Tracking the wild mailscanner stats
Matthew Bowman
mbowman at UDCOM.COM
Mon Aug 18 16:02:15 IST 2003
Thanks Trever,
I put the paths in but that didn't help...
Here is my config.pl:
# Location of the access control file for sendmail
$AccessList = "/etc/mail/access";
# Location of the makemap command only used if UseAccess above is set
$Makemap = "/usr/bin/makemap";
# Location of the MRTG program
$MRTG = "/usr/bin/mrtg";
# Location of your mail log file. Note that you MUST have log spam = yes
set
# in your mailscanner config file.
$LogFile = "/var/log/maillog";
# Location of the temporary file which contains the relevant entries from
# the mail log file.
$tmpfile = "virtmpfile";
# Working directory to store files
$WorkDir = "/var/www/html/mailstats/";
# Directory to contain the generated HTML pages
$HTMLDir = "/var/www/html/mailstats/mrtg/";
# Directory to contain the MRTG image files this will be added to the
# HTML dir to find the absolute path.
$ImageDir = "images";
# Name of the web page containing the results
$OutputFile = "index.html";
# Location of the file to contain the analysis results
$WorkFile = "mailstats.log";
# Allow for the addition of HTML code in the page to allow the page to fit
# into corporate style.
$header = "/utils/mrtg/head.txt";
# Similarly allow a footer to be added.
$footer = "/utils/mrtg/foot.txt";
# If your site uses style sheets enter the URL here.
$StyleSheet = "/sitestyle.css";
# The title of the page generated.
$PageTitle = "Mail Analysis";
# The amount of time that the offender should stay in the block list
# Time in hours
$BlockTime = 120; # 5 days
# The Scanner software you are using.
# Currently can be one of inoculan, clamav, sophos, command, f-prot,mcafee
# fsecure
$Scanner = "f-prot";
# List of IP addresses that should not be put in the access file even if
# they cause the threshold to be exceeded.
# Useful for putting secondary MX hosts to prevent them being blocked
@WhiteList = ('192.168.0.1','192.168.0.2','63.173.204.4','63.173.204.44');
"Furnish, Trever G" <TGFurnish at HERFF-JONES.COM>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
08/18/2003 10:59 AM
Please respond to MailScanner mailing list
To: MAILSCANNER at JISCMAIL.AC.UK
cc:
Subject: Re: Tracking the wild mailscanner stats
Looks like you need to fully specify the path for your targets or specify
a
"WorkDir: <directory_path>" at the beginning of your mrtg config file. Ie,
this:
mrtg/images/mesgs/mesgs-day.png
should really look something like this:
/var/www/html/mrtg/images/mesgs/mesgs-day.png
HTH,
Trever
> -----Original Message-----
> From: Matthew Bowman [mailto:mbowman at UDCOM.COM]
> Sent: Monday, August 18, 2003 9:22 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Tracking the wild mailscanner stats
>
>
> Kevin,
>
> I'm in a similar boat, however I can't even get the graphs to be
> displayed.
>
> My URL is http://smithers.vbcomm.net/mailstats/mrtg
>
> Errors:-
> Rateup Error: Can't open mrtg/images/mesgs/mesgs-day.png for write
> WARNING: rateup died from Signal 0
> with Exit Value 1 when doing router 'mesgs'
> Signal was 0, Returncode was 1
> /usr/bin/rateup: No such file or directory
> Rateup Error: Can't open mrtg/images/virus/virus-day.png for write
> WARNING: rateup died from Signal 0
> with Exit Value 1 when doing router 'virus'
> Signal was 0, Returncode was 1
> /usr/bin/rateup: No such file or directory
> Rateup Error: Can't open mrtg/images/spam/spam-day.png for write
> WARNING: rateup died from Signal 0
> with Exit Value 1 when doing router 'spam'
> Signal was 0, Returncode was 1
> /usr/bin/rateup: No such file or directory
> Rateup Error: Can't open mrtg/images/load/load-day.png for write
> WARNING: rateup died from Signal 0
> with Exit Value 1 when doing router 'load'
> Signal was 0, Returncode was 1
>
> I've sent an e-mail to David.
>
> Regards,
>
> Matthew
>
>
>
>
>
> Kevin Miller <Kevin_Miller at CI.JUNEAU.AK.US>
> Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
> 08/15/2003 04:30 PM
> Please respond to MailScanner mailing list
>
>
> To: MAILSCANNER at JISCMAIL.AC.UK
> cc:
> Subject: Tracking the wild mailscanner stats
>
>
> I've got my 2nd mailscanner box running, but have a couple of
> hopefully
> easy
> questions regarding tracking stats. I installed David
> While's mailstat.pl
> program (http://staff.cie.uce.ac.uk/~id001869/mailstats/)
> which seems to be
> more or less working OK, but the graphs for messages,
> viruses, and spam
> are
> solid blobs, rather than the spikes normally seen on an MRTG
> graph. The
> server load has peaks and valleys like I'd expect. On the
> http://mail.boys-brigade.org.uk/mrtg/ page which David points to as an
> example of mailstats.pl in use, the graphs appear as I'd
> expect. (They
> also
> have two graphs that didn't appear in my installation - maybe custom
> tweaks
> on their part?).
>
> It appears that my install is also accumulates the totals
> from day one.
> Thus, I get a steadily rising level, rather than a snapshot of what's
> happened in the last 10 minutes (which is how often cron runs). Has
> someone
> else out there using the program run into these issues? I
> really like the
> text stats: at a glance one can see what viruses have
> attemtped to come
> through, where spam is coming from, last time the virus sig
> was updated
> etc.
>
> I also have a logrotate question - slightly tangential to the
> purpose of
> the
> list, but it *is* my mail log that I want to rotate. My current
> /etc/logrotate.d/syslog is thus:
>
> /var/log/mail /var/log/warn /var/log/messages /var/log/allmessages
> /var/log/localmessages /var/log/firewall {
> compress
> dateext
> maxage 365
> rotate 99
> missingok
> notifempty
> size +4096k
> create 644 root root
> sharedscripts
> postrotate
> /etc/init.d/syslog reload
> endscript
> }
>
>
> I'm getting a zillion old /var/log/mail-2003MMDD.gz files. I
> believe I'll
> get up to 99 with the log settings. So, what I think I want to do is
> this:
>
> /var/log/mail {
> compress
> dateext
> maxage 365
> rotate 4
> missingok
> notifempty
> size +4096k
> create 644 root root
> sharedscripts
> }
> /var/log/warn /var/log/messages /var/log/allmessages
> /var/log/localmessages
> /var/log/firewall {
> compress
> dateext
> maxage 365
> rotate 99
> missingok
> notifempty
> size +4096k
> create 644 root root
> sharedscripts
> postrotate
> /etc/init.d/syslog reload
> endscript
> }
>
>
> The changes being, that I create a seperate stanza for
> /var/log/mail, set
> the rotate to 4 weeks, and take out the postrotate command.
> I'm assuming
> that the mail stanza will execute first, then the other, and the last
> thing
> done will be to reload syslog. Is this in fact what will
> happen, or do I
> want the postrotate lines in the /var/log/mail stanza too?
>
> Thanks much...
>
> ...Kevin
> -------------------
> Kevin Miller Registered Linux User No: 307357
> CBJ MIS Dept. Network Systems Administrator, Mail
> Administrator
> 155 South Seward Street ph: (907) 586-0242
> Juneau, Alaska 99801 fax: (907 586-4500
>
More information about the MailScanner
mailing list