>g5PGADY12868:
> >> >> >DSN:
> >> >> > > >Data
> >> >> > > >format error
> >> >> > > >Jun 25 18:10:14 Alufis35 sendmail[12868]: g5PGADY12868:
> >> >> >to=yop at nohwere.com,
> >> >> > > >dela
> >> >> > > >y=00:00:00, xdelay=00:00:00, mailer=relay, pri=49437,
> relay=sello.,
> >> >dsn
> >> >> > > >=2.0.0, stat=Sent (g5PGAEJN009658 Message accepted for
delivery)
> >> >> > > >
> >> >> > > >It Scans the message, marks it as spam but doesn't reflect that
> on
> >> >the
> >> >> > > >maillog.
> >> >> > > >
> >> >> > > >My syslog has the -r switch from previous versions. I'm running
> >> >RedHat
> >> >> >7.3.
> >> >> > > >
> >> >> > > >
> >> >> > > >¿Any idea?
> >> >> > > >Thanks in advance
> >> >> > > >Pablo
> >> >> > >
> >> >> > > --
> >> >> > > Julian Field                Teaching Systems Manager
> >> >> > > jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer
> Science
> >> >> > > Tel. 023 8059 2817          University of Southampton
> >> >> > >                              Southampton SO17 1BJ
> >> >> > >
> >> >>
> >> >> --
> >> >> Julian Field                Teaching Systems Manager
> >> >> jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> >> >> Tel. 023 8059 2817          University of Southampton
> >> >>                              Southampton SO17 1BJ
> >> >>
> >
> >--
> >Julian Field                Teaching Systems Manager
> >jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
> >Tel. 023 8059 2817          University of Southampton
> >                             Southampton SO17 1BJ
>

More information about the MailScanner mailing list