A log file analyzer for postfix, for small sites.
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
barnold 20bebe6c0c Fix a date in the readme. 9 months ago
Polyze Add the files. 9 months ago
LICENSE Initial commit 9 months ago
Makefile Add the files. 9 months ago
Polyze.pm Add the files. 9 months ago
README Fix a date in the readme. 9 months ago
polyze Add the files. 9 months ago
polyze.cron.daily Add the files. 9 months ago
send-polyze-daily Add the files. 9 months ago



This is a log file analyser for Postfix.  It reports on mail rejected
by Postfix, with the aim of helping avoid the rejection of legitimate
mail.  It aims to reports on all rejections so might not be suitable
for a high traffic site.

It runs on Debian and - probably - other systems where perl and bash
are available.

Example report

Begin example --->
2018-07-23 Monday's mail rejects.

    * _/506 example.com: me@example.com

  No reverse DNS
    2 _/703 spameri@tiscali.it

2/3 distinct/all rejects found.
683 log lines for Monday.
Report completed  2018-07-24 06:25:04 BST by Polyze.
<--- end example

The first line shows the calendar day reported on.  Rejections are
then grouped by recipient address, here "jbloggs" and
"spameri@tiscali.it".  Because jbloggs is a local user, the nonlocal
part is omitted.  The spameri address represents a relay attempt so
shows the targetted domain.

Rejections are then grouped by rejection reason, here "Greylist" followed by "No
reverse DNS".

The first rejection line, from left to right:

             *: the mail was later accepted by postgrey.
             _: replaces 'mail.log' (".1" likewise replaces "mail.log.1").
           506: line number of the first instance.
   example.com: sender's root domain (subdomain is elided).
me@example.com: from-address.

More about Greylist: the '*' indicates only that polyze found a later
'action=pass' line that matched the rejection.  It doesn't guarantee
that the mail was delivered since it might have been rejected for
another reason.  The search for the 'pass' line isn't confined to the
target day; polyze will search to the end of the last log file.

Rejections other than Greylist are assumed to be final.  Polyze
doesn't look at the SMTP status code.

In the other rejection line, beginning '2 _/703...', the 2 is a
"similarity count".  Two rejections are 'similar' if they match on all
of: the reason; the from address; the to address; and the sending
server's root domain (if available) or ip address.

When polyze finds a rejection it looks for a similar one that it found
already to increment its count.  If it doesn't find one it adds a new
rejection with a count of 1.  The example report shows three
rejections of which two are similar.


©Copyright <barnold@tilde.club>

polyze may be copied only under the same terms as perl[1] or under the
GNU GPL[2] (version 3 or later).  This is free software: you are free
to change and redistribute it.  There is NO WARRANTY, to the extent
permitted by law.

1. http://dev.perl.org/licenses/artistic.html
2. https://www.gnu.org/licenses/gpl-3.0.en.html




Install dependencies.

After a git clone, cd into polyze/ and with root privilege do

   # DESTDIR='' make install

To sanity check, run

   # polyze --help

To try it out, run

   # polyze

on its own and it will attempt to report on yesterday's mail
rejections, to standard output.


This assumes your system supports /etc/cron.daily/.

Included is /etc/cron.daily/polyze which mails the postmaster a report
on yesterday's rejections.  This cron script uses the postconf value
of mydomain for two things.  One is to infer the postmaster's email
address.  The other is the '--elide-domain' value (see 'polyze
--help').  To see the mydomain value, run

   $ postconf -h mydomain

If that prints 'example.com' then polyze mails its reports to
<postmaster@example.com> and it removes '@example.com' from reported
recipient addresses.  If you need a different domain, edit
/etc/cron.daily/polyze to change the argument passed to

There's no debian confile cleverness here unfortunately, so if you
ever re-install, you'll need to repeat your edit.  Or get your
'mydomain' set suitably.


Polyze should probably do something with the SMTP status code.

The perl modules lack pod.

Send bug reports or comments to <barnold@tilde.club>.