You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|barnold 20bebe6c0c||9 months ago|
|Polyze||9 months ago|
|LICENSE||9 months ago|
|Makefile||9 months ago|
|Polyze.pm||9 months ago|
|README||9 months ago|
|polyze||9 months ago|
|polyze.cron.daily||9 months ago|
|send-polyze-daily||9 months ago|
About ----- This is a log file analyser for Postfix. It reports on mail rejected by Postfix, with the aim of helping avoid the rejection of legitimate mail. It aims to reports on all rejections so might not be suitable for a high traffic site. It runs on Debian and - probably - other systems where perl and bash are available. Example report -------------- Begin example ---> 2018-07-23 Monday's mail rejects. jbloggs Greylist * _/506 example.com: firstname.lastname@example.org email@example.com No reverse DNS 2 _/703 220.127.116.11: firstname.lastname@example.org 2/3 distinct/all rejects found. 683 log lines for Monday. Report completed 2018-07-24 06:25:04 BST by Polyze. <--- end example The first line shows the calendar day reported on. Rejections are then grouped by recipient address, here "jbloggs" and "email@example.com". Because jbloggs is a local user, the nonlocal part is omitted. The spameri address represents a relay attempt so shows the targetted domain. Rejections are then grouped by rejection reason, here "Greylist" followed by "No reverse DNS". The first rejection line, from left to right: *: the mail was later accepted by postgrey. _: replaces 'mail.log' (".1" likewise replaces "mail.log.1"). 506: line number of the first instance. example.com: sender's root domain (subdomain is elided). firstname.lastname@example.org: from-address. More about Greylist: the '*' indicates only that polyze found a later 'action=pass' line that matched the rejection. It doesn't guarantee that the mail was delivered since it might have been rejected for another reason. The search for the 'pass' line isn't confined to the target day; polyze will search to the end of the last log file. Rejections other than Greylist are assumed to be final. Polyze doesn't look at the SMTP status code. In the other rejection line, beginning '2 _/703...', the 2 is a "similarity count". Two rejections are 'similar' if they match on all of: the reason; the from address; the to address; and the sending server's root domain (if available) or ip address. When polyze finds a rejection it looks for a similar one that it found already to increment its count. If it doesn't find one it adds a new rejection with a count of 1. The example report shows three rejections of which two are similar. Copying ------- ©Copyright <email@example.com> polyze may be copied only under the same terms as perl or under the GNU GPL (version 3 or later). This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. 1. http://dev.perl.org/licenses/artistic.html 2. https://www.gnu.org/licenses/gpl-3.0.en.html Dependencies ------------ postfix libdomain-publicsuffix-perl libdatetime-perl libmoose-perl libcommon-sense-perl libnumber-format-perl Installing ---------- Install dependencies. After a git clone, cd into polyze/ and with root privilege do # DESTDIR='' make install To sanity check, run # polyze --help To try it out, run # polyze on its own and it will attempt to report on yesterday's mail rejections, to standard output. Cron ---- This assumes your system supports /etc/cron.daily/. Included is /etc/cron.daily/polyze which mails the postmaster a report on yesterday's rejections. This cron script uses the postconf value of mydomain for two things. One is to infer the postmaster's email address. The other is the '--elide-domain' value (see 'polyze --help'). To see the mydomain value, run $ postconf -h mydomain If that prints 'example.com' then polyze mails its reports to <firstname.lastname@example.org> and it removes '@example.com' from reported recipient addresses. If you need a different domain, edit /etc/cron.daily/polyze to change the argument passed to send-polyze-daily. There's no debian confile cleverness here unfortunately, so if you ever re-install, you'll need to repeat your edit. Or get your 'mydomain' set suitably. Bugs ---- Polyze should probably do something with the SMTP status code. The perl modules lack pod. Send bug reports or comments to <email@example.com>.