[Mimedefang] Reading MIMEDefang log-entries

Kevin A. McGrail kmcgrail at pccc.com
Tue Jul 31 09:05:00 EDT 2007 

> Can you, by chance, provide me a link where these (and possible other
> log-formats within mimedefang) are described?

man mimedefang-filter

Search for LOGGING

LOGGING
       md_graphdefang_log_enable($facility, $enum_recips)
              Enables  the  md_graphdefang_log  function (described next). 
The function logs to syslog using the specified facility.  If you omit 
$facility, it
              defaults to 'mail'.  If you do not call 
md_graphdefang_log_enable in your filter, then any calls to 
md_graphdefang_log simply do nothing.

              If you supply $enum_recips as 1, then a line of logging is 
output for each recipient of a mail message.  If it is zero, then only a 
single line is
              output for each message.  If you omit $enum_recips, it 
defaults to 1.

       md_graphdefang_log($event, $v1, $v2)
              Logs  an  event with up to two optional additional parameters. 
The log message has a specific format useful for graphing tools; the message 
looks
              like this:

                   MDLOG,msgid,event,v1,v2,sender,recipient,subj

              "MDLOG" is literal text.  "msgid" is the Sendmail queue 
identifier.  "event" is the event name, and "v1" and "v2" are the 
additional  parameters.
              "sender"  is the sender's e-mail address. "recipient" is the 
recipient's e-mail address, and "subj" is the message subject.  If a message 
has more
              than one recipient, md_graphdefang_log may log an event 
message for each recipient, depending on how you called 
md_graphdefang_log_enable.

              Note that md_graphdefang_log should not be used in 
filter_relay, filter_sender or filter_recipient.  The global variables it 
relies  on  are  not
              valid in that context.

              If you want to log general text strings, do not use 
md_graphdefang_log.  Instead, use md_syslog (described next).

       md_syslog($level, $msg)
              Logs  the  message  $msg  to  syslog, using level $level.  The 
level is a literal string, and should be one of 'err', 'debug', 'warning', 
´emerg',
              'crit', 'notice' or 'info'.  (See syslog(3) for details.)

              Note that md_syslog does not perform %-subsitutions like 
syslog(3) does.  Depending on your Perl installation, md_syslog boils down 
to a  call  to
              Unix::Syslog::syslog or Sys::Syslog::syslog.  See the 
Unix::Syslog or Sys::Syslog man pages for more details.

       md_openlog($tag, $facility)
              Sets the tag used in syslog messages to $tag, and sends the 
logs to the $facility facility.  If you do not call md_openlog before you 
call md_sys­
              log, then it is called implicitly with $tag set to 
mimedefang.pl and $facility set to mail.

> Do you have any idea on where I can find out what (which rules) caused 
> these
> 14.537 points, if the recipient doesn't have the Mail anymore?

Unless you have it logged, no.  I use a function i wrote based on SA's 
build_status_line that I log for every email.  However, I'm guessing you 
probably can't edit the filter very well if you couldn't deduce the MDLOG 
syslog line.  In case I'm wrong, add this to your filter_end:

md_syslog('warning', "SA-DEBUG: $recip_list - ".&build_status_line($hits, 
$req, $names, $report));

Add use Text::Wrap(); to your filter_initialize

and add this routine:

sub build_status_line {
  # Based on _build_status_line from Mail/SpamAssassin/PerMsgStatus.pm
  # KAM 07-09-03
  # Doesn't handle the spam/ham bayes determination as I don't think I can 
accurately
  # get that information
  # KAM 05-31-04
  # Thanks to major input from Chris Gauch, we believe we have the spam/ham 
bayes info
  my ($hits, $req, $names, $report, $spamstatus) = @_;
  my $line;

  $line  = (($hits >= $req) ? "Yes, " : "No, ");
  $line .= sprintf("hits=%2.1f required=%2.1f\n", $hits, $req);

  if($_ = $names) {
    $Text::Wrap::columns   = 74;
    $Text::Wrap::huge      = 'overflow';
    $Text::Wrap::break     = '(?<=,)';
    $line .= Text::Wrap::wrap("\ttests=", "\t      ", $_) . "\n";
  } else {
    $line .= "\ttests=none\n";
  }

  #$line .= "\tautolearn=";

  #if (!defined($spamstatus->{auto_learn_status})) {
  #  $line .= "no\n\t";
  #} elsif ($spamstatus->{auto_learn_status}) {
  #  $line .= "spam\n\t";
  #} else {
  #  $line .= "ham\n\t";
  #}

  $line .= "\tversion=" . Mail::SpamAssassin::Version();

  return $line;
}

Regards,
KAM

More information about the MIMEDefang mailing list