Tracking the wild mailscanner stats

Matthew Bowman mbowman at UDCOM.COM
Mon Aug 18 16:02:15 IST 2003


Thanks Trever,

I put the paths in but that didn't help...

Here is my config.pl:

# Location of the access control file for sendmail
$AccessList = "/etc/mail/access";

# Location of the makemap command only used if UseAccess above is set
$Makemap = "/usr/bin/makemap";

# Location of the MRTG program
$MRTG = "/usr/bin/mrtg";

# Location of your mail log file. Note that you MUST have log spam = yes
set
# in your mailscanner config file.
$LogFile = "/var/log/maillog";

# Location of the temporary file which contains the relevant entries from
# the mail log file.
$tmpfile = "virtmpfile";

# Working directory to store files
$WorkDir = "/var/www/html/mailstats/";

# Directory to contain the generated HTML pages
$HTMLDir = "/var/www/html/mailstats/mrtg/";

# Directory to contain the MRTG image files this will be added to the
# HTML dir to find the absolute path.
$ImageDir = "images";

# Name of the web page containing the results
$OutputFile = "index.html";

# Location of the file to contain the analysis results
$WorkFile = "mailstats.log";

# Allow for the addition of HTML code in the page to allow the page to fit
# into corporate style.
$header = "/utils/mrtg/head.txt";

# Similarly allow a footer to be added.
$footer = "/utils/mrtg/foot.txt";

# If your site uses style sheets enter the URL here.
$StyleSheet = "/sitestyle.css";

# The title of the page generated.
$PageTitle = "Mail Analysis";

# The amount of time that the offender should stay in the block list
# Time in hours
$BlockTime = 120; # 5 days

# The Scanner software you are using.
# Currently can be one of inoculan, clamav, sophos, command, f-prot,mcafee
# fsecure
$Scanner = "f-prot";

# List of IP addresses that should not be put in the access file even if
# they cause the threshold to be exceeded.
# Useful for putting secondary MX hosts to prevent them being blocked
@WhiteList = ('192.168.0.1','192.168.0.2','63.173.204.4','63.173.204.44');






"Furnish, Trever G" <TGFurnish at HERFF-JONES.COM>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
08/18/2003 10:59 AM
Please respond to MailScanner mailing list


        To:     MAILSCANNER at JISCMAIL.AC.UK
        cc:
        Subject:        Re: Tracking the wild mailscanner stats


Looks like you need to fully specify the path for your targets or specify
a
"WorkDir: <directory_path>" at the beginning of your mrtg config file. Ie,
this:

mrtg/images/mesgs/mesgs-day.png

should really look something like this:

/var/www/html/mrtg/images/mesgs/mesgs-day.png

HTH,
Trever

> -----Original Message-----
> From: Matthew Bowman [mailto:mbowman at UDCOM.COM]
> Sent: Monday, August 18, 2003 9:22 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Tracking the wild mailscanner stats
>
>
> Kevin,
>
> I'm in a similar boat, however I can't even get the graphs to be
> displayed.
>
> My URL is http://smithers.vbcomm.net/mailstats/mrtg
>
> Errors:-
> Rateup Error: Can't open mrtg/images/mesgs/mesgs-day.png for write
> WARNING: rateup died from Signal 0
>  with Exit Value 1 when doing router 'mesgs'
>  Signal was 0, Returncode was 1
> /usr/bin/rateup: No such file or directory
> Rateup Error: Can't open mrtg/images/virus/virus-day.png for write
> WARNING: rateup died from Signal 0
>  with Exit Value 1 when doing router 'virus'
>  Signal was 0, Returncode was 1
> /usr/bin/rateup: No such file or directory
> Rateup Error: Can't open mrtg/images/spam/spam-day.png for write
> WARNING: rateup died from Signal 0
>  with Exit Value 1 when doing router 'spam'
>  Signal was 0, Returncode was 1
> /usr/bin/rateup: No such file or directory
> Rateup Error: Can't open mrtg/images/load/load-day.png for write
> WARNING: rateup died from Signal 0
>  with Exit Value 1 when doing router 'load'
>  Signal was 0, Returncode was 1
>
> I've sent an e-mail to David.
>
> Regards,
>
> Matthew
>
>
>
>
>
> Kevin Miller <Kevin_Miller at CI.JUNEAU.AK.US>
> Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> 08/15/2003 04:30 PM
> Please respond to MailScanner mailing list
>
>
>         To:     MAILSCANNER at JISCMAIL.AC.UK
>         cc:
>         Subject:        Tracking the wild mailscanner stats
>
>
> I've got my 2nd mailscanner box running, but have a couple of
> hopefully
> easy
> questions regarding tracking stats.  I installed David
> While's mailstat.pl
> program (http://staff.cie.uce.ac.uk/~id001869/mailstats/)
> which seems to be
> more or less working OK, but the graphs for messages,
> viruses, and spam
> are
> solid blobs, rather than the spikes normally seen on an MRTG
> graph.  The
> server load has peaks and valleys like I'd expect.  On the
> http://mail.boys-brigade.org.uk/mrtg/ page which David points to as an
> example of mailstats.pl in use, the graphs appear as I'd
> expect.  (They
> also
> have two graphs that didn't appear in my installation - maybe custom
> tweaks
> on their part?).
>
> It appears that my install is also accumulates the totals
> from day one.
> Thus, I get a steadily rising level, rather than a snapshot of what's
> happened in the last 10 minutes (which is how often cron runs).  Has
> someone
> else out there using the program run into these issues?  I
> really like the
> text stats:  at a glance one can see what viruses have
> attemtped to come
> through, where spam is coming from, last time the virus sig
> was updated
> etc.
>
> I also have a logrotate question - slightly tangential to the
> purpose of
> the
> list, but it *is* my mail log that I want to rotate.  My current
> /etc/logrotate.d/syslog is thus:
>
> /var/log/mail /var/log/warn /var/log/messages /var/log/allmessages
> /var/log/localmessages /var/log/firewall {
>     compress
>     dateext
>     maxage 365
>     rotate 99
>     missingok
>     notifempty
>     size +4096k
>     create 644 root root
>     sharedscripts
>     postrotate
>         /etc/init.d/syslog reload
>     endscript
> }
>
>
> I'm getting a zillion old /var/log/mail-2003MMDD.gz files.  I
> believe I'll
> get up to 99 with the log settings.  So, what I think I want to do is
> this:
>
> /var/log/mail {
>     compress
>     dateext
>     maxage 365
>     rotate 4
>     missingok
>     notifempty
>     size +4096k
>     create 644 root root
>     sharedscripts
> }
> /var/log/warn /var/log/messages /var/log/allmessages
> /var/log/localmessages
> /var/log/firewall {
>     compress
>     dateext
>     maxage 365
>     rotate 99
>     missingok
>     notifempty
>     size +4096k
>     create 644 root root
>     sharedscripts
>     postrotate
>         /etc/init.d/syslog reload
>     endscript
> }
>
>
> The changes being, that I create a seperate stanza for
> /var/log/mail, set
> the rotate to 4 weeks, and take out the postrotate command.
> I'm assuming
> that the mail stanza will execute first, then the other, and the last
> thing
> done will be to reload syslog.  Is this in fact what will
> happen, or do I
> want the postrotate lines in the /var/log/mail stanza too?
>
> Thanks much...
>
> ...Kevin
> -------------------
> Kevin Miller                Registered Linux User No: 307357
> CBJ MIS Dept.               Network Systems Administrator, Mail
> Administrator
> 155 South Seward Street     ph: (907) 586-0242
> Juneau, Alaska 99801        fax: (907 586-4500
>



More information about the MailScanner mailing list