Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

About log generation

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


jolumape_al at hotmail

Nov 6, 2009, 8:37 AM

Post #1 of 3 (108 views)
Permalink
About log generation
Dear friends,

There is some configuration of SA to generate different logs and these are for each mail domain?

The antispam system analyzes emails from different domains and what I want is to generate statistics for each domain.

Thanks

Jose Luis
_________________________________________________________________
Discover the new Windows Vista
http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE


mkettler_sa at verizon

Nov 8, 2009, 8:33 PM

Post #2 of 3 (93 views)
Permalink
Re: About log generation [In reply to]
Jose Luis Marin Perez wrote:
> Dear friends,
>
> There is some configuration of SA to generate different logs and these
> are for each mail domain?
spamd, like most well behaved unix daemons, uses syslog. It doesn't
write logfiles directly.

The old-school approach to this would be to run several instances of
spamd, one per domain, have each log to a separate local* syslog
facility, and have syslogd write each to a separate logfile.

A more modern approach might be possible using some of the newer
syslogd's that can be configured based on message content, not just
facility.severity. However, that assumes you can tell from the log
message alone.. I'm not sure offhand if spamd has that info in the
syslog messages.
>
> The antispam system analyzes emails from different domains and what I
> want is to generate statistics for each domain.
>
> Thanks
>
> Jose Luis
> Discover the new Windows Vista Learn more!
> <http://search.msn.com/results.aspx?q=windows+vista&mkt=en-US&form=QBRE>


kremels at kreme

Nov 9, 2009, 8:17 AM

Post #3 of 3 (90 views)
Permalink
Re: About log generation [In reply to]
On 8-Nov-2009, at 21:33, Matt Kettler wrote:
> However, that assumes you can tell from the log message alone.. I'm
> not sure offhand if spamd has that info in the syslog messages.


It doesn't. All virtual domains get scanned as the virtual mailbox
user.

Nov 9 06:47:17 mail spamd[439]: spamd: identified spam (5.8/5.0) for
vpopmail:89 in 6.0 seconds, 2910 bytes.
Nov 9 06:47:17 mail spamd[439]: spamd: result: Y 5 -
BAYES_95,HTML_MESSAGE,MISSING_SUBJECT,URIBL_OB_SURBL
scantime
=
6.0
,size
=
2910
,user
=
vpopmail
,uid
=
89,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=65314,mid=<COL121-W21E61FB2BDC3CA21457EE6D1AC0[at]phx.gbl
>,bayes=0.975174,autolearn=no

You can use the message ID to scan the log and find the Queue-ID and
then use that to scan the log again for the Queue-ID and THEN you can
get the user/domain.

--
I WILL NOT HANG DONUTS ON MY PERSON
Bart chalkboard Ep. 2F13

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.