change to SA syslog output?

Wed May 29 13:30:20 IST 2002

Julian,

   Can the syslogging lines for SpamAssassin in sendmail.pl be modified to
show the relay and supposed domain of the spammer?  Can the lines in
sendmail.pl:

   Log::InfoLog("Message $id is spam according to " . $ReportText);

be changed to something like:

   Log::InfoLog("Message $id from $relay ($fromdomain) is spam according to " . $ReportText);

I tried this modification myself.  No problems modifying DeliverIds(),
but the same mod to MoveToOutgoingQueue() gave compile errors at startup,
even though I added lines similar to those in DeliverIds() to recover $relay
and $fromdomain.  Complete (nonworking) "diff -c" file attached.

This change would make it really easy to grep one's syslog file and figure
out what relays and/or domains are spamming you.

** Jeff A. Earickson, Ph.D                         PHONE: 207-872-3659
** Senior UNIX Sysadmin, Information Technology    EMAIL: jaearick at colby.edu
** Colby College, 4214 Mayflower Hill,               FAX: 207-872-3076
** Waterville ME, 04901-8842
----------------------------------------------------------------------------
-------------- next part --------------
*** sendmail.pl.orig	Wed May 29 08:05:51 2002
--- sendmail.pl.new	Wed May 29 08:11:44 2002
***************
*** 626,632 ****
        my($ReportText);
        $ReportText = $SpamReport->{$id};
        $ReportText =~ s/\s+/ /sg;
!       Log::InfoLog("Message $id is spam according to " . $ReportText);
      }

      # Copy qf file from incoming queue except for H lines
--- 626,632 ----
        my($ReportText);
        $ReportText = $SpamReport->{$id};
        $ReportText =~ s/\s+/ /sg;
!       Log::InfoLog("Message $id from $relay ($fromdomain) is spam according to " . $ReportText);
      }

      # Copy qf file from incoming queue except for H lines
***************
*** 712,717 ****
--- 712,726 ----
      $tfile = MTA::TFileName($id);
      $hfile = MTA::HFileName($id);

+     # Find the relay and fromdomain for SpamAssassin message below
+     $info = lc($MsgInfo->{$id});
+     $from = (split(/\0/, $info))[0];
+     $from =~ s/^<//; # Delete leading and
+     $from =~ s/>$//; # trailing <>
+     $relay = (split(/\0/, $info))[3]; # Get the SMTP client host
+     $fromdomain = $from;
+     $fromdomain =~ s/^[^@]*@//; # Delete everything up to and including the @
+ 
      # Allow for messages which don't exist any more (if SpamAction is delete)
      next unless -f "$InQ/$dfile";

***************
*** 786,792 ****
        my($ReportText);
        $ReportText = $SpamReport->{$id};
        $ReportText =~ s/\s+/ /sg;
!       Log::InfoLog("Message $id is spam according to " . $ReportText);
      }
      print $Tf &MTA::MergeEnvelope($envelope,$headers)
        or Log::DieLog("Failed to write headers for clean message $id, %s", $!);
--- 795,801 ----
        my($ReportText);
        $ReportText = $SpamReport->{$id};
        $ReportText =~ s/\s+/ /sg;
!       Log::InfoLog("Message $id from $relay ($fromdomain) is spam according to " . $ReportText);
      }
      print $Tf &MTA::MergeEnvelope($envelope,$headers)
        or Log::DieLog("Failed to write headers for clean message $id, %s", $!);