[Mimedefang] Re: graphdefang logging question
John Kirkland
jpk at bl.org
Fri Jan 10 12:27:01 EST 2003
Hi, Vincent,
If there are log lines in your mail log file like:
/^.* (\<\S+\>)\.\.\. User unknown$/
which matches:
gAHC2iEA006157: <laches at moi.net>... User unknown
Then, they will get added to your SummaryDB.db database file. You can
graph them by adding a new graph to your graphdefang-config file. I use
the following:
%GraphSettings = (
'data_types' => ['user_unknown'],
'graph_type' => 'stacked_bar',
'grouping' => 'value1',
'top_n' => '9',
'value1_title' => 'Domain',
'grouping_times'=> ['hourly','daily','monthly'],
);
sender = NA;
recipient = email address of unknown recipient
value1 = domain of the unknown recipient
Regards,
John
> Message: 7
> From: Vincent Jaussaud <tatooin at kelkoo.com>
> To: mimedefang at lists.roaringpenguin.com
> Organization: Kelkoo.com
> Date: 09 Jan 2003 18:23:08 +0100
> Subject: [Mimedefang] graphdefang logging question
> Reply-To: mimedefang at lists.roaringpenguin.com
>
> Hi !
>
> I saw that it's possible to use Graphdefang with sendmail's "User
> unknown" log entries; but I don't know how.
>
> I currently use graphdefang for Spam & Virus monitoring, and I would
> like to use it as well to monitor possible user dictionary attack on my
> mail server.
>
> Any pointer for this ?
>
> Thanks in advance,
> Regards.
>
> --
> Vincent Jaussaud
> Kelkoo.com Security Manager
> email: tatooin at kelkoo.com
>
More information about the MIMEDefang
mailing list