SV: maillog logging level
Scott Silva
ssilva at SGVWATER.COM
Wed May 4 00:44:46 IST 2005
[ The following text is in the "windows-1252" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Steen, Glenn wrote:
> To solve the MW problem, do as Martin says, find Walkers message in the mailwatch list (I think it was october 6:th it was sent), cut and paste that into a MailWatch.pm ... and use that instead of the stock one. There might be some linewraps, so ... be on the lookout for that.
> Or get someone who isn't @home and replying via crummy webmail (ie not close to that file:-) to send it to you... I even think someone did that today (to this list or the MW one... I don't recall which, sorry).
>
> It really works very nice.
>
> -- Glenn
>
>
> -----Ursprungligt meddelande-----
> Från: MailScanner mailing list genom Billy A. Pumphrey
> Skickat: ti 2005-05-03 22:39
> Till: MAILSCANNER at JISCMAIL.AC.UK
> Kopia:
> Ämne: Re: maillog logging level
> Another good link:
> http://forum.ev1servers.net/showpost.php?p=332319&postcount=85
>
>
> Billy Pumphrey
> IT Manager
> Wooden & McLaughlin
>
>
>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>Behalf Of Vladimir M Costa
>>Sent: Tuesday, May 03, 2005 2:16 PM
>>To: MAILSCANNER at JISCMAIL.AC.UK
>>Subject: Re: maillog logging level
>>
>>Or downgrade Perl DBD-MySQL to version 2.1028
>>
>>see:
>>http://mailwatch.sourceforge.net/faq.html
>>
>>
>>Vladimir Costa
>>
>>
>>
>>On Tue, 3 May 2005 17:51:40 +0100, Martin Hepworth wrote
>>
>>>Billy
>>>
>>>this looks like a known problem with the current DBD::mysql and
>>>Mailwatch.pm from 0.5.1.
>>>
>>>You need a new mailwatch.pm from the MW list archives - October 6 2004
>>>by Walker Aumann.
>>>
>>>--
>>>Martin Hepworth
>>>Snr Systems Administrator
>>>Solid State Logic
>>>Tel: +44 (0)1865 842300
>>>
>>>Billy A. Pumphrey wrote:
>>>
>>>>Just about there.
>>>>
>>>>---
>>>>MailScanner works now :) thank you
>>>>---
>>>>To get my sendmail to work, I had to comment out the AuthOption=A in
>>
>>the
>>
>>>>sendmail.cf and take out the 127.0.0.1 out of the line in sendmail.cf.
>>>>I just couldn't figure out how to change the sendmail.cf file using m4
>>>>and the sendmail.mc file
>>>>
>>>>---
>>>>Mailwatch problem
>>>>---
>>>>After searching the mailwatch archives and finding a little bit of
>>>>information concerning the error that I am getting, I have not yet
>>
>>found
>>
>>>>an answer to this problem. I also subscribed to the mailing list but
>>>>they are not really active.
>>>>
>>>>May 3 04:02:23 WoodenMS MailScanner[13105]: Database ping failure
>>>>attempting to re-connect May 3 04:02:23 WoodenMS MailScanner[13105]:
>>>>Cannot insert row: MySQL server has gone away
>>>>
>>>>Billy Pumphrey
>>>>IT Manager
>>>>Wooden & McLaughlin
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>>>>Behalf Of Billy A. Pumphrey
>>>>>Sent: Monday, May 02, 2005 12:01 PM
>>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>>Subject: Re: maillog logging level
>>>>>
>>>>>Thanks for the answer. I just commented this line out:
>>>>>DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
>>>>>
>>>>>Sendmail seems to work, along with the change that I did in my other
>>>>>response.
>>>>>
>>>>>Billy Pumphrey
>>>>>IT Manager
>>>>>Wooden & McLaughlin
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]
>>>>
>>>>On
>>>>
>>>>
>>>>>>Behalf Of Scott Silva
>>>>>>Sent: Monday, May 02, 2005 11:20 AM
>>>>>>To: MAILSCANNER at JISCMAIL.AC.UK
>>>>>>Subject: Re: maillog logging level
>>>>>>
>>>>>>Billy A. Pumphrey wrote:
>>>>>>
>>>>>>
>>>>>>>---
>>>>>>>NOTE: I erased the rest of the message to get by the "looks like a
>>>>>>>script" error"
>>>>>>>---
>>>>>>>
>>>>>>>Ok, telnet
>>>>>>>
>>>>>>>To make it clear, I have a new MailScanner machine (the one that I
>>>>>
>>>>>am
>>>>>
>>>>>
>>>>>>>trying to get working) and the one in production that is out of
>>>>
>>>>date
>>>>
>>>>
>>>>>on
>>>>>
>>>>>
>>>>>>>software and hardware.
>>>>>>>
>>>>>>>Anyway, I know that sendmail is having problems because when I
>>>>>
>>>>>telnet to
>>>>>
>>>>>
>>>>>>>the new one it looks like it tries and just comes back to the
>>>>>
>>>>>command
>>>>>
>>>>>
>>>>>>>prompt. If I telnet to the old one a connection is made and shows
>>>>>
>>>>>some
>>>>>
>>>>>
>>>>>>>stuff.
>>>>>>>
>>>>>>>Now,
>>>>>>>Should I just reinstall sendmail on top of mine or something? I
>>>>>>>installed sendmail by selecting the package when installing
>>>>>
>>>>>centos4.0.
>>>>>
>>>>>
>>>>>>>The service appears to be running ok. I did the ch config that
>>>>
>>>>the
>>>>
>>>>
>>>>>book
>>>>>
>>>>>
>>>>>>>and web site talks about. A service MailScanner restart reads
>>>>>
>>>>>fine
>>>>>
>>>>>
>>>>>>>for the services starting (outgoing and incoming sendmail starts
>>>>>
>>>>>fine).
>>>>>
>>>>>
>>>>>>>If I look at the running services it has 1 sendmail running (under
>>>>>
>>>>>user
>>>>>
>>>>>
>>>>>>>smmsp) which is the one that is suppose to be running isn't it?
>>>>>>>
>>>>>>>I was comparing the service --status-all command between the 2
>>>>>
>>>>>machines.
>>>>>
>>>>>
>>>>>>>The services looks the same as far as MailScanner and sendmail
>>>>
>>>>look.
>>>>
>>>>
>>>>>>>There is a sendmail running on each, and MailScanner running
>>>>>>>(MailScanner,incoming sendmail, outgoing sendmail)
>>>>>>
>>>>>>The default on ALL RedHat based sendmail installs is to only accept
>>>>>>local connections (IE.. from and to 127.0.0.1)
>>>>>>You will have to fix this. It is commented well in the sendmail.mc
>>>>>
>>>>>file.
>>>>>
>>>>>
>>>>>>Look for the section with;
>>>>>>
>>>>>>dnl # The following causes sendmail to only listen on the IPv4
>>>>>
>>>>>loopback
>>>>>
>>>>>
>>>>>>address
>>>>>>dnl # 127.0.0.1 and not on any other network devices. Remove the
>>>>>
>>>>>loopback
>>>>>
>>>>>
>>>>>>dnl # address restriction to accept email from the internet or
>>>>>
>>>>>intranet.
>>>>>
>>>>>
>>>>>>dnl #
>>>>>>DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
>>>>>>Your default will be different, as this has already been changed.
>>>>>>
>>>>>>--
>>>>>>"If you have ever eaten crow,
>>>>>>It don't taste like chicken!!"
>>>>>>
>>>>>>------------------------ MailScanner list ------------------------
>>>>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>>'leave mailscanner' in the body of the email.
>>>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>>
>>>>>>Support MailScanner development - buy the book off the website!
>>>>>
>>>>>------------------------ MailScanner list ------------------------
>>>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>>'leave mailscanner' in the body of the email.
>>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>>
>>>>>Support MailScanner development - buy the book off the website!
>>>>
>>>>
>>>>------------------------ MailScanner list ------------------------
>>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>>'leave mailscanner' in the body of the email.
>>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>>Support MailScanner development - buy the book off the website!
>>>
>>>**********************************************************************
>>>
>>>This email and any files transmitted with it are confidential and
>>>intended solely for the use of the individual or entity to whom they
>>>are addressed. If you have received this email in error please notify
>>>the system manager.
>>>
>>>This footnote confirms that this email message has been swept
>>>for the presence of computer viruses and is believed to be clean.
>>>
>>>**********************************************************************
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>
>>
>>--
>>Universidade do Vale do Paraíba - UNIVAP.
>>http://www.univap.br/
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
--
"If you have ever eaten crow,
It don't taste like chicken!!"
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
[ Part 2: "Attached Text" ]
#
# MailWatch for MailScanner
# Copyright (C) 2003 Steve Freegard (smf at f2s.com)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
package MailScanner::CustomConfig;
use strict;
use DBI;
use Sys::Hostname;
use Storable(qw[freeze thaw]);
use POSIX;
use Socket;
# Trace settings - uncomment this to debug
# DBI->trace(2,'/root/dbitrace.log');
my($dbh);
my($sth);
my($hostname) = hostname;
my $loop = inet_aton('127.0.0.1');
my $server_port = 11553;
my $timeout = 120;
# Modify this as necessary for your configuration
my($db_name) = "mailscanner";
my($db_host) = "localhost";
my($db_user) = "mysql";
my($db_pass) = "I'm not sending my password to a mailing list!";
sub InitMailWatchLogging {
my $pid = fork();
if ($pid) {
# MailScanner child process
waitpid $pid, 0;
MailScanner::Log::InfoLog("Started SQL Logging child");
} else {
# New process
# Detach from parent, make connections, and listen for requests
POSIX::setsid();
if (!fork()) {
$SIG{HUP} = $SIG{INT} = $SIG{PIPE} = $SIG{TERM} = $SIG{ALRM} = \&ExitLogging;
alarm $timeout;
$0 = 'MailWatch SQL';
InitConnection();
ListenForMessages();
}
exit;
}
}
sub InitConnection {
# Set up TCP/IP socket. We will start one server per MailScanner
# child, but only one child will actually be able to get the socket.
# The rest will die silently. When one of the MailScanner children
# tries to log a message and fails to connect, it will start a new
# server.
socket(SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, 1);
my $addr = sockaddr_in($server_port, $loop);
bind(SERVER, $addr) or exit;
listen(SERVER, SOMAXCONN) or exit;
# Our reason for existence - the persistent connection to the database
$dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host",
$db_user, $db_pass,
{PrintError => 0});
$sth = $dbh->prepare("INSERT INTO maillog (timestamp, id, size, from_address, to_address, subject, clientip, archive, isspam, ishighspam, issaspam, isrblspam, spamwhitelisted, spamblacklisted, sascore, spamreport, virusinfected, nameinfected, otherinfected, report, hostname, date, time, headers) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)") or MailScanner::Log::WarnLog($DBI::errstr);
}
sub ExitLogging {
# Server exit - commit changes, close socket, and exit gracefully.
close(SERVER);
$dbh->commit;
$dbh->disconnect;
exit;
}
sub ListenForMessages {
my $message;
# Wait for messages
while (my $cli = accept(CLIENT, SERVER)) {
my($port, $packed_ip) = sockaddr_in($cli);
my $dotted_quad = inet_ntoa($packed_ip);
# reset emergency timeout - if we haven't heard anything in $timeout
# seconds, there is probably something wrong, so we should clean up
# and let another process try.
alarm $timeout;
# Make sure we're only receiving local connections
if ($dotted_quad ne '127.0.0.1') {
close CLIENT;
next;
}
my @in;
while (<CLIENT>) {
# End of normal logging message
last if /^END$/;
# MailScanner child telling us to shut down
ExitLogging if /^EXIT$/;
chop;
push @in, $_;
}
my $data = join '', @in;
my $tmp = unpack("u", $data);
$message = thaw $tmp;
next unless defined $$message{id};
# Check to make sure DB connection is still valid
InitConnection unless $dbh->ping;
# Log message
$sth->execute(
$$message{timestamp},
$$message{id},
$$message{size},
$$message{from},
$$message{to},
$$message{subject},
$$message{clientip},
$$message{archiveplaces},
$$message{isspam},
$$message{ishigh},
$$message{issaspam},
$$message{isrblspam},
$$message{spamwhitelisted},
$$message{spamblacklisted},
$$message{sascore},
$$message{spamreport},
$$message{virusinfected},
$$message{nameinfected},
$$message{otherinfected},
$$message{reports},
$$message{hostname},
$$message{date},
$$message{'time'},
$$message{headers});
$message = undef;
}
}
sub EndMailWatchLogging {
# Tell server to shut down. Another child will start a new server
# if we are here due to old age instead of administrative intervention
socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
my $addr = sockaddr_in($server_port, $loop);
connect(TO_SERVER, $addr) or return;
print TO_SERVER "EXIT\n";
close TO_SERVER;
}
sub MailWatchLogging {
my($message) = @_;
# Don't bother trying to do an insert if no message is passed-in
return unless $message;
# Get rid of control chars and tidy-up SpamAssassin report
my $spamreport = $message->{spamreport};
$spamreport =~ s/\n/ /g;
$spamreport =~ s/\t//g;
# Get timestamp, and format it so it is suitable to use with MySQL
my($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
my($timestamp) = sprintf("%d-%02d-%02d %02d:%02d:%02d",
$year+1900,$mon+1,$mday,$hour,$min,$sec);
my($date) = sprintf("%d-%02d-%02d",$year+1900,$mon+1,$mday);
my($time) = sprintf("%02d:%02d:%02d",$hour,$min,$sec);
# Also print 1 line for each report about this message. These lines
# contain all the info above, + the attachment filename and text of
# each report.
my($file, $text, @report_array);
while(($file, $text) = each %{$message->{allreports}}) {
$file = "the entire message" if $file eq "";
# Use the sanitised filename to avoid problems caused by people forcing
# logging of attachment filenames which contain nasty SQL instructions.
$file = $message->{file2safefile}{$file} or $file;
$text =~ s/\n/ /; # Make sure text report only contains 1 line
$text =~ s/\t/ /; # and no tab characters
push (@report_array, $text);
}
# Sanitize reports
my $reports = join(",", at report_array);
# Fix the $message->{clientip} for later versions of Exim
# where $message->{clientip} contains ip.ip.ip.ip.port
my $clientip = $message->{clientip};
$clientip =~ s/^(\d+\.\d+\.\d+\.\d+)(\.\d+)$/$1/;
# Integrate SpamAssassin Whitelist/Blacklist reporting
if($spamreport =~ /USER_IN_WHITELIST/) {
$message->{spamwhitelisted} = 1;
}
if($spamreport =~ /USER_IN_BLACKLIST/) {
$message->{spamblacklisted} = 1;
}
# Place all data into %msg
my %msg;
$msg{timestamp} = $timestamp;
$msg{id} = $message->{id};
$msg{size} = $message->{size};
$msg{from} = $message->{from};
$msg{to} = join(',', @{$message->{to}});
$msg{subject} = $message->{subject};
$msg{clientip} = $clientip;
$msg{archiveplaces} = join(',', @{$message->{archiveplaces}});
$msg{isspam} = $message->{isspam};
$msg{ishigh} = $message->{ishigh};
$msg{issaspam} = $message->{issaspam};
$msg{isrblspam} = $message->{isrblspam};
$msg{spamwhitelisted} = $message->{spamwhitelisted};
$msg{spamblacklisted} = $message->{spamblacklisted};
$msg{sascore} = $message->{sascore};
$msg{spamreport} = $spamreport;
$msg{virusinfected} = $message->{virusinfected};
$msg{nameinfected} = $message->{nameinfected};
$msg{otherinfected} = $message->{otherinfected};
$msg{reports} = $reports;
$msg{hostname} = $hostname;
$msg{date} = $date;
$msg{'time'} = $time;
$msg{headers} = join('\n',@{$message->{headers}});
# Prepare data for transmission
my $f = freeze \%msg;
my $p = pack("u", $f);
# Connect to server
while (1) {
socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
my $addr = sockaddr_in($server_port, $loop);
connect(TO_SERVER, $addr) and last;
# Failed to connect - kick off new child, wait, and try again
InitMailWatchLogging();
sleep 5;
}
# Pass data to server process
MailScanner::Log::InfoLog("Logging message $msg{id} to SQL");
print TO_SERVER $p;
print TO_SERVER "END\n";
close TO_SERVER;
}
1;
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list