Zimbra offers Open Source email server software and shared calendar for Linux and the Mac
Go Back   Zimbra :: Forums > Zimbra Collaboration Suite > Administrators
Reload this Page Spam ratio

Welcome to the Zimbra :: Forums!
Welcome, if you would like to post a comment please register. We also encourage you to explore all things Zimbra with our team and members of the community.

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 06-30-2009, 07:04 AM
Special Member
  
Posts: 128
Default Spam ratio
How can I find out what is the spam ration (%) from my received emails?
Reply With Quote
  #2 (permalink)  
Old 06-30-2009, 08:04 AM
Zimbra Consultant & Moderator
  
Posts: 20,312
Default
Right-click Show Original and look at the headers.
__________________
Regards


Bill
Reply With Quote
  #3 (permalink)  
Old 06-30-2009, 08:05 AM
Special Member
  
Posts: 128
Default
Quote:
Originally Posted by phoenix View Post
Right-click Show Original and look at the headers.
I mean... what % of the received emails from my server is actually SPAM?
Reply With Quote
  #4 (permalink)  
Old 06-30-2009, 11:19 AM
Advanced Member
  
Posts: 205
Default
you will need a script to process the zimbra log file.
I use the attached perl script then place the results in a spreadsheet

Code:
#!/usr/bin/perl
# input is the current zimbra logfile
# this will read the zimbra logfile and create a summary report of
# postfix, spamassin, and clamAV events
# note that the default logrotation for zimbra (/etc/logrotate.d/zimbra in Red Hat clones) needs to have
# "delaycompress" set or I will not be able to read the logfile if used as part of the "postrotate scripts"
# this script bu JCrawford at AZ Structural Pest Control Commission to scratch an itch.
# it is Licensed  as GPL v3 or later  "jrefl5" ( yahoo ) <com> and others, No warrenty as to usability
# is provided. james
#
# format of zimbra log line is
# Field				Position
# Month				0-2
# Day				4-5
# Time (HH:MM:SS)   7-14
# Server name		15-(14+length(server name))
# Data              end of SNAme+1-> end of line (\n)
my $CVersion 	= "1.0";
my $Rejects  	= 0;
my $Security 	= 0;
my $Attach	 	= 0;
my $SAddress	= 0;
my $DAddress	= 0;
my $Discards	= 0;
my $DSN			= 0;
my $Crylic		= 0;
my $TheBat		= 0;
my $Relay		= 0;
my $Pipe 		= 0;
my $ConfErr		= 0;
my $Relay		= 0;
my $ConfErr		= 0;
my $ConfErr		= 0;
my $donknow		= 0;
my $Blocked		= 0;
my $BlockBounce = 0;
my $ClamAV		= 0;
my $Passed		= 0;
my $Spammy		= 0;
my $Clean		= 0;
my $StDate		= "";
my $EDate		= "";
my $inlines		= 0;
my $currID		= "";
my $Messages	= 0;
my $Sender		= "";
my $Dest		= "";
my $amavis		= 0;
my $DefCount	= 0;
my $BHcount		= 0;
my $VQueCount 	= 0;
my %Senders		=();
my %Recivers	=();
my %MailWare	=();
my %Deferred	=();
my %DefMessage  =();
my %DefRelay	=();
my %DefTo		=();
my %DefTime		=();
my @BadHeader   =();
my @VirQuar		=();
# my $emailsenderformat ="^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$";
InputLoop: while ( <> ) {
	# check beginning of line
	if ($inlines == 0) {
		$StDate = substr $_, 0, 15;	# Get the start time from the First line in the log
	}
	$inlines+=1;
	$EDate = substr $_, 0, 15;	# Get the time from each line in the log (it may be tha last)
	if ($_ =~ /postfix\/cleanup/gi)	{   # start of new message processing
		$Senders[$Sender]+=1 unless (length($Sender) <= 1);
		$Recivers[$Dest]+=1 unless (length($Dest) <= 1);
		if ($_ =~ / ([0-9A-F]{10,}): message-id=/i ) {
			$currID = $1;       # use this as a hash id for message threads?
			$Messages+=1;
			$Sender = "";
			$Dest = "";
			# add logic to handle mutilitple messages in process loop at same time
		}	elsif ($_ =~ /discard/i)	{ # track input messages that Postfix doen not queue for amavis
			$Discards+=1;
			if ($_ =~ /Crylic/i ) {
				$Crylic+=1;
			}	elsif ($_ =~ /no third-party DSNs/)	{
				$DSN+=1;
			}	elsif ($_ =~ /The Bat as a Mailer/)	{
				$TheBat+=1;
			}	else {
				print STDOUT "Discard type not Tracked for :\n\t" . $_;
			}
		}
	}	elsif ($_ =~ /Passed CLEAN/i)	{ # Spamassissin thinks its ok
		$Passed+=1;
		$Clean+=1;
	}	elsif ($_ =~ /Passed SPAMMY/i)	{ # Spamassissin thinks it may be spam (place in junk mail folder)
		$Passed+=1;
		$Spammy+=1;
	}	elsif ($_ =~ /Passed BAD-HEADER/i)	{ # bad header on incomming message, message placed in quarantine
		if ( $_ =~ /quarantine: (badh-[-+a-zA-Z0-9]{10,15}), Message-ID:/g )	{
			$BHcount += 1;
			$BadHeader[$BHcount] = $1;
		}
	}	elsif ($_ =~ /NOQUEUE: reject/i)	{ # not placed on queue by postfix bounced back to sending server
		$Messages+=1;
		$Rejects+=1;
#		Use the first form if we choose to track the invalid senders <jhc>
#		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=<($emailsenterformat)>/i)	{
		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=/i)	{
			$SAddress+=1;
			# Track invalid senders?
		} 	elsif ($_ =~ /Sender address rejected/i )	{
			$SAddress+=1;
			# Track invalid senders?
		}	elsif ($_ =~ /Recipient address rejected:/i)	{ # we don't have that email address localy
			$DAddress+=1;
			# Track invalid reciver?
		}	elsif ($_ =~ /Relay access denied/i)	{ # someone wants to relay (ain't no way)
				$Relay+=1;
		}	elsif ($_ =~ /Server configuration error/i)	{ # we goofed on a change revert it ASAP
				$ConfErr+=1;
		}	elsif ($_ =~ /Improper use of SMTP command pipelining/i)	{ # Sender is not forming SMTP correctly
				$Pipe+=1;
		}	else	{
			$donknow+=1;
			print STDOUT "Unknown Reject = \n\t" . $_ ;
		}
	}	elsif ($_ =~ /Blocked SPAM/)	{
		$Blocked+=1;
	}	elsif ( $_ =~ /amavis\[\d*\]/i)	{
			if ($_ =~ /Checking:/i)	{
				$amavis+=1;
			}	elsif ($_ =~ /local delivery: <> -> <virus-quarantine/gi )	{ # clamd had problems with it (encripted zip?)
#				print STDERR "Debug found $_ \n";
				if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[-+a-zA-Z0-9]{10,15})')	{
					$VQueCount += 1;
					$VirQuar[$VQueCount] = $1;
				}
			}
	}	elsif ($_ =~ /clamd\[\d{1,}\]:/i)	{ # CalmAV message
#		Strip out mailware name from log line.
                        if ( $_ =~ /FOUND/ )	{  # Found malware
			    $ClamAV+= 1;
			    # use "'" in regexp instead of "/" due to path nameing in the regexp <jhc>
			    if ($_ =~ m'/opt/zimbra/data/amavisd/tmp/amavis-\d{8,8}T\d{6,6}-(\d{4,5})/parts/\w{1,}:\s{1,}((\w*\.*)*-{0,1}(\w*-*)*)'i)	{
				$MailWare{$2}+=1;	# save the malware name and counter for the report
		            }
			}
	}	elsif ($_ =~ /deferred/g )	{		# its a deferred message we may see the same one many times
		if ( $_ =~ 'postfix/smtp\[\d{3,5}\]: ([A-F0-9]{12,12}): to=<(\S{1,}?@\S{1,}?.\S{2,5}?)>, relay=([[:print:]]{1,}?)\[\d+\.\d+\.\d+\.\d+\]:25')	{
			my $msgid = $1;
			my $address = $2;
			my $relay = $3;
			my $err = "I missed the error msg";
			if ($_ =~ /said: ([[:print:]]{1,})$/) {
				$err = $1;
			} elsif ($_ =~ /talk to me: ([[:print:]]{1,})$/) {
                                $err = $1;
			}
		 	$Deferred{$msgid}	+=1;
		 	$DefMessage{$msgid} = $err;
		 	$DefRelay{$msgid} 	= $relay;
		 	$DefTo{$msgid} 		= $address;
		 	$DefCount += 1 unless $Deferred{$msgid} > 1;
                        $DefTime{$msgid} = substr $EDate, 7, 8;
		}
	}	elsif ($_ =~ /-> <virus-quarantine>/gi )	{ # clamd had problems with it (encripted zip?)
			if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[a-zA-Z0-9]{10,15})')	{
				$VirQuar[$VQueCount] = $1;
				$VQueCount += 1;
			}
#	}	else	{
#		# Unknown Line print it out
#		print STDOUT "Line not counted\n\t>>>" . $_ . "<<<\n";
	}
}
# full file processed now for the report
print STDOUT "Mail Log Report Ver. " . $CVersion . " for;\n    " . $StDate . " Through " . $EDate . "\n";
print STDOUT "    Log contains          \t = " . $inlines . " Lines\n";
print STDOUT "\tTotal Messages processed = " . $Messages . "\n";
print STDOUT "\tDiscarded messages       = " . $Discards . "\n";
print STDOUT "\t   Crylic Discards       = " . $Crylic . "\n";
print STDOUT "\t   The Bat X-Mailer      = " . $TheBat . "\n";
print STDOUT "\t   BackScatter           = " . $DSN . "\n";
print STDOUT "\tRejected Messages        = " . $Rejects . "\n";
print STDOUT "\t   Invalid From address  = " . $SAddress . "\n";
print STDOUT "\t   Invalid To Address    = " . $DAddress . "\n";
print STDOUT "\t   Relay Request         = " . $Relay . "\n";
print STDOUT "\t   Improper Pipelining   = " . $Pipe  . "\n";
if ($ConfErr > 0)	{
	print STDOUT "\t   Config Error !!! !!!  = " . $ConfErr . "\n";
}
if ($donkonw > 0)	{
	print STDOUT "\t   Unknown Rej.          = " . $donknow . "\n";
}
print STDOUT "    Messages processed by CLAMAV &\n    SpamAssissin\t\t = " . $amavis . "\n";
print STDOUT "\tBlocked SPAM  **         = " . $Blocked . "\n";
print STDOUT "\tPassed Messages          = " . $Passed . "\n";
print STDOUT "\t     Passed Clean ?      = " . $Clean . "\n";
print STDOUT "\t     Passed Spammy       = " . $Spammy . "\n";
print STDOUT "\tClamAV hits **           = " . $ClamAV . "\n";
if ($ClamAV > 0)	{
	foreach my $kval ( keys %MailWare )	{
		print STDOUT "\t\t" . $kval . " found " . $MailWare{$kval} . " time";
		print STDOUT "s" unless ($MailWare{$kval}<2);
		print STDOUT "\n";
	}
	print STDOUT " ** Note that ClamAV hits are also counted as SPAM\n";
}
if ( ($BHcount > 0) || ($VQueCount > 0))	{
	print STDOUT "\tQuarantined messages	= " . ($BHcount+$VQueCount) . "\n";
	print STDOUT "\t  messages can be examined in /opt/zimbra/data/amavisd/quarantine/ \n";
	if ( $BHcount > 0 ) {
		my $bcount = 6;
		print STDOUT "\t     Bad Headers		= " . $BHcount;
		foreach my $msgid (@BadHeader )	{
			if ( $bcount > 3 ) {
				print STDOUT "\n\t\t" . $msgid ;
				$bcount= 1;
			} else	{
				print STDOUT ", " . $msgid ;
				$bcount += 1;
			}
		}
		print STDOUT "\n";
	}
	if ($VQueCount > 0)	{
		my $bcount = 6;
		print STDOUT "\t     Virus		= " . $VQueCount;
		foreach my $msgid ( @VirQuar)	{
			if ( $bcount > 3 ) {
				print STDOUT "\n\t\t" . $msgid ;
				$bcount= 1;
			} else	{
				print STDOUT ", " . $msgid ;
				$bcount += 1;
			}
		}
		print STDOUT "\n";
	}
}
if ($DefCount > 0)	{		# we had 1 or more deferred emails
	print STDOUT "Unique Deferred messages	 = " . $DefCount . "\n";
	foreach my $msgid ( keys %Deferred )	{
		print STDOUT "\t" . $msgid . " occured " . $Deferred{$msgid} . " times\n\t\taddressed to ";
		print STDOUT $DefTo{$msgid} . "\n\t\tvia relay " . $DefRelay{$msgid} . "\n\t\tLast responce at ". $DefTime{$msgid} . " was:\n";
		print STDOUT "\t" . $DefMessage{$msgid} . "\n";
	}
}
Last edited by jrefl5; 06-30-2009 at 11:20 AM.. Reason: the attachement did not attach
Reply With Quote
  #5 (permalink)  
Old 06-30-2009, 11:25 AM
Special Member
  
Posts: 128
Default
Quote:
Originally Posted by jrefl5 View Post
you will need a script to process the zimbra log file.
I use the attached perl script then place the results in a spreadsheet

Code:
#!/usr/bin/perl
# input is the current zimbra logfile
# this will read the zimbra logfile and create a summary report of
# postfix, spamassin, and clamAV events
# note that the default logrotation for zimbra (/etc/logrotate.d/zimbra in Red Hat clones) needs to have
# "delaycompress" set or I will not be able to read the logfile if used as part of the "postrotate scripts"
# this script bu JCrawford at AZ Structural Pest Control Commission to scratch an itch.
# it is Licensed  as GPL v3 or later  "jrefl5" ( yahoo ) <com> and others, No warrenty as to usability
# is provided. james
#
# format of zimbra log line is
# Field				Position
# Month				0-2
# Day				4-5
# Time (HH:MM:SS)   7-14
# Server name		15-(14+length(server name))
# Data              end of SNAme+1-> end of line (\n)
my $CVersion 	= "1.0";
my $Rejects  	= 0;
my $Security 	= 0;
my $Attach	 	= 0;
my $SAddress	= 0;
my $DAddress	= 0;
my $Discards	= 0;
my $DSN			= 0;
my $Crylic		= 0;
my $TheBat		= 0;
my $Relay		= 0;
my $Pipe 		= 0;
my $ConfErr		= 0;
my $Relay		= 0;
my $ConfErr		= 0;
my $ConfErr		= 0;
my $donknow		= 0;
my $Blocked		= 0;
my $BlockBounce = 0;
my $ClamAV		= 0;
my $Passed		= 0;
my $Spammy		= 0;
my $Clean		= 0;
my $StDate		= "";
my $EDate		= "";
my $inlines		= 0;
my $currID		= "";
my $Messages	= 0;
my $Sender		= "";
my $Dest		= "";
my $amavis		= 0;
my $DefCount	= 0;
my $BHcount		= 0;
my $VQueCount 	= 0;
my %Senders		=();
my %Recivers	=();
my %MailWare	=();
my %Deferred	=();
my %DefMessage  =();
my %DefRelay	=();
my %DefTo		=();
my %DefTime		=();
my @BadHeader   =();
my @VirQuar		=();
# my $emailsenderformat ="^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$";
InputLoop: while ( <> ) {
	# check beginning of line
	if ($inlines == 0) {
		$StDate = substr $_, 0, 15;	# Get the start time from the First line in the log
	}
	$inlines+=1;
	$EDate = substr $_, 0, 15;	# Get the time from each line in the log (it may be tha last)
	if ($_ =~ /postfix\/cleanup/gi)	{   # start of new message processing
		$Senders[$Sender]+=1 unless (length($Sender) <= 1);
		$Recivers[$Dest]+=1 unless (length($Dest) <= 1);
		if ($_ =~ / ([0-9A-F]{10,}): message-id=/i ) {
			$currID = $1;       # use this as a hash id for message threads?
			$Messages+=1;
			$Sender = "";
			$Dest = "";
			# add logic to handle mutilitple messages in process loop at same time
		}	elsif ($_ =~ /discard/i)	{ # track input messages that Postfix doen not queue for amavis
			$Discards+=1;
			if ($_ =~ /Crylic/i ) {
				$Crylic+=1;
			}	elsif ($_ =~ /no third-party DSNs/)	{
				$DSN+=1;
			}	elsif ($_ =~ /The Bat as a Mailer/)	{
				$TheBat+=1;
			}	else {
				print STDOUT "Discard type not Tracked for :\n\t" . $_;
			}
		}
	}	elsif ($_ =~ /Passed CLEAN/i)	{ # Spamassissin thinks its ok
		$Passed+=1;
		$Clean+=1;
	}	elsif ($_ =~ /Passed SPAMMY/i)	{ # Spamassissin thinks it may be spam (place in junk mail folder)
		$Passed+=1;
		$Spammy+=1;
	}	elsif ($_ =~ /Passed BAD-HEADER/i)	{ # bad header on incomming message, message placed in quarantine
		if ( $_ =~ /quarantine: (badh-[-+a-zA-Z0-9]{10,15}), Message-ID:/g )	{
			$BHcount += 1;
			$BadHeader[$BHcount] = $1;
		}
	}	elsif ($_ =~ /NOQUEUE: reject/i)	{ # not placed on queue by postfix bounced back to sending server
		$Messages+=1;
		$Rejects+=1;
#		Use the first form if we choose to track the invalid senders <jhc>
#		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=<($emailsenterformat)>/i)	{
		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=/i)	{
			$SAddress+=1;
			# Track invalid senders?
		} 	elsif ($_ =~ /Sender address rejected/i )	{
			$SAddress+=1;
			# Track invalid senders?
		}	elsif ($_ =~ /Recipient address rejected:/i)	{ # we don't have that email address localy
			$DAddress+=1;
			# Track invalid reciver?
		}	elsif ($_ =~ /Relay access denied/i)	{ # someone wants to relay (ain't no way)
				$Relay+=1;
		}	elsif ($_ =~ /Server configuration error/i)	{ # we goofed on a change revert it ASAP
				$ConfErr+=1;
		}	elsif ($_ =~ /Improper use of SMTP command pipelining/i)	{ # Sender is not forming SMTP correctly
				$Pipe+=1;
		}	else	{
			$donknow+=1;
			print STDOUT "Unknown Reject = \n\t" . $_ ;
		}
	}	elsif ($_ =~ /Blocked SPAM/)	{
		$Blocked+=1;
	}	elsif ( $_ =~ /amavis\[\d*\]/i)	{
			if ($_ =~ /Checking:/i)	{
				$amavis+=1;
			}	elsif ($_ =~ /local delivery: <> -> <virus-quarantine/gi )	{ # clamd had problems with it (encripted zip?)
#				print STDERR "Debug found $_ \n";
				if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[-+a-zA-Z0-9]{10,15})')	{
					$VQueCount += 1;
					$VirQuar[$VQueCount] = $1;
				}
			}
	}	elsif ($_ =~ /clamd\[\d{1,}\]:/i)	{ # CalmAV message
#		Strip out mailware name from log line.
                        if ( $_ =~ /FOUND/ )	{  # Found malware
			    $ClamAV+= 1;
			    # use "'" in regexp instead of "/" due to path nameing in the regexp <jhc>
			    if ($_ =~ m'/opt/zimbra/data/amavisd/tmp/amavis-\d{8,8}T\d{6,6}-(\d{4,5})/parts/\w{1,}:\s{1,}((\w*\.*)*-{0,1}(\w*-*)*)'i)	{
				$MailWare{$2}+=1;	# save the malware name and counter for the report
		            }
			}
	}	elsif ($_ =~ /deferred/g )	{		# its a deferred message we may see the same one many times
		if ( $_ =~ 'postfix/smtp\[\d{3,5}\]: ([A-F0-9]{12,12}): to=<(\S{1,}?@\S{1,}?.\S{2,5}?)>, relay=([[:print:]]{1,}?)\[\d+\.\d+\.\d+\.\d+\]:25')	{
			my $msgid = $1;
			my $address = $2;
			my $relay = $3;
			my $err = "I missed the error msg";
			if ($_ =~ /said: ([[:print:]]{1,})$/) {
				$err = $1;
			} elsif ($_ =~ /talk to me: ([[:print:]]{1,})$/) {
                                $err = $1;
			}
		 	$Deferred{$msgid}	+=1;
		 	$DefMessage{$msgid} = $err;
		 	$DefRelay{$msgid} 	= $relay;
		 	$DefTo{$msgid} 		= $address;
		 	$DefCount += 1 unless $Deferred{$msgid} > 1;
                        $DefTime{$msgid} = substr $EDate, 7, 8;
		}
	}	elsif ($_ =~ /-> <virus-quarantine>/gi )	{ # clamd had problems with it (encripted zip?)
			if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[a-zA-Z0-9]{10,15})')	{
				$VirQuar[$VQueCount] = $1;
				$VQueCount += 1;
			}
#	}	else	{
#		# Unknown Line print it out
#		print STDOUT "Line not counted\n\t>>>" . $_ . "<<<\n";
	}
}
# full file processed now for the report
print STDOUT "Mail Log Report Ver. " . $CVersion . " for;\n    " . $StDate . " Through " . $EDate . "\n";
print STDOUT "    Log contains          \t = " . $inlines . " Lines\n";
print STDOUT "\tTotal Messages processed = " . $Messages . "\n";
print STDOUT "\tDiscarded messages       = " . $Discards . "\n";
print STDOUT "\t   Crylic Discards       = " . $Crylic . "\n";
print STDOUT "\t   The Bat X-Mailer      = " . $TheBat . "\n";
print STDOUT "\t   BackScatter           = " . $DSN . "\n";
print STDOUT "\tRejected Messages        = " . $Rejects . "\n";
print STDOUT "\t   Invalid From address  = " . $SAddress . "\n";
print STDOUT "\t   Invalid To Address    = " . $DAddress . "\n";
print STDOUT "\t   Relay Request         = " . $Relay . "\n";
print STDOUT "\t   Improper Pipelining   = " . $Pipe  . "\n";
if ($ConfErr > 0)	{
	print STDOUT "\t   Config Error !!! !!!  = " . $ConfErr . "\n";
}
if ($donkonw > 0)	{
	print STDOUT "\t   Unknown Rej.          = " . $donknow . "\n";
}
print STDOUT "    Messages processed by CLAMAV &\n    SpamAssissin\t\t = " . $amavis . "\n";
print STDOUT "\tBlocked SPAM  **         = " . $Blocked . "\n";
print STDOUT "\tPassed Messages          = " . $Passed . "\n";
print STDOUT "\t     Passed Clean ?      = " . $Clean . "\n";
print STDOUT "\t     Passed Spammy       = " . $Spammy . "\n";
print STDOUT "\tClamAV hits **           = " . $ClamAV . "\n";
if ($ClamAV > 0)	{
	foreach my $kval ( keys %MailWare )	{
		print STDOUT "\t\t" . $kval . " found " . $MailWare{$kval} . " time";
		print STDOUT "s" unless ($MailWare{$kval}<2);
		print STDOUT "\n";
	}
	print STDOUT " ** Note that ClamAV hits are also counted as SPAM\n";
}
if ( ($BHcount > 0) || ($VQueCount > 0))	{
	print STDOUT "\tQuarantined messages	= " . ($BHcount+$VQueCount) . "\n";
	print STDOUT "\t  messages can be examined in /opt/zimbra/data/amavisd/quarantine/ \n";
	if ( $BHcount > 0 ) {
		my $bcount = 6;
		print STDOUT "\t     Bad Headers		= " . $BHcount;
		foreach my $msgid (@BadHeader )	{
			if ( $bcount > 3 ) {
				print STDOUT "\n\t\t" . $msgid ;
				$bcount= 1;
			} else	{
				print STDOUT ", " . $msgid ;
				$bcount += 1;
			}
		}
		print STDOUT "\n";
	}
	if ($VQueCount > 0)	{
		my $bcount = 6;
		print STDOUT "\t     Virus		= " . $VQueCount;
		foreach my $msgid ( @VirQuar)	{
			if ( $bcount > 3 ) {
				print STDOUT "\n\t\t" . $msgid ;
				$bcount= 1;
			} else	{
				print STDOUT ", " . $msgid ;
				$bcount += 1;
			}
		}
		print STDOUT "\n";
	}
}
if ($DefCount > 0)	{		# we had 1 or more deferred emails
	print STDOUT "Unique Deferred messages	 = " . $DefCount . "\n";
	foreach my $msgid ( keys %Deferred )	{
		print STDOUT "\t" . $msgid . " occured " . $Deferred{$msgid} . " times\n\t\taddressed to ";
		print STDOUT $DefTo{$msgid} . "\n\t\tvia relay " . $DefRelay{$msgid} . "\n\t\tLast responce at ". $DefTime{$msgid} . " was:\n";
		print STDOUT "\t" . $DefMessage{$msgid} . "\n";
	}
}
./spam.pl to run? that's it?
Reply With Quote
  #6 (permalink)  
Old 07-01-2009, 09:50 AM
Moderator
  
Posts: 1,027
Default
Quote:
Originally Posted by andremta View Post
I mean... what % of the received emails from my server is actually SPAM?
Have you looked at the graphs in the Admin GUI? See attached screen clip
Attached Images
File Type: jpg spam.jpg (88.7 KB, 87 views)
__________________
Cheers,

Dan
Reply With Quote
  #7 (permalink)  
Old 07-01-2009, 10:13 AM
Special Member
  
Posts: 128
Default
Quote:
Originally Posted by dwmtractor View Post
Have you looked at the graphs in the Admin GUI? See attached screen clip
Hello,

I can see the graphic perfectly, although that doesn't point me to specific values.

Example:
Total emails: 152
Spam emails: 92
Spam ration: 59%
Reply With Quote
  #8 (permalink)  
Old 07-01-2009, 10:23 AM
Moderator
  
Posts: 1,027
Default
Yeah, I've actually wondered why they don't put a simple text-numeric summary under those graphs. It's not like the calculations aren't being done. If you want, file an enhancement request on Bugzilla. It'd make sense.
__________________
Cheers,

Dan
Reply With Quote
  #9 (permalink)  
Old 07-01-2009, 10:31 AM
Special Member
  
Posts: 128
Default
Quote:
Originally Posted by dwmtractor View Post
Yeah, I've actually wondered why they don't put a simple text-numeric summary under those graphs. It's not like the calculations aren't being done. If you want, file an enhancement request on Bugzilla. It'd make sense.
Another thing... I get ALOT of spam in my zimbra.log, as you can see:

Quote:
andre@server:~$ dnsblcount /var/log/zimbra.log
zen.spamhaus.org 504
=================================
Total DNSBL rejections: 504
atenreiro@intranet:~$
Although my spam graphic does not really show alot of spam:
SS-20090701182804.png

Why the amavis is not showing the spam accordingly?
Reply With Quote
  #10 (permalink)  
Old 07-01-2009, 10:41 AM
Moderator
  
Posts: 1,027
Default
I may be wrong here, and I'd welcome correction by the more experienced Zimbrians, but I believe that this graph only shows you what was marked as spam by SpamAssassin. The RBLs result in rejections that hit using a separate subroutine before SA gets a crack at the message, and thus they don't get included in the total.

Perhaps they ought to. . .it would definitely make our graphs (and those numbers we are asking for ) look more impressive, but I think that's how it works.
__________________
Cheers,

Dan
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Today's Posts or Week's Posts | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode


Similar Threads

Product Information

Why Join?

Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.

blog.zimbra.com


Home - Blog - Contact Us - Archive - Top


 

SEO by vBSEO ©2011, Crawlability, Inc.