[Mimedefang] Reading MIMEDefang log-entries
Kevin A. McGrail
kmcgrail at pccc.com
Tue Jul 31 09:05:00 EDT 2007
> Can you, by chance, provide me a link where these (and possible other
> log-formats within mimedefang) are described?
man mimedefang-filter
Search for LOGGING
LOGGING
md_graphdefang_log_enable($facility, $enum_recips)
Enables the md_graphdefang_log function (described next).
The function logs to syslog using the specified facility. If you omit
$facility, it
defaults to 'mail'. If you do not call
md_graphdefang_log_enable in your filter, then any calls to
md_graphdefang_log simply do nothing.
If you supply $enum_recips as 1, then a line of logging is
output for each recipient of a mail message. If it is zero, then only a
single line is
output for each message. If you omit $enum_recips, it
defaults to 1.
md_graphdefang_log($event, $v1, $v2)
Logs an event with up to two optional additional parameters.
The log message has a specific format useful for graphing tools; the message
looks
like this:
MDLOG,msgid,event,v1,v2,sender,recipient,subj
"MDLOG" is literal text. "msgid" is the Sendmail queue
identifier. "event" is the event name, and "v1" and "v2" are the
additional parameters.
"sender" is the sender's e-mail address. "recipient" is the
recipient's e-mail address, and "subj" is the message subject. If a message
has more
than one recipient, md_graphdefang_log may log an event
message for each recipient, depending on how you called
md_graphdefang_log_enable.
Note that md_graphdefang_log should not be used in
filter_relay, filter_sender or filter_recipient. The global variables it
relies on are not
valid in that context.
If you want to log general text strings, do not use
md_graphdefang_log. Instead, use md_syslog (described next).
md_syslog($level, $msg)
Logs the message $msg to syslog, using level $level. The
level is a literal string, and should be one of 'err', 'debug', 'warning',
´emerg',
'crit', 'notice' or 'info'. (See syslog(3) for details.)
Note that md_syslog does not perform %-subsitutions like
syslog(3) does. Depending on your Perl installation, md_syslog boils down
to a call to
Unix::Syslog::syslog or Sys::Syslog::syslog. See the
Unix::Syslog or Sys::Syslog man pages for more details.
md_openlog($tag, $facility)
Sets the tag used in syslog messages to $tag, and sends the
logs to the $facility facility. If you do not call md_openlog before you
call md_sys
log, then it is called implicitly with $tag set to
mimedefang.pl and $facility set to mail.
> Do you have any idea on where I can find out what (which rules) caused
> these
> 14.537 points, if the recipient doesn't have the Mail anymore?
Unless you have it logged, no. I use a function i wrote based on SA's
build_status_line that I log for every email. However, I'm guessing you
probably can't edit the filter very well if you couldn't deduce the MDLOG
syslog line. In case I'm wrong, add this to your filter_end:
md_syslog('warning', "SA-DEBUG: $recip_list - ".&build_status_line($hits,
$req, $names, $report));
Add use Text::Wrap(); to your filter_initialize
and add this routine:
sub build_status_line {
# Based on _build_status_line from Mail/SpamAssassin/PerMsgStatus.pm
# KAM 07-09-03
# Doesn't handle the spam/ham bayes determination as I don't think I can
accurately
# get that information
# KAM 05-31-04
# Thanks to major input from Chris Gauch, we believe we have the spam/ham
bayes info
my ($hits, $req, $names, $report, $spamstatus) = @_;
my $line;
$line = (($hits >= $req) ? "Yes, " : "No, ");
$line .= sprintf("hits=%2.1f required=%2.1f\n", $hits, $req);
if($_ = $names) {
$Text::Wrap::columns = 74;
$Text::Wrap::huge = 'overflow';
$Text::Wrap::break = '(?<=,)';
$line .= Text::Wrap::wrap("\ttests=", "\t ", $_) . "\n";
} else {
$line .= "\ttests=none\n";
}
#$line .= "\tautolearn=";
#if (!defined($spamstatus->{auto_learn_status})) {
# $line .= "no\n\t";
#} elsif ($spamstatus->{auto_learn_status}) {
# $line .= "spam\n\t";
#} else {
# $line .= "ham\n\t";
#}
$line .= "\tversion=" . Mail::SpamAssassin::Version();
return $line;
}
Regards,
KAM
More information about the MIMEDefang
mailing list