130 lines
4.1 KiB
Plaintext
130 lines
4.1 KiB
Plaintext
|
#!/usr/bin/perl -w
|
||
|
|
||
|
# Copyright (C) 2009-2016 Daniel Berteaud <daniel@firewall-services.com>
|
||
|
|
||
|
# This file is part of smeserver-zabbix-agent package.
|
||
|
|
||
|
# This script is free software; you can redistribute it and/or modify
|
||
|
# it under the terms of the GNU General Public License as published by
|
||
|
# the Free Software Foundation; either version 2 of the License, or
|
||
|
# (at your option) any later version.
|
||
|
|
||
|
# This script is distributed in the hope that it will be useful,
|
||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
# GNU General Public License for more details.
|
||
|
|
||
|
# You should have received a copy of the GNU General Public License
|
||
|
# along with Foobar; if not, write to the Free Software
|
||
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||
|
|
||
|
# This script parse qpsmtpd logs (which must be sent to STDIN), and count the number
|
||
|
# of emails rejected by each plugins, and those accepted. You need to logterse plugin enabled
|
||
|
|
||
|
my $what = $ARGV[0] || '';
|
||
|
|
||
|
# This is the list of plugins we can get stats for
|
||
|
# you can set the regex used to identify a line in the logs
|
||
|
my %denied = (
|
||
|
dnsbl => qr{(dnsbl\s+90|naughty\s+90\d\s+\(dnsbl\))},
|
||
|
rhsbl => qr{rhsbl\s+90},
|
||
|
uribl => qr{uribl\s+90},
|
||
|
clamav => qr{virus::clam(av|dscan)\s+90},
|
||
|
check_earlytalker => qr{(check_)?earlytalker\s+90},
|
||
|
check_basicheaders => qr{(check_basic)?headers\s+90},
|
||
|
check_goodrcptto => qr{(check_)?goodrcptto\s+90},
|
||
|
check_spamhelo => qr{((check_spam)?helo\s+90|naughty\s+90\d\s+\(helo\))},
|
||
|
fcrdns => qr{fcrdns\s+90},
|
||
|
karma => qr{(karma\s+90|naughty\s+90\d\s+\(karma\))},
|
||
|
spf => qr{(sender_permitted_from|spf_deny)\s+90},
|
||
|
dmarc => qr{dmarc\s+90},
|
||
|
tls_failed => qr{tls\s+90},
|
||
|
resolvable_fromhost => qr{(require_)?resolvable_fromhost}
|
||
|
);
|
||
|
|
||
|
my @others = qw(total_denied spam_denied other_denied spam_queued queued total);
|
||
|
|
||
|
# If arg is keys, just print the supported keys and exit
|
||
|
if ($what eq "keys"){
|
||
|
print join "\n", (keys %denied, @others);
|
||
|
exit (0)
|
||
|
}
|
||
|
|
||
|
my %cnt;
|
||
|
foreach (keys %denied, @others){
|
||
|
$cnt{$_} = 0;
|
||
|
}
|
||
|
|
||
|
while (<STDIN>) {
|
||
|
my $line = $_;
|
||
|
|
||
|
# We only want logterse lines like
|
||
|
# @400000004994ad092afa867c 18386 logging::logterse plugin:
|
||
|
# The format can slightly change depending on qpsmtpd version
|
||
|
next unless $line =~ m/^\@[0-9a-f]{24} \d+( \((queue|deny)\))? logging::logterse/;
|
||
|
|
||
|
# Lets count all the message which have been denied 'msg denied before queued'
|
||
|
if ($line =~ m/msg denied before queued/){
|
||
|
$cnt{total_denied}++;
|
||
|
# Now try to find the plugin responsible for the deny
|
||
|
foreach (keys %denied){
|
||
|
if ($line =~ m/$denied{$_}/){
|
||
|
$cnt{$_}++;
|
||
|
}
|
||
|
}
|
||
|
next;
|
||
|
}
|
||
|
|
||
|
# Rejected by spamassassin because spam score is too high
|
||
|
elsif ($line =~ m/spam score exceeded threshold/){
|
||
|
$cnt{spam_denied}++;
|
||
|
next;
|
||
|
}
|
||
|
|
||
|
# Tagged as spam, but kept accepted
|
||
|
elsif ($line =~ m/queued\s+<.*>\s+Yes,\s+(score|hits)=/){
|
||
|
$cnt{spam_queued}++;
|
||
|
next;
|
||
|
}
|
||
|
|
||
|
# Queued, not tagged as spam (or spam filtering disabled), those are the clean emails
|
||
|
elsif ($line =~ m/queued\s+<.*>(\s+No,\s+(score|hits)=.+)?/){
|
||
|
$cnt{queued}++;
|
||
|
next;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# Now lets count other_denied, which is total_denied minus
|
||
|
# all the known plugins denied
|
||
|
$cnt{other_denied} = $cnt{total_denied};
|
||
|
foreach (keys %denied){
|
||
|
$cnt{total} = $cnt{total} + $cnt{$_};
|
||
|
$cnt{other_denied} = $cnt{other_denied} - $cnt{$_};
|
||
|
}
|
||
|
foreach (@others){
|
||
|
$cnt{total} = $cnt{total} + $cnt{$_} if ($_ !~ /total/);
|
||
|
}
|
||
|
|
||
|
# The print argument prints all on stdout
|
||
|
if ($what eq "print"){
|
||
|
foreach (keys %denied,@others){
|
||
|
print "$_: $cnt{$_}\n";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# If the arg is a known plugin, prints only its value
|
||
|
elsif (defined $cnt{$what}){
|
||
|
print "$cnt{$what}\n";
|
||
|
}
|
||
|
|
||
|
# Else, print an error
|
||
|
else{
|
||
|
print "supported items are: ";
|
||
|
foreach (keys %denied, @others){
|
||
|
print "$_ ";
|
||
|
}
|
||
|
print "\n";
|
||
|
exit 1;
|
||
|
}
|
||
|
exit 0;
|