[CLUE-Tech] spam assassin
Mike Staver
staver at fimble.com
Wed Dec 17 17:31:42 MST 2003
Thanks steve, I have decided use that type of logic for a script like this:
grep -e "identified spam" /var/log/maillog* > spam.txt
grep -e "for bart" spam.txt | wc -l
grep -e "for staver" spam.txt | wc -l
etc
This has brought up a very interesting issue for me... I just started
checking maillog.1, maillog.2, etc. They are all void of spam assassin
messages, when I *know* I got spam during those time periods. Is syslog
doing something to strip those log files of the messages I'm looking for
when it rotates the logs from maillog to maillog.x? I'm using Red Hat 9
BTW.
Casagrande, Steve wrote:
> Why not just do this:
>
> $ grep -e "identified spam" /var/log/maillog* | grep "for bart" | wc -l
>
> Your example found the union, you want the intersection.
>
> You might also want to play with "cut", "sort", and "uniq" to print out the
> list of spam counts for each user. I'm away from a unix box right now (and
> it's been a while), but how about this (not sure about the cut part... I can
> never seem to remember if it starts with f0 or f1!)
>
> $ grep "identified spam" /var/log/maillog* | cut -d' ' -f5 |cut -d:
> -f1 | sort | uniq -c
>
> First grep pulls only the spam lines
> First cut jumps to the user name (5th field)
> Second cut pulls out everything after the ":" (didn't want that)
> Sort the names so that
> Uniq can count them.
>
> I think some versions of uniq can handle unsorted lists... but this should
> always work.
>
> Steve Casagrande
>
>
> -----Original Message-----
> From: Mike Staver [mailto:staver at fimble.com]
> Sent: Wednesday, December 17, 2003 3:46 PM
> To: clue-tech at clue.denver.co.us
> Subject: Re: [CLUE-Tech] spam assassin
>
>
> Jeremy - I have modified the command slightly here to this:
>
> grep "identified spam" /var/log/maillog* | wc -l
>
> That way it gets all my mail logs... my only other question is, I'm
> trying to figure out how to make so that it does this for a specific
> user. In the logs, I see this:
>
> identified spam (7.9/5.0) for bart:506 in 0.4 seconds, 1792 bytes.
>
> So, using "identified spam (7.9/5.0) for bart" won't work because of the
> changing numbers. Is there a way to use an expression of some kind
> while using grep? I've tried
>
> grep -e "identified spam" -e "for bart" /var/log/maillog* | wc -l
>
> And it returned a number, I just have no idea if it's correct. It seems
> very high to me, and I'm sure it's not correct, as you can see from the
> results below:
>
> [root at fimble staver]# grep -e "identified spam" -e "for bart"
> /var/log/maillog* | wc -l
> 10736
> [root at fimble staver]# grep "identified spam" /var/log/maillog* | wc -l
> 8755
>
> My end goal is to write a small perl script I can submit to a cron job
> and have it dump the results in a mysql table. I'll then write a php
> script to graph the data, and show results based on each user vs the
> grand total for certain weeks, etc.
>
> Jeremy Huber wrote:
>
>
>>The EASIEST way I've found is to watch /var/log/maillog for the spamd
>>messages.. `grep "identified spam" maillog | wc -l` for the number of
>
> spam,
>
>>`grep "clean message" maillog | wc -l` for the number of ham. There's
>>various stat scripts that come with spamassasin, but I've never gotten
>
> them
>
>>to work under a sitewide configuration as I use... You're probably better
>>off writing your own.
>>
>>Jeremy
>>----- Original Message -----
>>From: "Mike Staver" <staver at fimble.com>
>>To: "CLUE LUG" <clue-tech at clue.denver.co.us>
>>Sent: Tuesday, December 16, 2003 1:32 PM
>>Subject: [CLUE-Tech] spam assassin
>>
>>
>>
>>
>>>Is there a way to get statistics of spam assassin's work? For example,
>>>I'm just curious how many emails have been sent through it and how many
>>>are spam vs real, etc.
>>>--
>>>
>>> -Mike Staver
>>> staver at fimble.com
>>> mstaver at globaltaxnetwork.com
>>>_______________________________________________
>>>CLUE-Tech mailing list
>>>Post messages to: CLUE-Tech at clue.denver.co.us
>>>Unsubscribe or manage your options:
>>
>>http://clue.denver.co.us/mailman/listinfo/clue-tech
>>
>>
>>_______________________________________________
>>CLUE-Tech mailing list
>>Post messages to: CLUE-Tech at clue.denver.co.us
>>Unsubscribe or manage your options:
>
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list