Sendmail & Mailscanner version 2

[r_chetanjain]

Hi,

Can you please zip all the files and place it for download in a single place... its very difficult to get it in chunks from various pages

Chetan

[warnesj]

Hi!
I'm using watchmaillog.sh on FreeBSD. Unfortunally the tail process isn't killed on restart via HUP. So after n restarts n+1 tail processes are running.

Adding the following patch solves the problem for me. Has anyone else seen this?

Thanks for the fix. I haven't had a problem yet on my Linux install, but what you added is the right way to do it. I'll add it to the main code and re-up new versions to the main page. Thanks for the fix!

Hi,

Can you please zip all the files and place it for download in a single place... its very difficult to get it in chunks from various pages

Chetan

As changes are submitted I usually edit the first post in this forum thread and re-upload new archives. I'll be re-uploading thomasch's additions shortly. So look to my first post on Page 1.

[r_chetanjain]

really a great addon for cacti.... I am using MimeDefang instead of Mailscanner... How can i take advantage of your script... please see the below listed tags i would like to watch for...

Spam : Spam or TMGspam
Virus : detected by ClamAV
Rejects : reject or Spam

Can you help me on how can i edit the script... i am doing it this way...

Reject :
# Look for rejected messages
if((($line=~/ruleset/) && ($line=~/reject\=/)) || ($line =~/reject/)){
$item="mess_rejected";
&readcounterfile;
$counter{$item}++;
if($debug){print("Found a rejected message, incrementing the message rejected counter to $counter{$item}.\n");}
&writecounterfile;

Also, i don't want the counter mess_wait, how do i remove that...

Chetan

[r_chetanjain]

As mentioned above....

Reject : reject or reject\=553
Virus: detected by ClamAV
Spam : TMGspam

# Look for rejected messages
if((($line=~/ruleset/) && ($line=~/reject\=/)) || ($line =~/reject/)){
$item="mess_rejected";
&readcounterfile;
$counter{$item}++;
if($debug){print("Found a rejected message, incrementing the message rejected counter to $counter{$item}.\n");}
&writecounterfile;
}
# Look for MailScanner spam scanning batch results
if($line=~/TMGspam/){
$item="spam";
$spam_count_pos = index($line,"TMGspam");
$spam_count_pos2 = index($line, "Spam");
$spam_count = substr($line,($spam_count_pos+19),($spam_count_pos2-($spam_count_pos+19)));
&readcounterfile;
$counter{$item}=$counter{$item}+$spam_count;
if($debug){print("Found $spam_count SPAM in the MailScanner batch, incrementing the spam counter to $counter{$item}
&writecounterfile;
}
# Look for MainScanner virus scanning batch results
if($line=~/detected\ by\ ClamAV/){
$item="virus";
$virus_count_pos = index($line,"detected\ by\ ClamAV");
$virus_count_pos2 = index($line, "\ viruses");
$virus_count = substr($line,($virus_count_pos+22),($virus_count_pos2-($virus_count_pos+22)));
&readcounterfile;
$counter{$item}=$counter{$item}+$virus_count;
if($debug){print("Found $virus_count viruses in the MailScanner batch, incrementing the virus counter to $counter{$
&writecounterfile;
}
# Look for MailScanner waiting messages
if($line=~/New\ Batch\:\ Found/){
$item="mess_waiting";
$mess_waiting_pos = index($line,"New\ Batch\:\ Found");
$mess_waiting_pos2 = index($line,"\ messages\ waiting");
$mess_waiting = substr($line,($mess_waiting_pos+17),($mess_waiting_pos2-($mess_waiting_pos+17)));
&readcounterfile;
$counter{$item}=$mess_waiting;
if($debug){print("Mailscanner found $mess_waiting messages waiting, setting the mess_waiting counter to $counter{$i
&writecounterfile;

Also, i accept email for nearly 15domains... is there any way i could just add those domains to a file and have the script read that file or i just have to put all those in the script

[warnesj]

Reject : reject or reject\=553
Virus: detected by ClamAV
Spam : TMGspam

This should be doable, but I'd need to see a complete log entry for each item you want to trigger off of (especially SPAM and ClamAV entries) so that we can make sure that we're grabbing the numbers of messages involved in that log entry properly.

Also, i accept email for nearly 15domains... is there any way i could just add those domains to a file and have the script read that file or i just have to put all those in the script

Right now, no. I'm working on that for the next version. I know it's a big pain in the butt.

[r_chetanjain]

For RBLSMTPD :
--------------
Aug 20 04:03:36 mx1 sendmail[32341]: ruleset=check_relay, arg1=[195.116.34.22], arg2=127.0.0.2, relay=sith7.blokowe.pl [195.116.34.22] (may be forged), reject=553 5.3.0 Spam blocked see: http://spamcop.net/bl.shtml?195.116.34.22

For this i tried searching check_relay and reject=553, but it doesn't hit any counters


For VIrus :
-----------
Aug 20 04:03:41 mx1 sendmail[32335]: k7K83VVg032335: Milter: data, reject=554 5.7.1 virus Worm.SomeFool.Gen-1 detected by ClamAV - http://www.clamav.net

For this i tried searching for detected\ by\ ClamAV, but it doesn't hit any counter

Spam
-----

Aug 20 04:04:27 mx1 mimedefang.pl[11433]: MDLOG,k7K84LXX032590,TMGspam,20.774,216.150.2.137,<return-341-hi=i82_xb5x862x_zcx5@yyy.com>,<akantrow@xxx.com>,Congratulations akantrow@xxx.com on your Panasonic 42=?UTF8?Q?=22?= Wide Screen Planel

For this i tried TMGspam, again it doesn't hit any counters....

[warnesj]

I think I've got some code that should work for you.

A note to other MailScanner and Sendmail users, this code is not meant for you. This is specifically for r_chetanjain!

For your virus detection
The problem with your code is that MailScanner scans a batch of messages at a time so it could detect multiple virus infections in any given batch. But your Sendmail milter uses ClamAV on each message as it's recieved. So what I did was get rid of all the code that looks for the ClamAV report of the MailScanner batch and just increment the virus counter by one. So try this code below and see how it works.

Code: Select all

   # Look for virus infected messages
   if($line=~/detected\ by\ ClamAV/){
      $item="virus";
      &readcounterfile;
      $counter{$item}++;
      if($debug){print("Found a virus infected message, incrementing the virus counter to $counter{$item}.\n");}
      &writecounterfile;
   }

For your SPAM detection
The problem again is that MailScanner scans a batch of messages. So again it could detect multiple SPAM messages in a batch. But your TMGspam detects one message at a time. So did the same thing as above and got rid of all the code that looks for the MailScanner batch SPAM count and just increment the SPAM counter by one before it's re-written to the counter file. So try this code below and see if it works.

Code: Select all

   # Look for SPAM messages found my TMGspam
   if($line=~/TMGspam/){
      $item="spam";
      &readcounterfile;
      $counter{$item}++;
      if($debug){print("Found a SPAM message, incrementing the spam counter to $counter{$item}.\n");}
      &writecounterfile;
   }

For your rejected messages
You had you're code pretty close. It actually looked like it should have worked. But replace the current rejected message detection code with the stuff below.

Code: Select all

   # Look for rejected messages
   if(($line=~/ruleset/) && ($line=~/reject\=553/)){
      $item="mess_rejected";
      &readcounterfile;
      $counter{$item}++;
      if($debug){print("Found a rejected message, incrementing the message rejected counter to $counter{$item}.\n");}
      &writecounterfile;
   }

Now to remove the mess_waiting counter just remove all this code,

Code: Select all

   # Look for MailScanner waiting messages
   if($line=~/New\ Batch\:\ Found/){
      $item="mess_waiting";
      $mess_waiting_pos = index($line,"New\ Batch\:\ Found");
      $mess_waiting_pos2 = index($line,"\ messages\ waiting");
      $mess_waiting = substr($line,($mess_waiting_pos+17),($mess_waiting_pos2-($mess_waiting_pos+17)));
      &readcounterfile;
      $counter{$item}=$mess_waiting;
      if($debug){print("Mailscanner found $mess_waiting messages waiting, setting the mess_waiting counter to $counter{$item}.\n");}
      &writecounterfile;
   }

I hope this works for you.

[r_chetanjain]

thanks for the rewrite.... I will check and get back to you....

Chetan

[r_chetanjain]

Hi... the counters seems to be working... but when i try to import the graph template for mailscanner stats, it says

[success] watchmaillog - Sendmail & MailScanner Stats [update]
+ Found Dependency: (GPRINT Preset) Normal
+ Unmet Dependency: (Data Template Item)
+ Found Dependency: (CDEF) Make Stack Negative
+ Unmet Dependency: (Data Template Item)
+ Found Dependency: (GPRINT Preset) Exact Numbers
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)

and its not graphing the status....

Chetan

[warnesj]

Did the data templates import okay?

[r_chetanjain]

data templates did imported with no issues....

chetan

[eddievenus]

I saw someone mention this earlier, but did not see a follow up. I am referring to the failure to import the graph template watchmaillog_sendmail_mailscanner_stats.xml

it looks like this on my cacti install. I am running 8.6i however and imported the 8.6h versions. perhaps there is a problem in that. All the other xml files imported just fine.

Import Results

Cacti has imported the following items:

CDEF
[success] Make Stack Negative [update]

GPRINT Preset
[success] Normal [update]
[success] Exact Numbers [update]

Graph Template
[success] watchmaillog - Sendmail & MailScanner Stats [new]
+ Found Dependency: (GPRINT Preset) Normal
+ Unmet Dependency: (Data Template Item)
+ Found Dependency: (CDEF) Make Stack Negative
+ Unmet Dependency: (Data Template Item)
+ Found Dependency: (GPRINT Preset) Exact Numbers
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)
+ Unmet Dependency: (Data Template Item)

I am sure I can figure out how to make a graph from the data so this no big deal, but it is a failure and I figured someone would want to know about it and fix it.

by the way I am running CactiEZ, thus it is CentOS 4.4 final with Cacti8.6i and plugin arch 1.0. If that matters.

[eddievenus]

Just as a note for anyone else who is having troubles with their SNMP setup on the mail server, this page is especially helpful.
http://forums.cacti.net/viewtopic.php?p=104563#104563

It is nice to know that there are others out there having the same problems I am.

EddieVenus

[r_chetanjain]

i am using 0.8.6j

[rbl]

Hi thomasch,

I'm using watchmaillog.sh on FreeBSD. Unfortunally the tail process isn't killed on restart via HUP. So after n restarts n+1 tail processes are running.

Adding the following patch solves the problem for me. Has anyone else seen this?

I had the same problem. I have added the line in the shell script.
thnx