Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Spam ratio

  1. #1
    andremta is offline Special Member
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default Spam ratio

    How can I find out what is the spam ration (%) from my received emails?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,499
    Rep Power
    56

    Default

    Right-click Show Original and look at the headers.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    andremta is offline Special Member
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default

    Quote Originally Posted by phoenix View Post
    Right-click Show Original and look at the headers.
    I mean... what % of the received emails from my server is actually SPAM?

  4. #4
    jrefl5 is offline Advanced Member
    Join Date
    Nov 2007
    Location
    AZ, USA
    Posts
    205
    Rep Power
    7

    Default

    you will need a script to process the zimbra log file.
    I use the attached perl script then place the results in a spreadsheet

    Code:
    #!/usr/bin/perl
    # input is the current zimbra logfile
    # this will read the zimbra logfile and create a summary report of
    # postfix, spamassin, and clamAV events
    # note that the default logrotation for zimbra (/etc/logrotate.d/zimbra in Red Hat clones) needs to have
    # "delaycompress" set or I will not be able to read the logfile if used as part of the "postrotate scripts"
    # this script bu JCrawford at AZ Structural Pest Control Commission to scratch an itch.
    # it is Licensed  as GPL v3 or later  "jrefl5" ( yahoo ) <com> and others, No warrenty as to usability
    # is provided. james
    #
    # format of zimbra log line is
    # Field				Position
    # Month				0-2
    # Day				4-5
    # Time (HH:MM:SS)   7-14
    # Server name		15-(14+length(server name))
    # Data              end of SNAme+1-> end of line (\n)
    my $CVersion 	= "1.0";
    my $Rejects  	= 0;
    my $Security 	= 0;
    my $Attach	 	= 0;
    my $SAddress	= 0;
    my $DAddress	= 0;
    my $Discards	= 0;
    my $DSN			= 0;
    my $Crylic		= 0;
    my $TheBat		= 0;
    my $Relay		= 0;
    my $Pipe 		= 0;
    my $ConfErr		= 0;
    my $Relay		= 0;
    my $ConfErr		= 0;
    my $ConfErr		= 0;
    my $donknow		= 0;
    my $Blocked		= 0;
    my $BlockBounce = 0;
    my $ClamAV		= 0;
    my $Passed		= 0;
    my $Spammy		= 0;
    my $Clean		= 0;
    my $StDate		= "";
    my $EDate		= "";
    my $inlines		= 0;
    my $currID		= "";
    my $Messages	= 0;
    my $Sender		= "";
    my $Dest		= "";
    my $amavis		= 0;
    my $DefCount	= 0;
    my $BHcount		= 0;
    my $VQueCount 	= 0;
    my &#37;Senders		=();
    my %Recivers	=();
    my %MailWare	=();
    my %Deferred	=();
    my %DefMessage  =();
    my %DefRelay	=();
    my %DefTo		=();
    my %DefTime		=();
    my @BadHeader   =();
    my @VirQuar		=();
    # my $emailsenderformat ="^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$";
    InputLoop: while ( <> ) {
    	# check beginning of line
    	if ($inlines == 0) {
    		$StDate = substr $_, 0, 15;	# Get the start time from the First line in the log
    	}
    	$inlines+=1;
    	$EDate = substr $_, 0, 15;	# Get the time from each line in the log (it may be tha last)
    	if ($_ =~ /postfix\/cleanup/gi)	{   # start of new message processing
    		$Senders[$Sender]+=1 unless (length($Sender) <= 1);
    		$Recivers[$Dest]+=1 unless (length($Dest) <= 1);
    		if ($_ =~ / ([0-9A-F]{10,}): message-id=/i ) {
    			$currID = $1;       # use this as a hash id for message threads?
    			$Messages+=1;
    			$Sender = "";
    			$Dest = "";
    			# add logic to handle mutilitple messages in process loop at same time
    		}	elsif ($_ =~ /discard/i)	{ # track input messages that Postfix doen not queue for amavis
    			$Discards+=1;
    			if ($_ =~ /Crylic/i ) {
    				$Crylic+=1;
    			}	elsif ($_ =~ /no third-party DSNs/)	{
    				$DSN+=1;
    			}	elsif ($_ =~ /The Bat as a Mailer/)	{
    				$TheBat+=1;
    			}	else {
    				print STDOUT "Discard type not Tracked for :\n\t" . $_;
    			}
    		}
    	}	elsif ($_ =~ /Passed CLEAN/i)	{ # Spamassissin thinks its ok
    		$Passed+=1;
    		$Clean+=1;
    	}	elsif ($_ =~ /Passed SPAMMY/i)	{ # Spamassissin thinks it may be spam (place in junk mail folder)
    		$Passed+=1;
    		$Spammy+=1;
    	}	elsif ($_ =~ /Passed BAD-HEADER/i)	{ # bad header on incomming message, message placed in quarantine
    		if ( $_ =~ /quarantine: (badh-[-+a-zA-Z0-9]{10,15}), Message-ID:/g )	{
    			$BHcount += 1;
    			$BadHeader[$BHcount] = $1;
    		}
    	}	elsif ($_ =~ /NOQUEUE: reject/i)	{ # not placed on queue by postfix bounced back to sending server
    		$Messages+=1;
    		$Rejects+=1;
    #		Use the first form if we choose to track the invalid senders <jhc>
    #		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=<($emailsenterformat)>/i)	{
    		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=/i)	{
    			$SAddress+=1;
    			# Track invalid senders?
    		} 	elsif ($_ =~ /Sender address rejected/i )	{
    			$SAddress+=1;
    			# Track invalid senders?
    		}	elsif ($_ =~ /Recipient address rejected:/i)	{ # we don't have that email address localy
    			$DAddress+=1;
    			# Track invalid reciver?
    		}	elsif ($_ =~ /Relay access denied/i)	{ # someone wants to relay (ain't no way)
    				$Relay+=1;
    		}	elsif ($_ =~ /Server configuration error/i)	{ # we goofed on a change revert it ASAP
    				$ConfErr+=1;
    		}	elsif ($_ =~ /Improper use of SMTP command pipelining/i)	{ # Sender is not forming SMTP correctly
    				$Pipe+=1;
    		}	else	{
    			$donknow+=1;
    			print STDOUT "Unknown Reject = \n\t" . $_ ;
    		}
    	}	elsif ($_ =~ /Blocked SPAM/)	{
    		$Blocked+=1;
    	}	elsif ( $_ =~ /amavis\[\d*\]/i)	{
    			if ($_ =~ /Checking:/i)	{
    				$amavis+=1;
    			}	elsif ($_ =~ /local delivery: <> -> <virus-quarantine/gi )	{ # clamd had problems with it (encripted zip?)
    #				print STDERR "Debug found $_ \n";
    				if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[-+a-zA-Z0-9]{10,15})')	{
    					$VQueCount += 1;
    					$VirQuar[$VQueCount] = $1;
    				}
    			}
    	}	elsif ($_ =~ /clamd\[\d{1,}\]:/i)	{ # CalmAV message
    #		Strip out mailware name from log line.
                            if ( $_ =~ /FOUND/ )	{  # Found malware
    			    $ClamAV+= 1;
    			    # use "'" in regexp instead of "/" due to path nameing in the regexp <jhc>
    			    if ($_ =~ m'/opt/zimbra/data/amavisd/tmp/amavis-\d{8,8}T\d{6,6}-(\d{4,5})/parts/\w{1,}:\s{1,}((\w*\.*)*-{0,1}(\w*-*)*)'i)	{
    				$MailWare{$2}+=1;	# save the malware name and counter for the report
    		            }
    			}
    	}	elsif ($_ =~ /deferred/g )	{		# its a deferred message we may see the same one many times
    		if ( $_ =~ 'postfix/smtp\[\d{3,5}\]: ([A-F0-9]{12,12}): to=<(\S{1,}?@\S{1,}?.\S{2,5}?)>, relay=([[:print:]]{1,}?)\[\d+\.\d+\.\d+\.\d+\]:25')	{
    			my $msgid = $1;
    			my $address = $2;
    			my $relay = $3;
    			my $err = "I missed the error msg";
    			if ($_ =~ /said: ([[:print:]]{1,})$/) {
    				$err = $1;
    			} elsif ($_ =~ /talk to me: ([[:print:]]{1,})$/) {
                                    $err = $1;
    			}
    		 	$Deferred{$msgid}	+=1;
    		 	$DefMessage{$msgid} = $err;
    		 	$DefRelay{$msgid} 	= $relay;
    		 	$DefTo{$msgid} 		= $address;
    		 	$DefCount += 1 unless $Deferred{$msgid} > 1;
                            $DefTime{$msgid} = substr $EDate, 7, 8;
    		}
    	}	elsif ($_ =~ /-> <virus-quarantine>/gi )	{ # clamd had problems with it (encripted zip?)
    			if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[a-zA-Z0-9]{10,15})')	{
    				$VirQuar[$VQueCount] = $1;
    				$VQueCount += 1;
    			}
    #	}	else	{
    #		# Unknown Line print it out
    #		print STDOUT "Line not counted\n\t>>>" . $_ . "<<<\n";
    	}
    }
    # full file processed now for the report
    print STDOUT "Mail Log Report Ver. " . $CVersion . " for;\n    " . $StDate . " Through " . $EDate . "\n";
    print STDOUT "    Log contains          \t = " . $inlines . " Lines\n";
    print STDOUT "\tTotal Messages processed = " . $Messages . "\n";
    print STDOUT "\tDiscarded messages       = " . $Discards . "\n";
    print STDOUT "\t   Crylic Discards       = " . $Crylic . "\n";
    print STDOUT "\t   The Bat X-Mailer      = " . $TheBat . "\n";
    print STDOUT "\t   BackScatter           = " . $DSN . "\n";
    print STDOUT "\tRejected Messages        = " . $Rejects . "\n";
    print STDOUT "\t   Invalid From address  = " . $SAddress . "\n";
    print STDOUT "\t   Invalid To Address    = " . $DAddress . "\n";
    print STDOUT "\t   Relay Request         = " . $Relay . "\n";
    print STDOUT "\t   Improper Pipelining   = " . $Pipe  . "\n";
    if ($ConfErr > 0)	{
    	print STDOUT "\t   Config Error !!! !!!  = " . $ConfErr . "\n";
    }
    if ($donkonw > 0)	{
    	print STDOUT "\t   Unknown Rej.          = " . $donknow . "\n";
    }
    print STDOUT "    Messages processed by CLAMAV &\n    SpamAssissin\t\t = " . $amavis . "\n";
    print STDOUT "\tBlocked SPAM  **         = " . $Blocked . "\n";
    print STDOUT "\tPassed Messages          = " . $Passed . "\n";
    print STDOUT "\t     Passed Clean ?      = " . $Clean . "\n";
    print STDOUT "\t     Passed Spammy       = " . $Spammy . "\n";
    print STDOUT "\tClamAV hits **           = " . $ClamAV . "\n";
    if ($ClamAV > 0)	{
    	foreach my $kval ( keys %MailWare )	{
    		print STDOUT "\t\t" . $kval . " found " . $MailWare{$kval} . " time";
    		print STDOUT "s" unless ($MailWare{$kval}<2);
    		print STDOUT "\n";
    	}
    	print STDOUT " ** Note that ClamAV hits are also counted as SPAM\n";
    }
    if ( ($BHcount > 0) || ($VQueCount > 0))	{
    	print STDOUT "\tQuarantined messages	= " . ($BHcount+$VQueCount) . "\n";
    	print STDOUT "\t  messages can be examined in /opt/zimbra/data/amavisd/quarantine/ \n";
    	if ( $BHcount > 0 ) {
    		my $bcount = 6;
    		print STDOUT "\t     Bad Headers		= " . $BHcount;
    		foreach my $msgid (@BadHeader )	{
    			if ( $bcount > 3 ) {
    				print STDOUT "\n\t\t" . $msgid ;
    				$bcount= 1;
    			} else	{
    				print STDOUT ", " . $msgid ;
    				$bcount += 1;
    			}
    		}
    		print STDOUT "\n";
    	}
    	if ($VQueCount > 0)	{
    		my $bcount = 6;
    		print STDOUT "\t     Virus		= " . $VQueCount;
    		foreach my $msgid ( @VirQuar)	{
    			if ( $bcount > 3 ) {
    				print STDOUT "\n\t\t" . $msgid ;
    				$bcount= 1;
    			} else	{
    				print STDOUT ", " . $msgid ;
    				$bcount += 1;
    			}
    		}
    		print STDOUT "\n";
    	}
    }
    if ($DefCount > 0)	{		# we had 1 or more deferred emails
    	print STDOUT "Unique Deferred messages	 = " . $DefCount . "\n";
    	foreach my $msgid ( keys %Deferred )	{
    		print STDOUT "\t" . $msgid . " occured " . $Deferred{$msgid} . " times\n\t\taddressed to ";
    		print STDOUT $DefTo{$msgid} . "\n\t\tvia relay " . $DefRelay{$msgid} . "\n\t\tLast responce at ". $DefTime{$msgid} . " was:\n";
    		print STDOUT "\t" . $DefMessage{$msgid} . "\n";
    	}
    }
    Last edited by jrefl5; 06-30-2009 at 11:20 AM. Reason: the attachement did not attach

  5. #5
    andremta is offline Special Member
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default

    Quote Originally Posted by jrefl5 View Post
    you will need a script to process the zimbra log file.
    I use the attached perl script then place the results in a spreadsheet

    Code:
    #!/usr/bin/perl
    # input is the current zimbra logfile
    # this will read the zimbra logfile and create a summary report of
    # postfix, spamassin, and clamAV events
    # note that the default logrotation for zimbra (/etc/logrotate.d/zimbra in Red Hat clones) needs to have
    # "delaycompress" set or I will not be able to read the logfile if used as part of the "postrotate scripts"
    # this script bu JCrawford at AZ Structural Pest Control Commission to scratch an itch.
    # it is Licensed  as GPL v3 or later  "jrefl5" ( yahoo ) <com> and others, No warrenty as to usability
    # is provided. james
    #
    # format of zimbra log line is
    # Field				Position
    # Month				0-2
    # Day				4-5
    # Time (HH:MM:SS)   7-14
    # Server name		15-(14+length(server name))
    # Data              end of SNAme+1-> end of line (\n)
    my $CVersion 	= "1.0";
    my $Rejects  	= 0;
    my $Security 	= 0;
    my $Attach	 	= 0;
    my $SAddress	= 0;
    my $DAddress	= 0;
    my $Discards	= 0;
    my $DSN			= 0;
    my $Crylic		= 0;
    my $TheBat		= 0;
    my $Relay		= 0;
    my $Pipe 		= 0;
    my $ConfErr		= 0;
    my $Relay		= 0;
    my $ConfErr		= 0;
    my $ConfErr		= 0;
    my $donknow		= 0;
    my $Blocked		= 0;
    my $BlockBounce = 0;
    my $ClamAV		= 0;
    my $Passed		= 0;
    my $Spammy		= 0;
    my $Clean		= 0;
    my $StDate		= "";
    my $EDate		= "";
    my $inlines		= 0;
    my $currID		= "";
    my $Messages	= 0;
    my $Sender		= "";
    my $Dest		= "";
    my $amavis		= 0;
    my $DefCount	= 0;
    my $BHcount		= 0;
    my $VQueCount 	= 0;
    my %Senders		=();
    my %Recivers	=();
    my %MailWare	=();
    my %Deferred	=();
    my %DefMessage  =();
    my %DefRelay	=();
    my %DefTo		=();
    my %DefTime		=();
    my @BadHeader   =();
    my @VirQuar		=();
    # my $emailsenderformat ="^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$";
    InputLoop: while ( <> ) {
    	# check beginning of line
    	if ($inlines == 0) {
    		$StDate = substr $_, 0, 15;	# Get the start time from the First line in the log
    	}
    	$inlines+=1;
    	$EDate = substr $_, 0, 15;	# Get the time from each line in the log (it may be tha last)
    	if ($_ =~ /postfix\/cleanup/gi)	{   # start of new message processing
    		$Senders[$Sender]+=1 unless (length($Sender) <= 1);
    		$Recivers[$Dest]+=1 unless (length($Dest) <= 1);
    		if ($_ =~ / ([0-9A-F]{10,}): message-id=/i ) {
    			$currID = $1;       # use this as a hash id for message threads?
    			$Messages+=1;
    			$Sender = "";
    			$Dest = "";
    			# add logic to handle mutilitple messages in process loop at same time
    		}	elsif ($_ =~ /discard/i)	{ # track input messages that Postfix doen not queue for amavis
    			$Discards+=1;
    			if ($_ =~ /Crylic/i ) {
    				$Crylic+=1;
    			}	elsif ($_ =~ /no third-party DSNs/)	{
    				$DSN+=1;
    			}	elsif ($_ =~ /The Bat as a Mailer/)	{
    				$TheBat+=1;
    			}	else {
    				print STDOUT "Discard type not Tracked for :\n\t" . $_;
    			}
    		}
    	}	elsif ($_ =~ /Passed CLEAN/i)	{ # Spamassissin thinks its ok
    		$Passed+=1;
    		$Clean+=1;
    	}	elsif ($_ =~ /Passed SPAMMY/i)	{ # Spamassissin thinks it may be spam (place in junk mail folder)
    		$Passed+=1;
    		$Spammy+=1;
    	}	elsif ($_ =~ /Passed BAD-HEADER/i)	{ # bad header on incomming message, message placed in quarantine
    		if ( $_ =~ /quarantine: (badh-[-+a-zA-Z0-9]{10,15}), Message-ID:/g )	{
    			$BHcount += 1;
    			$BadHeader[$BHcount] = $1;
    		}
    	}	elsif ($_ =~ /NOQUEUE: reject/i)	{ # not placed on queue by postfix bounced back to sending server
    		$Messages+=1;
    		$Rejects+=1;
    #		Use the first form if we choose to track the invalid senders <jhc>
    #		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=<($emailsenterformat)>/i)	{
    		if ($_ =~ /Helo command rejected: need fully-qualified hostname; from=/i)	{
    			$SAddress+=1;
    			# Track invalid senders?
    		} 	elsif ($_ =~ /Sender address rejected/i )	{
    			$SAddress+=1;
    			# Track invalid senders?
    		}	elsif ($_ =~ /Recipient address rejected:/i)	{ # we don't have that email address localy
    			$DAddress+=1;
    			# Track invalid reciver?
    		}	elsif ($_ =~ /Relay access denied/i)	{ # someone wants to relay (ain't no way)
    				$Relay+=1;
    		}	elsif ($_ =~ /Server configuration error/i)	{ # we goofed on a change revert it ASAP
    				$ConfErr+=1;
    		}	elsif ($_ =~ /Improper use of SMTP command pipelining/i)	{ # Sender is not forming SMTP correctly
    				$Pipe+=1;
    		}	else	{
    			$donknow+=1;
    			print STDOUT "Unknown Reject = \n\t" . $_ ;
    		}
    	}	elsif ($_ =~ /Blocked SPAM/)	{
    		$Blocked+=1;
    	}	elsif ( $_ =~ /amavis\[\d*\]/i)	{
    			if ($_ =~ /Checking:/i)	{
    				$amavis+=1;
    			}	elsif ($_ =~ /local delivery: <> -> <virus-quarantine/gi )	{ # clamd had problems with it (encripted zip?)
    #				print STDERR "Debug found $_ \n";
    				if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[-+a-zA-Z0-9]{10,15})')	{
    					$VQueCount += 1;
    					$VirQuar[$VQueCount] = $1;
    				}
    			}
    	}	elsif ($_ =~ /clamd\[\d{1,}\]:/i)	{ # CalmAV message
    #		Strip out mailware name from log line.
                            if ( $_ =~ /FOUND/ )	{  # Found malware
    			    $ClamAV+= 1;
    			    # use "'" in regexp instead of "/" due to path nameing in the regexp <jhc>
    			    if ($_ =~ m'/opt/zimbra/data/amavisd/tmp/amavis-\d{8,8}T\d{6,6}-(\d{4,5})/parts/\w{1,}:\s{1,}((\w*\.*)*-{0,1}(\w*-*)*)'i)	{
    				$MailWare{$2}+=1;	# save the malware name and counter for the report
    		            }
    			}
    	}	elsif ($_ =~ /deferred/g )	{		# its a deferred message we may see the same one many times
    		if ( $_ =~ 'postfix/smtp\[\d{3,5}\]: ([A-F0-9]{12,12}): to=<(\S{1,}?@\S{1,}?.\S{2,5}?)>, relay=([[:print:]]{1,}?)\[\d+\.\d+\.\d+\.\d+\]:25')	{
    			my $msgid = $1;
    			my $address = $2;
    			my $relay = $3;
    			my $err = "I missed the error msg";
    			if ($_ =~ /said: ([[:print:]]{1,})$/) {
    				$err = $1;
    			} elsif ($_ =~ /talk to me: ([[:print:]]{1,})$/) {
                                    $err = $1;
    			}
    		 	$Deferred{$msgid}	+=1;
    		 	$DefMessage{$msgid} = $err;
    		 	$DefRelay{$msgid} 	= $relay;
    		 	$DefTo{$msgid} 		= $address;
    		 	$DefCount += 1 unless $Deferred{$msgid} > 1;
                            $DefTime{$msgid} = substr $EDate, 7, 8;
    		}
    	}	elsif ($_ =~ /-> <virus-quarantine>/gi )	{ # clamd had problems with it (encripted zip?)
    			if ( $_ =~ 'mbx=/opt/zimbra/data/amavisd/quarantine/(virus-[a-zA-Z0-9]{10,15})')	{
    				$VirQuar[$VQueCount] = $1;
    				$VQueCount += 1;
    			}
    #	}	else	{
    #		# Unknown Line print it out
    #		print STDOUT "Line not counted\n\t>>>" . $_ . "<<<\n";
    	}
    }
    # full file processed now for the report
    print STDOUT "Mail Log Report Ver. " . $CVersion . " for;\n    " . $StDate . " Through " . $EDate . "\n";
    print STDOUT "    Log contains          \t = " . $inlines . " Lines\n";
    print STDOUT "\tTotal Messages processed = " . $Messages . "\n";
    print STDOUT "\tDiscarded messages       = " . $Discards . "\n";
    print STDOUT "\t   Crylic Discards       = " . $Crylic . "\n";
    print STDOUT "\t   The Bat X-Mailer      = " . $TheBat . "\n";
    print STDOUT "\t   BackScatter           = " . $DSN . "\n";
    print STDOUT "\tRejected Messages        = " . $Rejects . "\n";
    print STDOUT "\t   Invalid From address  = " . $SAddress . "\n";
    print STDOUT "\t   Invalid To Address    = " . $DAddress . "\n";
    print STDOUT "\t   Relay Request         = " . $Relay . "\n";
    print STDOUT "\t   Improper Pipelining   = " . $Pipe  . "\n";
    if ($ConfErr > 0)	{
    	print STDOUT "\t   Config Error !!! !!!  = " . $ConfErr . "\n";
    }
    if ($donkonw > 0)	{
    	print STDOUT "\t   Unknown Rej.          = " . $donknow . "\n";
    }
    print STDOUT "    Messages processed by CLAMAV &\n    SpamAssissin\t\t = " . $amavis . "\n";
    print STDOUT "\tBlocked SPAM  **         = " . $Blocked . "\n";
    print STDOUT "\tPassed Messages          = " . $Passed . "\n";
    print STDOUT "\t     Passed Clean ?      = " . $Clean . "\n";
    print STDOUT "\t     Passed Spammy       = " . $Spammy . "\n";
    print STDOUT "\tClamAV hits **           = " . $ClamAV . "\n";
    if ($ClamAV > 0)	{
    	foreach my $kval ( keys %MailWare )	{
    		print STDOUT "\t\t" . $kval . " found " . $MailWare{$kval} . " time";
    		print STDOUT "s" unless ($MailWare{$kval}<2);
    		print STDOUT "\n";
    	}
    	print STDOUT " ** Note that ClamAV hits are also counted as SPAM\n";
    }
    if ( ($BHcount > 0) || ($VQueCount > 0))	{
    	print STDOUT "\tQuarantined messages	= " . ($BHcount+$VQueCount) . "\n";
    	print STDOUT "\t  messages can be examined in /opt/zimbra/data/amavisd/quarantine/ \n";
    	if ( $BHcount > 0 ) {
    		my $bcount = 6;
    		print STDOUT "\t     Bad Headers		= " . $BHcount;
    		foreach my $msgid (@BadHeader )	{
    			if ( $bcount > 3 ) {
    				print STDOUT "\n\t\t" . $msgid ;
    				$bcount= 1;
    			} else	{
    				print STDOUT ", " . $msgid ;
    				$bcount += 1;
    			}
    		}
    		print STDOUT "\n";
    	}
    	if ($VQueCount > 0)	{
    		my $bcount = 6;
    		print STDOUT "\t     Virus		= " . $VQueCount;
    		foreach my $msgid ( @VirQuar)	{
    			if ( $bcount > 3 ) {
    				print STDOUT "\n\t\t" . $msgid ;
    				$bcount= 1;
    			} else	{
    				print STDOUT ", " . $msgid ;
    				$bcount += 1;
    			}
    		}
    		print STDOUT "\n";
    	}
    }
    if ($DefCount > 0)	{		# we had 1 or more deferred emails
    	print STDOUT "Unique Deferred messages	 = " . $DefCount . "\n";
    	foreach my $msgid ( keys %Deferred )	{
    		print STDOUT "\t" . $msgid . " occured " . $Deferred{$msgid} . " times\n\t\taddressed to ";
    		print STDOUT $DefTo{$msgid} . "\n\t\tvia relay " . $DefRelay{$msgid} . "\n\t\tLast responce at ". $DefTime{$msgid} . " was:\n";
    		print STDOUT "\t" . $DefMessage{$msgid} . "\n";
    	}
    }
    ./spam.pl to run? that's it?

  6. #6
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by andremta View Post
    I mean... what % of the received emails from my server is actually SPAM?
    Have you looked at the graphs in the Admin GUI? See attached screen clip
    Attached Images Attached Images
    Cheers,

    Dan

  7. #7
    andremta is offline Special Member
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default

    Quote Originally Posted by dwmtractor View Post
    Have you looked at the graphs in the Admin GUI? See attached screen clip
    Hello,

    I can see the graphic perfectly, although that doesn't point me to specific values.

    Example:
    Total emails: 152
    Spam emails: 92
    Spam ration: 59&#37;

  8. #8
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Yeah, I've actually wondered why they don't put a simple text-numeric summary under those graphs. It's not like the calculations aren't being done. If you want, file an enhancement request on Bugzilla. It'd make sense.
    Cheers,

    Dan

  9. #9
    andremta is offline Special Member
    Join Date
    Feb 2009
    Posts
    128
    Rep Power
    6

    Default

    Quote Originally Posted by dwmtractor View Post
    Yeah, I've actually wondered why they don't put a simple text-numeric summary under those graphs. It's not like the calculations aren't being done. If you want, file an enhancement request on Bugzilla. It'd make sense.
    Another thing... I get ALOT of spam in my zimbra.log, as you can see:

    andre@server:~$ dnsblcount /var/log/zimbra.log
    zen.spamhaus.org 504
    =================================
    Total DNSBL rejections: 504
    atenreiro@intranet:~$
    Although my spam graphic does not really show alot of spam:
    SS-20090701182804.png

    Why the amavis is not showing the spam accordingly?

  10. #10
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    I may be wrong here, and I'd welcome correction by the more experienced Zimbrians, but I believe that this graph only shows you what was marked as spam by SpamAssassin. The RBLs result in rejections that hit using a separate subroutine before SA gets a crack at the message, and thus they don't get included in the total.

    Perhaps they ought to. . .it would definitely make our graphs (and those numbers we are asking for ) look more impressive, but I think that's how it works.
    Cheers,

    Dan

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Weird behaviors and LOTS of spam.
    By zwvpadmin in forum Administrators
    Replies: 7
    Last Post: 01-02-2009, 10:26 AM
  2. spam - ham training
    By Viking0 in forum Administrators
    Replies: 6
    Last Post: 12-02-2008, 01:07 PM
  3. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  4. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  5. Spam being scored with BAYES_00
    By flyerguybham in forum Administrators
    Replies: 6
    Last Post: 04-24-2007, 12:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •