KoN Napisano Czerwiec 11, 2008 Zgłoszenie Share Napisano Czerwiec 11, 2008 Witam Mam pytanko odnosnie spamu. Chodzi o to jak sprawic zeby przy zakwalifikowaniu wiadomosci jako "spam" spamassassin umieszczal jakis wpis w logach. Potrzebne mi to do dalszej analizy ile spamu doszlo. na serwerze : sendmail, dovecot, spamassassin na ta chwile jak puszczam wiadomosc testowa z tematem "spam" system zachowuje sie nastepująco: log z maillog: Jun 11 10:10:17 delta dovecot: imap-login: Login: user=<konrad>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured Jun 11 10:10:17 delta dovecot: IMAP(konrad): Disconnected: Logged out Jun 11 10:10:22 delta dovecot: imap-login: Login: user=<konrad>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured Jun 11 10:10:22 delta dovecot: IMAP(konrad): Disconnected: Logged out Jun 11 10:10:23 delta dovecot: imap-login: Login: user=<konrad>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured Jun 11 10:10:23 delta sendmail[16301]: m5B8AN7O016301: Authentication-Warning: delta.domenka: apache set sender to [email protected] using -f Jun 11 10:10:23 delta sendmail[16301]: m5B8AN7O016301: [email protected], size=3003, class=0, nrcpts=1, msgid=<[email protected]>, relay=apache@localhost Jun 11 10:10:23 delta sendmail[16302]: m5B8ANnd016302: from=<[email protected]>, size=3295, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] Jun 11 10:10:23 delta sendmail[16301]: m5B8AN7O016301: [email protected], [email protected] (501/501), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33003, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m5B8ANnd016302 Message accepted for delivery) Jun 11 10:10:24 delta dovecot: IMAP(konrad): Disconnected: Logged out Jun 11 10:10:49 delta sendmail[16303]: m5B8ANnd016302: to=<[email protected]>, ctladdr=<[email protected]> (501/501), delay=00:00:26, xdelay=00:00:25, mailer=local, pri=63524, dsn=2.0.0, stat=Sent zrodlo wiadomosci oznaczonej jako spam: Return-Path: <[email protected]> X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on delta.domenka X-Spam-Level: ***** X-Spam-Status: Yes, score=5.7 required=5.0 tests=ALL_TRUSTED,NO_DNS_FOR_FROM, PYZOR_CHECK,TVD_SPACE_RATIO autolearn=no version=3.2.4 X-Spam-Pyzor: Reported 10 times. X-Spam-Report: * 1.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP * 2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO * 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) Received: from delta.domenka (localhost.localdomain [127.0.0.1]) by delta.domenka (8.14.1/8.14.1) with ESMTP id m5B7kn2H015987 for <[email protected]>; Wed, 11 Jun 2008 09:46:49 +0200 Received: (from apache@localhost) by delta.domenka (8.14.1/8.14.1/Submit) id m5B7knFa015986 for [email protected]; Wed, 11 Jun 2008 09:46:49 +0200 X-Authentication-Warning: delta.domenka: apache set sender to [email protected] using -f Received: from admin1.domenka (admin1.domenka [192.168.2.20]) by poczta2.delta.domenka (Horde Framework) with HTTP; Wed, 11 Jun 2008 09:46:49 +0200 Message-ID: <[email protected]> Date: Wed, 11 Jun 2008 09:46:49 +0200 From: konrad <[email protected]> To: [email protected] Subject: **SPAM** spam MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-2; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.0) X-Spam-Prev-Subject: spam spam ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. jedyna informacja od spamassasina w logach to: log messages Jun 11 10:09:05 delta spamd[16264]: spamd: server started on port 783/tcp (running version 3.2.4) Jun 11 10:09:05 delta spamd[16264]: spamd: server pid: 16264 Jun 11 10:09:05 delta spamd[16264]: spamd: server successfully spawned child process, pid 16272 Jun 11 10:09:05 delta spamd[16264]: spamd: server successfully spawned child process, pid 16273 Jun 11 10:09:05 delta spamd[16264]: prefork: child states: IS Jun 11 10:09:05 delta spamd[16264]: prefork: child states: II czyli info tylko o starcie spamassasina. Gdzies na necie znalazlem gotowe skrypty do analizy logow wzgledem spamu, ale skrypty te u mnie nie dzialaja bo nie ma zadnej informacji ktora wiadomosc przeszla jako dobra a ktora przeszla jako spam. Pozdrawiam Odnośnik do komentarza Udostępnij na innych stronach More sharing options...
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się