[Mimedefang] Re: md_log behavior

John Kirkland jpk at bl.org
Fri Mar 21 13:00:01 EST 2003


> On Fri, 21 Mar 2003, Joseph Brennan wrote:
>
> > I'd love to see that changed.  When mail comes in for 100
> > recipients, there is no need to have 100 lines of syslog all
> > saying the same thing.
>
> md_log was written by John Kirkland to work with graphdefang.
> John, is there any way you can change md_log not to do that?
> I think an extra "rcpts=n" field giving the number of recipients
> might suffice, if people aren't interested in per-recipient
> statistics.

I don't want to change the default behavior because then you lose
significant user level granularity, but I made a change to md_log_enable
and md_log to support this request.  The change is backwards compatible
and doesn't require anyone to change their mimedefang-filter unless they
want the new behavior.  It also doesn't require any changes to
graphdefang whether the new feature is used or not.

You would enable the new feature with the following in mimedefang-filter:
md_log_enable('mail',0);

Regards,
John

diff -c is enclosed below...

*** mimedefang.pl.in	Thu Feb 27 13:10:20 2003
--- ../mimedefang-2.31-BETA-6.blah/mimedefang.pl.in	Fri Mar 21 11:46:19 2003
***************
*** 41,47 ****
  	    $ValidateIPHeader
  	    $QuarantineSubject $SALocalTestsOnly $NotifyNoPreamble
  	    %Actions %Stupidity @FlatParts @Recipients @Warnings %Features
! 	    $SyslogFacility $MaxMIMEParts $InMessageContext
  	    %SendmailMacros);

  use vars qw($GeneralWarning);
--- 41,47 ----
  	    $ValidateIPHeader
  	    $QuarantineSubject $SALocalTestsOnly $NotifyNoPreamble
  	    %Actions %Stupidity @FlatParts @Recipients @Warnings %Features
! 	    $SyslogFacility $EnumerateRecipients $MaxMIMEParts $InMessageContext
  	    %SendmailMacros);

  use vars qw($GeneralWarning);
***************
*** 4519,4524 ****
--- 4519,4530 ----
  #                    should log messages when md_log() is called.  If
  #                    this variable is not passed in, a default value
  #                    of 'mail' will be used.
+ #  EnumerageRecipients -- (optional) Whether or not to output a syslog
+ #                    line for each recipient of a spam message or only
+ #                    once per incoming message.  Disabling this will
+ #                    reduce the entries to syslog but will reduce
+ #                    statistical granularity on a per user basis.
+ #
  # %RETURNS:
  #  Nothing
  # %DESCRIPTION:
***************
*** 4526,4539 ****
  #  subroutine is called.  The $SyslogFacility name should be known
  #  to syslog on the machine on which Mimedefang is running.
  #***********************************************************************
! sub md_log_enable(;$)
  {
      $SyslogFacility = shift;

      # If we don't have a SyslogFacility from the user,
      # use a default of 'mail'

      $SyslogFacility = 'mail' unless defined($SyslogFacility);
  }

  #***********************************************************************
--- 4532,4552 ----
  #  subroutine is called.  The $SyslogFacility name should be known
  #  to syslog on the machine on which Mimedefang is running.
  #***********************************************************************
! sub md_log_enable(;$$)
  {
      $SyslogFacility = shift;
+     $EnumerateRecipients = shift;

      # If we don't have a SyslogFacility from the user,
      # use a default of 'mail'

      $SyslogFacility = 'mail' unless defined($SyslogFacility);
+
+     # By default, we want md_log to output a syslog line for each
+     # recipient.  This is useful for per user spam statistics.
+     # i.e. How many spam messages were received by foo at bar.com?
+
+     $EnumerateRecipients = 1 unless defined($EnumerateRecipients);
  }

  #***********************************************************************
***************
*** 4602,4612 ****
      $value2 = "" unless defined($value2);

      my $lcsender = lc($Sender);
!     foreach my $recipient (@Recipients) {
! 	my $lcrecipient = lc($recipient);
! 	md_syslog("$SyslogFacility|info","MDLOG,$MsgID," .
! 	       "$event,$value1,$value2,$lcsender," .
! 	       "$lcrecipient,$Subject");
      }
  }

--- 4615,4633 ----
      $value2 = "" unless defined($value2);

      my $lcsender = lc($Sender);
!
!     if ($EnumerateRecipients || scalar(@Recipients) == 1) {
!         foreach my $recipient (@Recipients) {
!             my $lcrecipient = lc($recipient);
!             md_syslog("$SyslogFacility|info","MDLOG,$MsgID," .
!                       "$event,$value1,$value2,$lcsender," .
!                       "$lcrecipient,$Subject");
!         }
!     } else {
!         my $lcrecipient = "rcpts=" . scalar(@Recipients);
!         md_syslog("$SyslogFacility|info","MDLOG,$MsgID," .
!                   "$event,$value1,$value2,$lcsender," .
!                   "$lcrecipient,$Subject");
      }
  }





More information about the MIMEDefang mailing list