source-git / logwatch

Clone
Source Code
GIT

Blame scripts/services/exim

c8 c8s master
  1.   c8
  2.   scripts
  3.   services
  4.   exim
Blob History Raw
Packit 57988d 
##########################################################################
Packit 57988d 
# $Id$
Packit 57988d 
##########################################################################
Packit 57988d
Packit 57988d 
########################################################
Packit 57988d 
# Originally written by:
Packit 57988d 
#    Dariusz Nierada <dnierada@kat.supermedia.pl>
Packit 57988d 
########################################################
Packit 57988d 
# Please send all comments, suggestions, bug reports,
Packit 57988d 
#    etc, to logwatch-devel@lists.sourceforge.net
Packit 57988d 
########################################################
Packit 57988d
Packit 57988d 
########################################################
Packit 57988d 
# Default Detail Levels:
Packit 57988d 
#     0: Prints MisFormatted log lines (should never happen)
Packit 57988d 
#        Virus/Malware blocks (if AntiVirus configured)
Packit 57988d 
#        Prints protocol violations (by category)
Packit 57988d 
#        Prints address verification rejections
Packit 57988d 
#        Prints administrative rejections (by category)
Packit 57988d 
#        Prints Refused Relay count
Packit 57988d 
#
Packit 57988d 
#     5: Prints Queue Run count
Packit 57988d 
#        Prints server Stop/Start
Packit 57988d 
#
Packit 57988d 
#    10: Prints Refused Relay (individual lines)
Packit 57988d 
#        Prints Per Message Tracking
Packit 57988d 
########################################################
Packit 57988d
Packit 57988d 
########################################################
Packit 57988d 
## Copyright (c) 2008 Gary Allen Vollink
Packit 57988d 
## Covered under the included MIT/X-Consortium License:
Packit 57988d 
##    http://www.opensource.org/licenses/mit-license.php
Packit 57988d 
## All modifications and contributions by other persons to
Packit 57988d 
## this script are assumed to have been donated to the
Packit 57988d 
## Logwatch project and thus assume the above copyright
Packit 57988d 
## and licensing terms.  If you want to make contributions
Packit 57988d 
## under your own copyright or a different license this
Packit 57988d 
## must be explicitly stated in the contribution an the
Packit 57988d 
## Logwatch project reserves the right to not accept such
Packit 57988d 
## contributions.  If you have made significant
Packit 57988d 
## contributions to this script and want to claim
Packit 57988d 
## copyright please contact logwatch-devel@lists.sourceforge.net.
Packit 57988d 
#########################################################
Packit 57988d
Packit 57988d 
use Logwatch ':dates';
Packit 57988d 
use warnings;
Packit 57988d
Packit 57988d 
$Detail       = $ENV{'LOGWATCH_DETAIL_LEVEL'}  || 0;
Packit 57988d
Packit 57988d 
$LvlBadFormat    = $ENV{'exim_misformat'}     || 0;
Packit 57988d 
$LvlRestarts     = $ENV{'exim_restart'}       || 5;
Packit 57988d 
$LvlVirus        = $ENV{'exim_virus'}         || 0;
Packit 57988d 
$LvlProtocl      = $ENV{'exim_protocol'}      || 0;
Packit 57988d 
$LvlProtoclLines = $ENV{'exim_protocol_lines'}|| 5;
Packit 57988d 
$LvlDontAccept   = $ENV{'exim_dontaccept'}    || 0;
Packit 57988d 
$LvlDontAcceptLines = $ENV{'exim_dontaccept_lines'}    || 0;
Packit 57988d 
$LvlVerify       = $ENV{'exim_verify'}        || 0;
Packit 57988d 
$LvlVerifyLines  = $ENV{'exim_verify_lines'}  || 5;
Packit 57988d 
$LvlRuns         = $ENV{'exim_runs'}          || 5;
Packit 57988d 
$LvlRelay        = $ENV{'exim_relay'}         || 0;
Packit 57988d 
$LvlRelayLines   = $ENV{'exim_relay_lines'}   || 10;
Packit 57988d 
$LvlMsgs         = $ENV{'exim_mesgs'}         || 10;
Packit 57988d
Packit 57988d 
# procedura sortujaca tak jak ja chce (bo tamta sotrowala po ASCII)
Packit 57988d 
# procedure to compare numbers at the beginning of submitted strings.
Packit 57988d 
#  .. Which in this case is the message count for a given message ID.
Packit 57988d 
sub wedlug_liczb {
Packit 57988d 
    ($aa) = ($a =~ /^(\d+).+/);
Packit 57988d 
    ($bb) = ($b =~ /^(\d+).+/);
Packit 57988d 
    $aa <=> $bb;
Packit 57988d 
}
Packit 57988d
Packit 57988d 
# START
Packit 57988d
Packit 57988d 
my $SearchDate = TimeFilter("%Y-%m-%d %H:%M:%S");
Packit 57988d 
$StartQueue = 0;
Packit 57988d 
$EndQueue = 0;
Packit 57988d
Packit 57988d 
# Regex to match IPv4 addresses and IPv6 addresses
Packit 57988d 
# IPv6 part could be made more strict
Packit 57988d 
my $IPAddress = qr/\d+\.\d+\.\d+\.\d+|[a-fA-F0-9]*:[a-fA-F0-9:]+/;
Packit 57988d
Packit 57988d 
while (defined($ThisLine = <STDIN>)) {
Packit 57988d 
   chomp($ThisLine);
Packit 57988d 
    # pobierz dzisiejsza date z 2002-03-31 22:13:48 ...
Packit 57988d 
    # Collect this line's date, e.g. 2002-03-31 22:13:48 ...
Packit 57988d 
   do {
Packit 57988d 
      $BadFormat{$ThisLine}++;
Packit 57988d 
      next;
Packit 57988d 
   } unless ($year1,$month1,$day1,$h1,$m1,$s1) = ($ThisLine =~ /^(\d+)\-(\d+)\-(\d+)\s(\d+):(\d+):(\d+)\s.+/);
Packit 57988d
Packit 57988d 
   next unless $ThisLine =~ /^$SearchDate /o;
Packit 57988d
Packit 57988d 
   if ( $ThisLine =~ /End queue run\:/ ) {
Packit 57988d 
      $EndQueue++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /Start queue run\:/ ) {
Packit 57988d 
      $StartQueue++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /sender verify defer/ ) {
Packit 57988d 
      # ignore this; it's temporary
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /unknown variable name/ ) {
Packit 57988d 
      # ignore this temporarily
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /ignoring AUTH=.*? \(client not authenticated\)/ ) {
Packit 57988d 
      # ignore this; it is a warning.
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /cwd=.*? \d args: / ) {
Packit 57988d 
      # ignore this; it is exim (or an Exim sub-command) starting.
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /[Rr]ecipient verify fail/ ) {
Packit 57988d 
      $RecipVerify{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /[Ss]ender verify fail/ ) {
Packit 57988d 
      $SendVerify{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /fragments administratively prohib/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /unqualified (sender|recipient) rejected/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /do not accept mail / ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /rejected connection in .connect. ACL/ ) {
Packit 57988d 
      # Likely policy rejections
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /believed to be spam/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /[Ww]arning: dnsbl\.sorbs\.net/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /mail not permitted from/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /file, which is blacklisted/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /not accept Windows executables/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /remote host address is the local host/ ) {
Packit 57988d 
      $DontAccept{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /message contains malware/ ) {
Packit 57988d 
      # Exim <= 4.44 with ExiScan-ACL Patch (Running AntiVirus Software)
Packit 57988d 
      $Virus{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /message contains a [vV]irus/ ) {
Packit 57988d 
      # Exim >= 4.50 compiled with WITH_CONTENT_SCAN=yes (Running AntiVirus Software)
Packit 57988d 
      $Virus{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SMTP connection from/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SMTP syntax error in/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /remote host used my name in HELO/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /remote host used IP address in HELO/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /unexpected disconnection while reading SMTP command/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SMTP protocol violation/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SMTP command timeout/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SMTP data timeout/ ) {
Packit 57988d 
      # Common error from SPAM hosts.
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /incomplete transaction \(([\s\w]+)\) from/ ) {
Packit 57988d 
      # Common error from SPAM hosts (after recipient reject/callout).
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SMTP protocol synchronization error \(([\s\w:]+)\):/ ) {
Packit 57988d 
      # Spammer who does not wait before sending crap
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /dropped: too many nonmail commands/ ) {
Packit 57988d 
      # Often someone who tries lots of transactions
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /dropped: too many syntax or protocol errors/ ) {
Packit 57988d 
      # Often someone who tries lots of transactions
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SMTP protocol error in \"\w+\"/ ) {
Packit 57988d 
      # Some hosts ask for TLS even when not offered (generalised to all cmds)
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /Connection from .* too many connections from that IP address/ ) {
Packit 57988d 
      # Some hosts make lots of simultaneous connections
Packit 57988d 
	  # this is an extra error message when logging is high
Packit 57988d 
	  # and since another message duplicates it, we can just ignore this
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /rejected [HE][EH]LO from\s/ ) {
Packit 57988d 
      # Typically due to underscores _ in the HELO line
Packit 57988d 
      #   (a common protocol violation)
Packit 57988d 
      # Also can be due to odd escape sequences
Packit 57988d 
      #   (never seen from a valid MX)
Packit 57988d 
      $Proto{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /SIGHUP received\: re-exec/ ) {
Packit 57988d 
      push @Restart, "$year1-$month1-$day1 $h1:$m1:$s1 (stop)";
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /daemon started\:/ ) {
Packit 57988d 
      push @Restart, "$year1-$month1-$day1 $h1:$m1:$s1 (start)";
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /rejected RCPT.*greylist/) {
Packit 57988d 
      $Greylist++;
Packit 57988d 
      push @GreylistH, $ThisLine;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /refused relay/ || $ThisLine =~ /rejected RCPT/ ) {
Packit 57988d 
      $Relay++;
Packit 57988d 
      push @RelayH, $ThisLine;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /no host name found for IP address/ ) {
Packit 57988d 
      $ReverseLookup++;
Packit 57988d 
      push @ReverseLookupH, $ThisLine;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /no IP address found for host/ ) {
Packit 57988d 
      $Lookup++;
Packit 57988d 
      push @LookupH, $ThisLine;
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /DKIM: .* \[verification succeeded\]/ ) {
Packit 57988d 
      # Ignore successful DKIM verification reports
Packit 57988d 
      # http://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html
Packit 57988d 
   }
Packit 57988d 
   elsif ( $ThisLine =~ /^\d+\-\d+\-\d+\s\d+\:\d+\:\d+\s(\+\d+\s)?\w+\-\w+\-\w+\s/ ) { # inne wiadomosci przesylane przez EXIMA
Packit 57988d 
    # Collect Message ID specific notes...
Packit 57988d 
    ($mdate,$mtime,$mid,$mrest) = ($ThisLine =~ /^(\d+\-\d+\-\d+)\s(\d+\:\d+\:\d+)\s(?:\+\d+\s)?(\w+\-\w+\-\w+)(.+)/);
Packit 57988d 
      # Count of individual Message Lines, used for sort
Packit 57988d 
    $licze++;         # Dodaje taki licznik aby potem przy wypisaniu posortowac po nim, bo wypisywal nie po kolei
Packit 57988d 
    $mmsg{$mid}{$licze.$mrest} = "$mdate $mtime";
Packit 57988d
Packit 57988d 
   }
Packit 57988d 
   else
Packit 57988d 
   {
Packit 57988d 
      $OtherList{$ThisLine}++;
Packit 57988d 
   }
Packit 57988d 
} #end while
Packit 57988d
Packit 57988d 
# Print MisFormatted log lines (should never happen)
Packit 57988d 
if ($Detail >= $LvlBadFormat) {
Packit 57988d 
   if (%BadFormat) {
Packit 57988d 
      print "\n***** BAD FORMAT (Possible data corruption or Exim bug) *****\n";
Packit 57988d 
      foreach $ThisOne (keys %BadFormat) {
Packit 57988d 
         print "$ThisOne\n";
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
# Print server Stops/Starts
Packit 57988d 
if ($Detail >= $LvlRestarts) {
Packit 57988d 
   if (@Restart) {
Packit 57988d 
      print "\n--- Exim Restarted ---\n";
Packit 57988d 
      foreach $ThisOne (sort @Restart) {
Packit 57988d 
         print "  $ThisOne\n";
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
if ($Detail >= $LvlRuns) {
Packit 57988d 
   if (($StartQueue >0 ) or ($EndQueue > 0)) {
Packit 57988d 
      print "\n--- Queue Runners ---\n";
Packit 57988d 
      # Start Queue
Packit 57988d 
      $StartQueue and print "  Start queue run: $StartQueue Time(s)\n";
Packit 57988d 
      # End Queue
Packit 57988d 
      $EndQueue and print "  End queue run: $EndQueue Time(s)\n";
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
if ($Detail >= $LvlVerify) {
Packit 57988d 
   if ((@SendVerify) and (@RecipVerify)) {
Packit 57988d 
      print "\n--- Address Verification ---\n";
Packit 57988d 
   }
Packit 57988d 
   if (@SendVerify) {
Packit 57988d 
      # Sender Verifies
Packit 57988d 
      $SendVerify and print "\nSender Verify failures: $SendVerify Time(s)\n";
Packit 57988d
Packit 57988d 
      if ($Detail >= $LvlVerifyLines) {
Packit 57988d 
         foreach $ThisOne (@SendVerify) {
Packit 57988d 
            print "  $ThisOne\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
   if (@RecipVerify) {
Packit 57988d 
      # Recip Verifies
Packit 57988d 
      $RecipVerify and print "Recipient Verify failures: $RecipVerify Time(s)\n";
Packit 57988d
Packit 57988d 
      if ($Detail >= $LvlVerifyLines) {
Packit 57988d 
         foreach $ThisOne (@RecipVerify) {
Packit 57988d 
            print "  $ThisOne\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
if ($Detail >= $LvlRelay) {
Packit 57988d 
   if (@GreylistH) {
Packit 57988d
Packit 57988d 
      print "\n--- Greylisted $Greylist times\n";
Packit 57988d
Packit 57988d 
      if ( $Detail >= $LvlRelayLines ) {
Packit 57988d 
         print   "--- Lines follow:\n\n";
Packit 57988d
Packit 57988d 
         foreach $ThisOne (@GreylistH) {
Packit 57988d 
            print "$ThisOne\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
   if (@RelayH) {
Packit 57988d
Packit 57988d 
      print "\n--- Refused Relays $Relay times\n";
Packit 57988d
Packit 57988d 
      if ( $Detail >= $LvlRelayLines ) {
Packit 57988d 
         print   "--- Lines follow:\n\n";
Packit 57988d
Packit 57988d 
         foreach $ThisOne (@RelayH) {
Packit 57988d 
            print "$ThisOne\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
if ($Detail >= $LvlVirus) {
Packit 57988d 
   # Print Blocked Viruses/Malware
Packit 57988d 
   if (%Virus) {
Packit 57988d 
      my (%vir);
Packit 57988d 
      print "\n--- Virus/Malware Blocked ---\n";
Packit 57988d 
      foreach $ThisOne (sort(keys %Virus)) {
Packit 57988d 
         # Need mid empty...
Packit 57988d 
         $mid = "";
Packit 57988d 
         # Virus name holder...
Packit 57988d 
         $cc = "";
Packit 57988d 
         # Extract exim date and time string...
Packit 57988d 
         ($mdate, $mtime) = ($ThisOne =~ m/^(\d+-\d+-\d+)\s(\d+\:\d+\:\d+)\s/);
Packit 57988d 
         # Link date and time (looks cleaner)...
Packit 57988d 
         $aa = "$mdate $mtime";
Packit 57988d 
         # Extract the REAL IP address...
Packit 57988d 
         ($bb) = ($ThisOne =~ m/\s\[($IPAddress)\]\s/);
Packit 57988d 
            # Exim >= 4.50 compiled with, WITH_CONTENT_SCAN=yes
Packit 57988d 
         # Default warning looks like this...
Packit 57988d 
            # rejected after DATA: This message contains a [vV]irus (%s).
Packit 57988d 
         if ($ThisOne =~ m/virus \((.*?)\)/) {
Packit 57988d 
            $cc = $1;
Packit 57988d 
         }
Packit 57988d 
            # Exim <= 4.44 with ExiScan-ACL patch
Packit 57988d 
            # rejected after DATA: This message contains malware (%s)
Packit 57988d 
         elsif ($ThisOne =~ m/malware \((.*?)\)/) {
Packit 57988d 
            $cc = $1;
Packit 57988d 
         }
Packit 57988d 
         # There is probably a more graceful way to do this...
Packit 57988d 
         if (defined( $vir{$cc} )) {
Packit 57988d 
            # Assign current value to temporary (mid)
Packit 57988d 
            $mid = $vir{$cc};
Packit 57988d 
         }
Packit 57988d 
         # Set current value to (old value)+new value+','
Packit 57988d 
         $vir{$cc} = "$mid$aa : IP:$bb,";
Packit 57988d 
      }
Packit 57988d 
      # Print the results...
Packit 57988d 
      foreach $ThisOne (sort(keys %vir)) {
Packit 57988d 
         print "Virus: [$ThisOne]\n";
Packit 57988d 
         foreach $aa ( sort( split /,/, $vir{$ThisOne} )) {
Packit 57988d 
            print "   $aa\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
if ($Detail >= $LvlDontAccept) {
Packit 57988d 
   # Print Administrative Prohibitions
Packit 57988d 
   if (%DontAccept) {
Packit 57988d 
      my (%spam, %detail);
Packit 57988d 
      my (@errList);
Packit 57988d
Packit 57988d 
      # Probable SPAM hosts...
Packit 57988d 
      print "\n--- Admin Policy Blocking ---\n";
Packit 57988d 
      foreach $ThisOne (sort(keys %DontAccept)) {
Packit 57988d 
         # We need this blank.
Packit 57988d 
         $mid = "";
Packit 57988d 
         # IP address/current issue holder.
Packit 57988d 
         $bb = "";
Packit 57988d 
         # Extract exim date and time string...
Packit 57988d 
         ($mdate, $mtime) = ($ThisOne =~ m/^(\d+-\d+-\d+)\s(\d+\:\d+\:\d+)\s/);
Packit 57988d 
         # Link date and time (looks cleaner)...
Packit 57988d 
         $aa = "$mdate $mtime";
Packit 57988d
Packit 57988d 
         if ( $ThisOne =~ m/do not accept mail from ([\w\*-._]+)@([\w.-_]+)/ ) {
Packit 57988d 
            $cc = "Blocked Email Domain";
Packit 57988d 
            $bb = "$1\@$2";
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/rejected connection in .connect. ACL/ ) {
Packit 57988d 
            $cc = "Blocked Host";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/mail not permitted from sender ([\w\*-_.]+)@([\w.-_]+)/ ) {
Packit 57988d 
            $cc = "Blocked Email Address";
Packit 57988d 
            $bb = "$1\@$2";
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/contains attached ".(.*)" file, which is blacklisted/ ) {
Packit 57988d 
            $cc = "Blocked Attachment";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /believed to be spam/ ) {
Packit 57988d 
            $cc = "Blocked Fragmented Message";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /[Ww]arning: dnsbl\.sorbs\.net/ ) {
Packit 57988d 
            $cc = "Blocked by DNSBL (SORBS)";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /fragments administratively prohibited/ ) {
Packit 57988d 
            $cc = "Blocked Fragmented Message";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/unqualified sender rejected: <(.*)>/ ) {
Packit 57988d 
            $cc = "Unqualified Sender";
Packit 57988d 
            $bb = "$1";
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/unqualified recipient rejected: <(.*)>/ ) {
Packit 57988d 
            $cc = "Unqualified Receipient";
Packit 57988d 
            $bb = "$1";
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/not accept Windows executables/ ) {
Packit 57988d 
            $cc = "Blocked Attachment";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/remote host address is the local host/ ) {
Packit 57988d 
            $cc = "Invalid local domain";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\@[^>]+/);
Packit 57988d 
         }
Packit 57988d 
         else {
Packit 57988d 
            # If we picked up a malfunction but didn't collect it here,
Packit 57988d 
            # no need to make the user suffer with superfluous error
Packit 57988d 
            # messages.
Packit 57988d 
            #next;
Packit 57988d 
            print "Didn't Summarize: $ThisOne\n";
Packit 57988d 
         }
Packit 57988d 
         if ($cc =~ m/Blocked/ ) {
Packit 57988d 
            # hash of blocked things
Packit 57988d 
            my $h = {};
Packit 57988d 
            if (!defined($detail{$cc})) {
Packit 57988d 
               # debug print "add type $cc\n" ;
Packit 57988d 
               $detail{$cc} = $h;
Packit 57988d 
            }
Packit 57988d 
            $h = $detail{$cc};
Packit 57988d
Packit 57988d 
            if (defined($h{$bb})) {
Packit 57988d 
               # debug print "add $bb to ".$h{$bb}."\n" ;
Packit 57988d 
               $h{$bb} = $h{$bb} + 1;
Packit 57988d 
            }
Packit 57988d 
            else {
Packit 57988d 
               $h{$bb} = 1;
Packit 57988d 
               # debug print "start $bb at ".$h{$bb}."\n" ;
Packit 57988d 
            }
Packit 57988d 
            # marker
Packit 57988d 
            $spam{$cc} = "";
Packit 57988d 
         }
Packit 57988d 
         else {
Packit 57988d
Packit 57988d 
            if (defined( $spam{$cc} )) {
Packit 57988d 
               $mid = $spam{$cc};
Packit 57988d 
            }
Packit 57988d 
            $spam{$cc} = "$mid$aa : $bb,";
Packit 57988d
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
      foreach $ThisOne (sort(keys %spam)) {
Packit 57988d 
         if ($Detail >= $LvlDontAcceptLines) {
Packit 57988d 
            if ($spam{$cc} eq "") {
Packit 57988d 
               print "  $ThisOne\n";
Packit 57988d 
               my $h = $detail{$ThisOne};
Packit 57988d 
               foreach $aa (sort(keys %h) ) {
Packit 57988d 
                  print "    $aa : ".$h{$aa}." times\n";
Packit 57988d 
               }
Packit 57988d 
            }
Packit 57988d 
            else {
Packit 57988d 
               print "  $ThisOne\n";
Packit 57988d 
               foreach $aa ( sort( split /,/, $spam{$ThisOne} )) {
Packit 57988d 
                  print "    $aa\n";
Packit 57988d 
               }
Packit 57988d 
            }
Packit 57988d 
         }
Packit 57988d 
         else {
Packit 57988d 
            @errList = split /,/, $spam{$ThisOne};
Packit 57988d 
            print "  $ThisOne ".scalar @errList." times\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
if ($Detail >= $LvlProtocl) {
Packit 57988d 
# Print Protocol Violations
Packit 57988d 
   if (%Proto) {
Packit 57988d 
      my (%spam);
Packit 57988d
Packit 57988d 
      # Probable SPAM hosts...
Packit 57988d 
      print "\n--- Bad Hosts ---\n";
Packit 57988d 
      foreach $ThisOne (sort(keys %Proto)) {
Packit 57988d 
         # We need this blank.
Packit 57988d 
         $mid = "";
Packit 57988d 
         # IP address/current issue holder.
Packit 57988d 
         $bb = "";
Packit 57988d 
         $cc = "";
Packit 57988d 
         # Extract exim date and time string...
Packit 57988d 
         ($mdate, $mtime) = ($ThisOne =~ m/^(\d+-\d+-\d+)\s(\d+\:\d+\:\d+)\s/);
Packit 57988d 
         # Link date and time (looks cleaner)...
Packit 57988d 
         $aa = "$mdate $mtime";
Packit 57988d
Packit 57988d 
         if ( $ThisOne =~ m/SMTP protocol violation\:\s(.*?\(.*?\))\:/ ) {
Packit 57988d 
            $cc = $1;
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /unexpected disconnection while reading SMTP command/ ) {
Packit 57988d 
            $cc = "Sudden disconnect while expecting remote input";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ m/rejected ([HE][EH])LO from \[($IPAddress)\]\:\s(.*?):\s(.*?)$/ ) {
Packit 57988d 
            $cc = "Rejected HELO/EHLO: $3";
Packit 57988d 
            $bb = "$2 ($1LO $4)";
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /SMTP data timeout \(message abandoned\) on connection from/ ) {
Packit 57988d 
            $cc = "SMTP Timeout errors";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /SMTP command timeout on connection from/ ) {
Packit 57988d 
            $cc = "SMTP Timeout errors";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /syntactically invalid argument/ ) {
Packit 57988d 
            $cc = "SMTP Syntax errors";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /SMTP syntax error in/ ) {
Packit 57988d 
            $cc = "SMTP Syntax errors";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /remote host used my name in HELO/ ) {
Packit 57988d 
            $cc = "My name in HELO";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /remote host used IP address in HELO/ ) {
Packit 57988d 
            $cc = "IP address in HELO";
Packit 57988d 
            ( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /incomplete transaction (\(.*\))/ ) {
Packit 57988d 
            $bb = "SMTP transaction cut short $1";
Packit 57988d 
            $SmtpConnection{$bb}++;
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /SMTP protocol synchronization error/ ) {
Packit 57988d 
            $bb = "SMTP protocol synchronization error";
Packit 57988d 
            $SmtpConnection{$bb}++;
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /dropped: too many nonmail commands/ ) {
Packit 57988d 
            $bb = "Connection dropped after too many nonmail SMTP commands";
Packit 57988d 
            $SmtpConnection{$bb}++;
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /dropped: too many syntax or protocol errors/ ) {
Packit 57988d 
            $bb = "Connection dropped after too many syntax/protocol errors";
Packit 57988d 
            $SmtpConnection{$bb}++;
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /(SMTP protocol error in \"\w+\")/ ) {
Packit 57988d 
            $bb = $1;
Packit 57988d 
            $SmtpConnection{$bb}++;
Packit 57988d 
         }
Packit 57988d 
         elsif ( $ThisOne =~ /SMTP connection from/ ) {
Packit 57988d 
            if ( $ThisOne =~ /lost while reading message data/ ) {
Packit 57988d 
               $bb = "SMTP connection lost while reading message data";
Packit 57988d 
            }
Packit 57988d 
            elsif ( $ThisOne =~ /Connection reset by peer/ ) {
Packit 57988d 
               $bb = "SMTP connection lost when connection reset by peer ";
Packit 57988d 
            }
Packit 57988d 
            elsif ( $ThisOne =~ /lost/ ) {
Packit 57988d 
               $bb = "SMTP connection lost (non-specific)";
Packit 57988d 
            }
Packit 57988d 
            elsif ( $ThisOne =~ /closed by QUIT/ ) {
Packit 57988d 
               $bb = "SMTP connection closed by QUIT";
Packit 57988d 
            }
Packit 57988d 
            elsif ( $ThisOne =~ /closed after SIGTERM/ ) {
Packit 57988d 
               $bb = "SMTP connection closed after SIGTERM";
Packit 57988d 
            }
Packit 57988d 
            elsif ( $ThisOne =~ /TCP\/IP connection count/ ) {
Packit 57988d 
               $bb = "SMTP connection TCP/IP connection count (warning)";
Packit 57988d 
            }
Packit 57988d 
            if ( $bb ne "" ) {
Packit 57988d 
               $SmtpConnection{$bb}++;
Packit 57988d 
            }
Packit 57988d 
         }
Packit 57988d 
         else {
Packit 57988d 
            # If we picked up a malfunction but didn't collect it here,
Packit 57988d 
            # no need to make the user suffer with superfluous error
Packit 57988d 
            # messages.
Packit 57988d 
            #next;
Packit 57988d 
            print "Didn't Summarize: $ThisOne\n";
Packit 57988d 
         }
Packit 57988d 
         if (defined( $spam{$cc} )) {
Packit 57988d 
            $mid = $spam{$cc};
Packit 57988d 
         }
Packit 57988d 
         # We're picking things up in this larger block that do not
Packit 57988d 
         #  ... fit into this mold, so - let's make sure that this is valid
Packit 57988d 
         #  ... before we set it:
Packit 57988d 
         if (( $cc ne '' ) && ( $bb ne '' )) {
Packit 57988d 
            $spam{$cc} = "$mid$aa : IP:$bb,";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
      foreach $ThisOne (sort(keys %spam)) {
Packit 57988d 
         if ($Detail >= $LvlProtoclLines) {
Packit 57988d 
            print " $ThisOne:\n";
Packit 57988d 
            foreach $aa ( sort( split /,/, $spam{$ThisOne} )) {
Packit 57988d 
               print "    $aa\n";
Packit 57988d 
            }
Packit 57988d 
         }
Packit 57988d 
         else {
Packit 57988d 
            @errList = split /,/, $spam{$ThisOne};
Packit 57988d 
            print "  $ThisOne ".scalar @errList." times\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d
Packit 57988d 
      if ( %SmtpConnection ) {
Packit 57988d 
         print "\n--- SMTP Connection Issues \n";
Packit 57988d 
         foreach $ThisOne (keys %SmtpConnection) {
Packit 57988d 
            $bb = $SmtpConnection{$ThisOne};
Packit 57988d 
            print "  $ThisOne: $bb Time(s)\n";
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d
Packit 57988d 
      if (@ReverseLookupH) {
Packit 57988d 
         print "\n--- Failed Reverse Lookups \n";
Packit 57988d 
         print "--- $ReverseLookup  Time(s)\n\n";
Packit 57988d
Packit 57988d 
         if ($Detail >= $LvlProtoclLines) {
Packit 57988d 
            foreach $ThisOne (@ReverseLookupH) {
Packit 57988d 
               print "   $ThisOne\n";
Packit 57988d 
            }
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d
Packit 57988d 
      if (@LookupH) {
Packit 57988d 
         print "\n--- Failed Reverse Lookups \n";
Packit 57988d 
         print "--- (eg. spam try): $Lookup  Time(s)\n\n";
Packit 57988d
Packit 57988d 
         if ($Detail >= $LvlProtoclLines) {
Packit 57988d 
            foreach $ThisOne (@LookupH) {
Packit 57988d 
               print "$ThisOne\n";
Packit 57988d 
            }
Packit 57988d 
         }
Packit 57988d 
      }
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
if ($Detail >= $LvlMsgs) {
Packit 57988d 
   # Messages by ID
Packit 57988d 
   if (keys %mmsg ) {
Packit 57988d 
      my $tmsgcount=0;
Packit 57988d 
      my $tmsgrcpts=0;
Packit 57988d 
      print "\n--- Messages history ---\n\n";
Packit 57988d 
      # mmsg is hashed by message id, which is sorted by time
Packit 57988d 
      foreach $tmsg (sort keys %mmsg) {
Packit 57988d 
        my @tmsgkeys = sort {wedlug_liczb} keys %{$mmsg{$tmsg}};
Packit 57988d 
        my $immed_deliv = 1;
Packit 57988d 
        $immed_deliv = 0 unless $tmsgkeys[0] =~ /^\d+ <=/;
Packit 57988d 
        foreach my $key (@tmsgkeys[1..$#tmsgkeys-1]) {
Packit 57988d 
         $immed_deliv = 0 unless $key =~ /^\d+ [-=]>/;
Packit 57988d 
        }
Packit 57988d 
        $immed_deliv = 0 unless $tmsgkeys[$#tmsgkeys] =~ /^\d+ Completed/;
Packit 57988d 
        my $qttmsgcount = 0;
Packit 57988d 
        my $oldqttmsg = '';
Packit 57988d 
        if (!$immed_deliv) {
Packit 57988d 
         print "\-MsgID: $tmsg\: \n";
Packit 57988d 
         foreach $ttmsg (@tmsgkeys) {
Packit 57988d 
             $qttmsg = $ttmsg;
Packit 57988d 
             $qttmsg =~ s/^\d+//; # wywal licznik na poczatku (te od sortowania)
Packit 57988d 
             $qttmsg =~ s/P\=e*smtp S.+//; # wywal koncowki typu:  P=smtp S=372023 id=
Packit 57988d 
             if ($oldqttmsg eq $qttmsg) {
Packit 57988d 
         $qttmsgcount++;
Packit 57988d 
             } else {
Packit 57988d 
         $oldqttmsg = $qttmsg;
Packit 57988d 
         if ($qttmsgcount > 0) {
Packit 57988d 
            print "\tlast message repeated $qttmsgcount times\n";
Packit 57988d 
            $qttmsgcount = 0;
Packit 57988d 
         }
Packit 57988d 
         print "\t$mmsg{$tmsg}{$ttmsg}$qttmsg\n";
Packit 57988d 
             }
Packit 57988d 
         }
Packit 57988d 
         if ($qttmsgcount > 0) {
Packit 57988d 
            print "\tlast message repeated $qttmsgcount times\n";
Packit 57988d 
         }
Packit 57988d 
        } else {
Packit 57988d 
         $tmsgcount++;
Packit 57988d 
         $tmsgrcpts+=$#tmsgkeys-1;
Packit 57988d 
        }
Packit 57988d 
      }
Packit 57988d 
      print "$tmsgcount messages delivered immediately ";
Packit 57988d 
      print "to $tmsgrcpts total recipients\n";
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
# INNE Badziewia
Packit 57988d 
if (keys %OtherList) {
Packit 57988d 
   print "\n**Unmatched Entries**\n";
Packit 57988d 
   foreach $line (sort {$a cmp $b} keys %OtherList) {
Packit 57988d 
      print "$line: $OtherList{$line} Time(s)\n";
Packit 57988d 
   }
Packit 57988d 
}
Packit 57988d
Packit 57988d 
exit(0);
Packit 57988d
Packit 57988d 
# vi: shiftwidth=3 tabstop=3 syntax=perl et
Packit 57988d 
# Local Variables:
Packit 57988d 
# mode: perl
Packit 57988d 
# perl-indent-level: 3
Packit 57988d 
# indent-tabs-mode: nil
Packit 57988d 
# End:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation