Walkthrough on Postifx monitoring with Cacti

[vinx]

ok, I upgraded to latest cacti's version and now works.

the problem, is that the graph is empty.

Are steps from 1 to 5 to be done on mailserver?

[vinx]

I'm an idiot. I forgot to restart snmp daemon!

now the mail transporting graph is ok, but the mail filtering graph is empty, altough i'm receiveing both spam and viruses.

[curtis001]

I have also follow the instruction but also no graph produced .... but no error come out

is there any setting in cacit itself ? thx all.

[vinx]

I had a look on fetch_mail_statistics.pl script:

Code: Select all

while( <LOGFILE> ) {
    if ( / postfix\/smtpd/ && /client=/ && ! /127.0.0.1/ ) { $num_rec++; }
    elsif ( /status=sent/ && ! /relay=(mailfilter|procmail|local|127.0.0.1)/ ) { $num_sent++; }
    elsif ( /status=deferred/ ) { $num_deferred++; }
    elsif ( /status=bounced/ ) { $num_bounced++; }
    elsif ( /: NOQUEUE: reject: / ) { $num_reject++; }
    elsif ( / Passed CLEAN/ ) { $num_clean++; }
    elsif ( / Passed SPAM/ ) { $num_pspam++; }
    elsif ( / Blocked SPAM/ ) { $num_spam++; }
    elsif ( / Blocked INFECTED/ ) { $num_infected++; }
    elsif ( / Passed BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BANNED/ ) { $num_banned++; }

Il looks for the above strings on maillog.

I searched above strings on mail.log, but there are no entries in file. I'm using amavis for email filtering.

[Mathieu]

Hi there,

i made this script work for my configuration of Postfix/ClamAv/Amavisd-New/SpamAssasin this morning (i am using a Sarge Debian fully upgraded). I had to modify both amavisd logformat and fetch_mail_statistics.pl scripts. Here are my modifications :

/etc/amavisd/amavisd.conf

Code: Select all

$log_templ = '[?%#D|Not-Delivered|Passed] [? %#V |[? %#F |[? %#X |CLEAN|BAD-HEADER]|BANNED name/type (%F)]|INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';

fetch_mail_statistics.pl

Code: Select all

  while( <LOGFILE> ) {
    if ( / postfix\/smtpd/ && /client=/ && ! /127.0.0.1/ ) { $num_rec++; }
    elsif ( /status=sent/ && ! /relay=(mailfilter|procmail|local|127.0.0.1)/ ) { $num_sent++; }
    elsif ( /status=deferred/ ) { $num_deferred++; }
    elsif ( /status=bounced/ ) { $num_bounced++; }
    elsif ( /: NOQUEUE: reject: / ) { $num_reject++; }
    elsif ( / Passed CLEAN/  && /Hits: ([-+]?[0-9]*\.?[0-9]+)/) {
        $hits = $1;
        $num_clean++ if ($hits < $tag_level);
        $num_pspam++ if ($hits > $tag_level);
        }

    elsif ( / Not-Delivered CLEAN/  && /Hits: ([-+]?[0-9]*\.?[0-9]+)/) {
        $hits = $1;
        $num_clean++ if ($hits < $tag_level);
        $num_spam++ if ($hits > $tag_level);
        }

    elsif ( / Passed INFECTED/ ) { $num_infected++; }
    elsif ( / Not-Delivered INFECTED/ ) { $num_infected++; }
    elsif ( / Passed BAD-HEADER/ ) { $num_header++; }
    elsif ( / Not-Delivered BAD-HEADER/ ) { $num_header++; }
    elsif ( / Blocked BANNED/ ) { $num_banned++; }
    elsif ( / Not-Delivered BANNED/ ) { $num_banned++; }

    }

To use this modification, you must add at the beginning of the script a SPAMLVL variable with your local value. You can find this value in /etc/amavisd/amavisd.conf if you look for

$tag2_level

parameter.
Here is an exemple of such a line :

Code: Select all

$SPAMLVL  = 2.0;

I hope this will help...

Mathieu

[vinx]

To use this modification, you must add at the beginning of the script a SPAMLVL variable with your local value. You can find this value in /etc/amavisd/amavisd.conf if you look for

$tag2_level

parameter.
Here is an exemple of such a line :

Code: Select all

$SPAMLVL  = 2.0;

Mathieu

Mathieu,
thanks for your help, but I cannot find such value in my amavid.conf file.

could please attach your amavisd.conf file to let me compare mine?

merci,
a bientôt

[Mathieu]

Did you use SpamAssassin as anti spam software with amavisd ?
My post was not enougth detailed : it is the $sa_tag2_level_deflt parameter that you must look for.

Here is an extract of my configuration :

Code: Select all

# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level

Mathieu

[dsmooth]

Fixed, tested, looks nice and right

Installation:
....
4) Add following line in snmpd.conf file

Code: Select all

pass .1.3.6.1.4.1.2021.255 /usr/local/bin/fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255

...]

fetch_mail_statistics.pl requires 5 parameters, but there are only 3 here. Any idea how to get it work? I tried your posted version as well...

[davea]

Thanks for the PF monitoring with Cacti.

I had it working in a short time.

How can I monitor a 2nd instance of PF on the same box? I have 2 PF instance setups:

/etc/postfix
/etc/postfix-outbound

The *outbound* is for relay for outbound email only.

What changes are needed?

TIA
Dave

[dsmooth]

so you got that perl script running already?! rats... i seem to be having trouble as the script demands 5 parameters, but the instructions only provide three! Maybe you could PM me any details or edits you had to make?
For your PF#2... you could have it log to a separate log file (e.g. /var/log/maillogOB) then parse it separately.

[Mathieu]

To monitor 2 Postfix Instance You will have to change the snmpd pass setting to use an alternative OID ( dont use the .255 one but the .254 for example).

You will have to change the DataSource template to pass the new snmp OID.

I see that someone complains about a wrong number of arguments with fetch_statistis Perl script: in my memory the 2 last argument are optional or passed by snmpd, i'll check this tomorrow and give you a full detailed answer with example extracted from my configuration.

[dsmooth]

...I see that someone complains about a wrong number of arguments with fetch_statistis Perl script: in my memory the 2 last argument are optional or passed by snmpd, i'll check this tomorrow and give you a full detailed answer with example extracted from my configuration.

I would really appreciate that; thank you

[Mathieu]

Hi dsmooth,

On my snmpd pass configuration line, i only have 3 argument after the script name. Here is the extract :

Code: Select all

pass .1.3.6.1.4.1.2021.255 /usr/local/bin/fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255

As i thought, it is the snmpd daemon that pass the 2 more arguments to the script. Here is an extract of snmpd.conf manpage explaining the process:

PASS-THROUGH CONTROL
pass MIBOID EXEC
(If you're writing perl scripts, please see the embedded perl
support information later in this manual page). Passes entire
control of MIBOID to the EXEC program. The EXEC program is
called in one of the following three ways:

EXEC -g MIBOID

EXEC -n MIBOID

These call lines match to SNMP get and getnext requests.
It is expected that the EXEC program will take the argu-
ments passed to it and return the appropriate response
through it's stdout.

You can simply check that the pass configuration line is working by executing the following command from a local or remote host ( note that you have to adjust it for your personnal snmpd authentication configuration is your are not using SNMP V1 Community Authentification):

snmpwalk -v 1 -c public <host> .1.3.6.1.4.1.2021.255

Here is the result of such a command on my system :

computer01:/home/math# snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.2021.255
UCD-SNMP-MIB::ucdavis.255.0 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.1 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.2 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.3 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.4 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.5 = INTEGER: 21
UCD-SNMP-MIB::ucdavis.255.6 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.7 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.8 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.9 = INTEGER: 0
UCD-SNMP-MIB::ucdavis.255.10 = INTEGER: 0

On more test can be to call the fectch script as snmpd would :

computer01:/usr/local/bin# ./fetch_mail_statistics.pl /var/log/mail.log /var/log/mailstats.db .1.3.6.1.4.1.2021.255 -n .1.3.6.1.4.1.2021.255.1
.1.3.6.1.4.1.2021.255.2
integer
0

I hope that will help !

Mathieu

[vinx]

Did you use SpamAssassin as anti spam software with amavisd ?
My post was not enougth detailed : it is the $sa_tag2_level_deflt parameter that you must look for.

Here is an extract of my configuration :

Code: Select all

# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt  = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 2.0; # add 'spam detected' headers at that level

Mathieu

ah! ok. I have the following values:

Code: Select all

$sa_tag_level_deflt  = 3.0; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.0; # add 'spam detected' headers at that level

[Mathieu]

You configuration mean that :

• - mail with SpamAssasin hitscore below 3.0 will not be tagged as 'spam analyzed'
  - mail with SpamAssasin hitscore between 3.0 and 4.0 will be tagged as 'spam analyzed'
  - mail with SpamAssasin hitscore above 4.0 will be tagged as 'spam detected'

To be more precise, i mean by 'tagged' that an SMTP header will be added to the Email. Look at SpamAssassin documentation for more details about it.

You just have to set $SPAMLVL = 4.0 ; and it must work. In fine, $SPAMLVL = ' the value of $sa_tag2_level_deflt in /etc/amavisd/amavisd.conf';

Hope this will help too.

Mathieu