Skocz do zawartości

Spamassassin A Logi


KoN

Rekomendowane odpowiedzi

Witam

 

Mam pytanko odnosnie spamu. Chodzi o to jak sprawic zeby przy zakwalifikowaniu wiadomosci jako "spam" spamassassin umieszczal jakis wpis w logach. Potrzebne mi to do dalszej analizy ile spamu doszlo.

 

na serwerze : sendmail, dovecot, spamassassin

 

na ta chwile jak puszczam wiadomosc testowa z tematem "spam" system zachowuje sie nastepująco:

 

log z maillog:

 

Jun 11 10:10:17 delta dovecot: imap-login: Login: user=<konrad>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Jun 11 10:10:17 delta dovecot: IMAP(konrad): Disconnected: Logged out
Jun 11 10:10:22 delta dovecot: imap-login: Login: user=<konrad>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Jun 11 10:10:22 delta dovecot: IMAP(konrad): Disconnected: Logged out
Jun 11 10:10:23 delta dovecot: imap-login: Login: user=<konrad>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Jun 11 10:10:23 delta sendmail[16301]: m5B8AN7O016301: Authentication-Warning: delta.domenka: apache set sender to [email protected] using -f
Jun 11 10:10:23 delta sendmail[16301]: m5B8AN7O016301: [email protected], size=3003, class=0, nrcpts=1, msgid=<[email protected]>, relay=apache@localhost
Jun 11 10:10:23 delta sendmail[16302]: m5B8ANnd016302: from=<[email protected]>, size=3295, class=0, nrcpts=1, msgid=<[email protected]>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Jun 11 10:10:23 delta sendmail[16301]: m5B8AN7O016301: [email protected], [email protected] (501/501), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33003, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m5B8ANnd016302 Message accepted for delivery)
Jun 11 10:10:24 delta dovecot: IMAP(konrad): Disconnected: Logged out
Jun 11 10:10:49 delta sendmail[16303]: m5B8ANnd016302: to=<[email protected]>, ctladdr=<[email protected]> (501/501), delay=00:00:26, xdelay=00:00:25, mailer=local, pri=63524, dsn=2.0.0, stat=Sent

 

zrodlo wiadomosci oznaczonej jako spam:

 

Return-Path: <[email protected]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
    delta.domenka
X-Spam-Level: *****
X-Spam-Status: Yes, score=5.7 required=5.0 tests=ALL_TRUSTED,NO_DNS_FOR_FROM,
    PYZOR_CHECK,TVD_SPACE_RATIO autolearn=no version=3.2.4
X-Spam-Pyzor: Reported 10 times.
X-Spam-Report: 
    *  1.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records
    * -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
    *  2.9 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
    *  2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
Received: from delta.domenka (localhost.localdomain [127.0.0.1])
    by delta.domenka (8.14.1/8.14.1) with ESMTP id m5B7kn2H015987
    for <[email protected]>; Wed, 11 Jun 2008 09:46:49 +0200
Received: (from apache@localhost)
    by delta.domenka (8.14.1/8.14.1/Submit) id m5B7knFa015986
    for [email protected]; Wed, 11 Jun 2008 09:46:49 +0200
X-Authentication-Warning: delta.domenka: apache set sender to [email protected] using -f
Received: from admin1.domenka (admin1.domenka
    [192.168.2.20]) by poczta2.delta.domenka (Horde Framework) with
    HTTP; Wed, 11 Jun 2008 09:46:49 +0200
Message-ID:     <[email protected]>
Date: Wed, 11 Jun 2008 09:46:49 +0200
From: konrad <[email protected]>
To: [email protected]
Subject: **SPAM** spam
MIME-Version: 1.0
Content-Type: text/plain;
    charset=ISO-8859-2;
    DelSp="Yes";
    format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.0)
X-Spam-Prev-Subject: spam


spam

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

 

jedyna informacja od spamassasina w logach to:

log messages

Jun 11 10:09:05 delta spamd[16264]: spamd: server started on port 783/tcp (running version 3.2.4) 
Jun 11 10:09:05 delta spamd[16264]: spamd: server pid: 16264 
Jun 11 10:09:05 delta spamd[16264]: spamd: server successfully spawned child process, pid 16272 
Jun 11 10:09:05 delta spamd[16264]: spamd: server successfully spawned child process, pid 16273 
Jun 11 10:09:05 delta spamd[16264]: prefork: child states: IS 
Jun 11 10:09:05 delta spamd[16264]: prefork: child states: II

 

czyli info tylko o starcie spamassasina.

 

Gdzies na necie znalazlem gotowe skrypty do analizy logow wzgledem spamu, ale skrypty te u mnie nie dzialaja bo nie ma zadnej informacji ktora wiadomosc przeszla jako dobra a ktora przeszla jako spam.

 

Pozdrawiam

 

 

Odnośnik do komentarza
Udostępnij na innych stronach

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
×
×
  • Dodaj nową pozycję...