[Mimedefang] Re:GraphDefang question

Yizhar Hurwitz yizhar at mail.com
Sun Dec 3 15:20:37 EST 2006


HI.

> From: Manoj Srivastava <srivasta at ieee.org>
> 
>         I now have graphdefang set up as a cron job generating pretty
>  graphs of incoming Spam. The very first graph is of Spam, Probable
>  Spam, Viruses, and Mail In -- and the Probable Spam number is always
>  0.
> 
>         So I am not recording some event -- what exactly is
>  graphdefang looking for? Is it affected by the two optional
>  parameters in md_graphdefang_log?
> 

Graphdefang simply looks for what you write to the logs.
It is all up to you to decide how to categorize your mail traffic,
and implement it in mimedefang-filter.

For example, below is the relevant code from my mimedefang-filter,
which is categorizing email traffic to 3 major types:

mail_in = spamscore below 5 (or no spam check).
This is passed on to the end user mailbox.

probable_spam = score between 5 to 10.
This is hold in a spamdrop folder,
and I send daily reports via cron job to the user with summary of probable_spam.

spam = score above 10.
This is rejected (or discarded) without any notification to the recipient.


You can see how I use md_graphdefang_log in the following code:

sub filter_end {
...
     # Spam checks if SpamAssassin is installed
     if (($Features{"SpamAssassin"}) and ($RelayAddr !~ /$SafeRelay/ )) {
         if (-s "./INPUTMSG" < 100*1024) {
             my($hits, $req, $names, $report) = spam_assassin_check();
             my($score);
             if ($hits < 10) {
                 $score = "*" x int($hits);
             } else {
                 $score = "*" x 10;
             }
             action_add_header("X-Spam-Score", "$hits ($score) $names");
             if ($hits >= $req) {
                 if ($hits >= $HighScore) {
                     md_graphdefang_log('spam', $hits, $RelayAddr);
                     if ($AutoRejectEnable) {
                         action_bounce('Message Rejected.');
                         return;
                     }
                 }
                 else {
                     md_graphdefang_log('probable_spam', $hits, $RelayAddr);
                 }
                 action_add_part($entity, "text/plain", "-suggest", "$report\n",
"SpamAssassinReport.txt", "inline");
                 if ($SpamDropEnable) {
                     action_add_header("X-Orig-Rcpts", join(", ", @Recipients));
                     foreach $recip (@Recipients) { delete_recipient($recip); }
                     add_recipient($SpamDropAddres);
                 }
                 if ($TagSubjectEnable) {
                     action_change_header('Subject', $TagSubjectText. $Subject);
                 }
                 return;
             } else {
                 md_graphdefang_log('mail_in', $hits, $RelayAddr);
             }
         }
     }
     else {
         ### mail was not checked for spam:
         md_graphdefang_log('mail_in', undef, $RelayAddr);
     }
...


Yizhar Hurwitz
http://yizhar.mvps.org






More information about the MIMEDefang mailing list