RE: [PLUG] Exchange and postfix (next meeting topic)

Barry, Christopher on 5 Jun 2006 20:36:24 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] Exchange and postfix (next meeting topic)

From: "Barry, Christopher" <cbarry@silverstorm.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: RE: [PLUG] Exchange and postfix (next meeting topic)

Date: Mon, 5 Jun 2006 16:35:56 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Thread-index: AcaI2GJQ8tT+9QgBQDqFiYpr4JAA9wABxnAw

Thread-topic: [PLUG] Exchange and postfix (next meeting topic)

Wrapping was so bad, I just attached it. -C > -----Original Message----- > From: plug-bounces@lists.phillylinux.org > [mailto:plug-bounces@lists.phillylinux.org] On Behalf Of > Barry, Christopher > Sent: Monday, June 05, 2006 3:44 PM > To: plug@lists.phillylinux.org > Subject: [PLUG] Exchange and postfix (next meeting topic) > > All, > > Hi. I'm doing this in a production environment. > Postfix/Amavid-new/SpamAssassin/Razor as a spam-filtering front-end to > exchange which sits inside. > > One of the things I do every morning in a cron is to run the appended > script. It parses the mail logs on the postfix box looking > for rejected > senders, spam senders and virus senders for every valid user > configured > in postfix. It generates reports, and sends them out to > everyone who had > hits. Works well here, and I thought others may like it as > well. The top > needs to be modified to suit your environment, but everything is > variable-ized to allow portability. > > > Cheers, > Chris > > PS watch for any line wrapping that may occur via email, and > let know if > you like it. > > > > # BEGIN SCRIPT > > #!/bin/bash > #set -x > # cbarry@silverstorm.com > # mbrooks@silverstorm.com > # brute force log parser and spam report > # > # best when run @ 6:30 AM, after your mail.log rotates. > # this script parses the current mail.log, and the just rotated > # mail.log.0 (if these are what you configure). It looks in these > # logs for rejected senders, spam senders, and viruses, for every > # valid recipient on your system. If there are any entries in the > # logs for a valid recipient, she is sent the report. No hits, > # then no report. > > # Requirements > # * postfix > # * amavisd > # * spamassassin > # * I'm running Debian, so your mail logs may be named differently > > > # setup section (modify these variables to suit your environment) > > # email domain > alert_domain="silverstorm.com" > primary_domain="silverstorm.com" > domain_names="silverstorm.com infiniconsys.com infinicon.com" > > # user list: in postfix, this would be the relay_recipients map > # it's format is: > # user@domain OK > recips_list="/etc/postfix/maps/relay_recipients" > > # temp files > usertmp="/var/log/spam.tmp" > admintmp="/var/log/daily_admin_spam.report" > > # administrator's email address > admin_email="sysadmin@${alert_domain}" > > # support address > support="ITSupport@${alert_domain}" > > # the mail log(s) to parse. make sure you're hitting the one > that stuff > just got > # rotated to. Typically this means you need to run this script *after* > cron.daily > # rotates the logs. On Debian, this happens ~6:25AM every day. > logs="/var/log/mail.log /var/log/mail.log.0" > > # Add users who do not want to get the report ever. > # to the opt_out list, separated by a pipe symbol. > # as in: > # opt_out='fjones|bbking|brubble|jlennon' > opt_out='fsmith|bdougles' > > > > # program section (you shouldn't need to edit below here, except for > testing) > > users=$(grep ${primary_domain} ${recips_list} | cut -d@ -f1) > > # Use this userlist for testing (edit with your name, obviously!) > #users='bmaxwell cking' > > # for testing... > #echo $users > #exit > > # cleanup > [ -f ${usertmp} ] && rm ${usertmp} > [ -f ${admintmp} ] && rm ${admintmp} > > # standard common report text > salutation="For the user or email list named: " > > period="Report for the prior 24 hour period \\n" > > overview="Below is a list of senders that were rejected by the > spamfilter. \\nScan the Senders column to see if it has any email > addresses you wish to allow. \\nIf so, please email > ITSupport@silverstorm.com with the address to allow.\\n" > > rejected_hdr="\\nREJECTED SENDERS \\nDATE Rejected > Sender address\\n" > > spam_hdr="\\nSPAM SENDERS \\nDATE Spam Sender > address \\n" > > virus_hdr="\\nVIRUS SENDERS \\nDATE Virus Sender > address Virus Detected" > > footer="\\n\\nTo stop getting this report, just click > this:\\nmailto:${support}?subject=Remove_me_from_Spam_Report_List > \\n...and press send. \\n" > > function generate_grep_str () > { > oIFS=${IFS} > IFS=' ' > U=$1 > grep_str= > for d in $(echo ${domain_names}) > do > if [ "${grep_str}" == "" ] > then > local grep_str="${U}@${d}" > else > local grep_str="${grep_str}|${U}@${d}" > fi > done > echo -n "${grep_str}" > IFS=${oIFS} > } > > > oIFS=$IFS > nIFS=' > ' > > for u in $users; > do > > IFS=$oIFS > > if [ "$(echo $u | egrep ${opt_out})" == "" ] > then > [ -f $usertmp ] && rm $usertmp 2>&1 >/dev/nul > echo "Processing $u..." > grep_str=$(generate_grep_str ${u}) > echo grep_str: $grep_str > > # egrep email domains to search for need to be modified to fit > your environment. > > # rejected_data=$(cat $(echo ${logs}) | grep 'Sender address > rejected' | egrep > \'$u@silverstorm.com\|$u@infiniconsys.com\|$u@infinicon.com\' | awk '{ > print $1" "$2" "$3" "$19 }') > rejected_data=$(cat ${logs} | grep 'Sender address rejected' | > egrep "${grep_str}" | awk '{ print $1" "$2" "$3" "$19 }') > echo rejected: ${rejected_data} > > # spam_data=$(cat $(echo ${logs}) | grep 'Blocked > SPAM' | grep -v > LOCAL | egrep > \'$u@silverstorm.com\|$u@infiniconsys.com\|$u@infinicon.com\' | awk '{ > print $1" "$2" "$3" "$11 }') > spam_data=$(cat $logs | grep 'Blocked SPAM' | grep -v LOCAL | > egrep ${grep_str} | awk '{ print $1" "$2" "$3" "$11 }') > echo spam: ${spam_data} > > # spamlocal_data=$(cat $(echo ${logs}) | grep 'Blocked SPAM, > LOCAL' | egrep > \'$u@silverstorm.com\|$u@infiniconsys.com\|$u@infinicon.com\' | awk '{ > print $1" "$2" "$3" "$12 }') > spamlocal_data=$(cat $logs | grep 'Blocked SPAM, > LOCAL' | egrep > ${grep_str} | awk '{ print $1" "$2" "$3" "$12 }') > echo spam local: ${spam_local} > > raw_virus_data=$(cat $logs | grep 'Blocked INFECTED' | egrep > "${grep_str}") > echo raw_virus: $raw_virus_data > > viruslocal_data="" > virus_jpeg_data="" > virus_data="" > > # virus data > IFS=$nIFS > for l in $raw_virus_data > do > IFS=$oIFS > if [ "$(echo ${l} | awk '{ print $10 }')" == "LOCAL" ] > then > viruslocal_data="${viruslocal_data}"\\n$(echo ${l} | > awk '{ print $1" "$2" "$3" "$13" "$9 }') > echo viruslocal: $viruslocal_data > elif [ "$(echo ${l} | awk '{ print $10 }')" == "jpeg:" ] > then > virus_jpeg_data="${virus_jpeg_data}"\\n$(echo ${l} | > awk '{ print $1" "$2" "$3" "$20" "$9" "$10" "$11" "$12" "$13" "$14" > "$15" "$16" "$17 }') > echo virus_jpeg: $virus_jpeg_data > else > virus_data="${virus_data}"\\n$(echo ${l} | awk '{ > print $1" "$2" "$3" "$12" "$9 }') > echo virus: $virus_data > fi > IFS=$nIFS > done > IFS=$oIFS > > # Build report > # was any data returned? > if [ "${rejected_data}" != "" ] || [ "${spam_data}" != "" ] || [ > "${spamlocal_data}" != "" ] || [ "${virus_data}" != "" ] || [ > "${viruslocal_data}" != "" ]; > then > echo -e "${salutation}${u},\\n" >$usertmp > echo -e "${period}" >>$usertmp > echo -e "${overview}" >>$usertmp > if [ "${rejected_data}" != "" ] > then > echo -e "${rejected_hdr}" >>$usertmp > echo "${rejected_data}" >>$usertmp > fi > if [ "${spam_data}" != "" ] || [ "${spamlocal_data}" != "" ] > then > echo -e "${spam_hdr}" >>$usertmp > if [ "${spam_data}" != "" ] > then > echo "${spam_data}" >>$usertmp > fi > if [ "${spamlocal_data}" != "" ] > then > echo "${spamlocal_data}" >>$usertmp > fi > fi > if [ "${virus_data}" != "" ] || [ "${viruslocal_data}" != "" > ] || [ "${virus_jpeg_data}" != "" ] > then > echo -e "${virus_hdr}" >>$usertmp > if [ "${virus_data}" != "" ] > then > echo -e "${virus_data}" >>$usertmp > fi > if [ "${virus_jpeg_data}" != "" ] > then > echo -e "${virus_jpeg_data}" >>$usertmp > fi > if [ "${viruslocal_data}" != "" ] > then > echo -e "${viruslocal_data}" >>$usertmp > fi > fi > echo -e "${footer}" >>$usertmp > fi > > # email user the report > [ -f $usertmp ] && cat $usertmp | mail -s "Daily 'Rejected by > SPAM Filter' Report for $u" $u@${primary_domain} > # add to admin's report > [ -f $usertmp ] && cat $usertmp >> $admintmp > fi > done > > # email the admins a complete report > cat $admintmp | mail -s "Daily 'Total Rejected SPAM' Report" > $admin_email > > > > > ______________________________________________________________ > _____________ > Philadelphia Linux Users Group -- > http://www.phillylinux.org > Announcements - > http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- > http://lists.phillylinux.org/mailman/listinfo/plug >
Attachment: daily-rejected-email-report
Description: daily-rejected-email-report

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

[PLUG] Xorg 7 follies
From: mmalten@comcast.net

Prev by Date: [PLUG] Exchange and postfix (next meeting topic)

Next by Date: [PLUG] Xorg 7 follies

Previous by thread: [PLUG] Exchange and postfix (next meeting topic)

Next by thread: [PLUG] Xorg 7 follies

Index(es):

Date

Thread