barnold
/
polyze
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polyze/README

148 lines
4.0 KiB
Plaintext
Raw Permalink Blame History

About
-----
This is a log file analyser for Postfix. It reports on mail rejected
by Postfix, with the aim of helping avoid the rejection of legitimate
mail. It aims to reports on all rejections so might not be suitable
for a high traffic site.
It runs on Debian and - probably - other systems where perl and bash
are available.
Example report
--------------
Begin example --->
2018-07-23 Monday's mail rejects.
jbloggs
Greylist
* _/506 example.com: me@example.com
spameri@tiscali.it
No reverse DNS
2 _/703 190.116.27.234: spameri@tiscali.it
2/3 distinct/all rejects found.
683 log lines for Monday.
Report completed 2018-07-24 06:25:04 BST by Polyze.
<--- end example
The first line shows the calendar day reported on. Rejections are
then grouped by recipient address, here "jbloggs" and
"spameri@tiscali.it". Because jbloggs is a local user, the nonlocal
part is omitted. The spameri address represents a relay attempt so
shows the targetted domain.
Rejections are then grouped by rejection reason, here "Greylist" followed by "No
reverse DNS".
The first rejection line, from left to right:
*: the mail was later accepted by postgrey.
_: replaces 'mail.log' (".1" likewise replaces "mail.log.1").
506: line number of the first instance.
example.com: sender's root domain (subdomain is elided).
me@example.com: from-address.
More about Greylist: the '*' indicates only that polyze found a later
'action=pass' line that matched the rejection. It doesn't guarantee
that the mail was delivered since it might have been rejected for
another reason. The search for the 'pass' line isn't confined to the
target day; polyze will search to the end of the last log file.
Rejections other than Greylist are assumed to be final. Polyze
doesn't look at the SMTP status code.
In the other rejection line, beginning '2 _/703...', the 2 is a
"similarity count". Two rejections are 'similar' if they match on all
of: the reason; the from address; the to address; and the sending
server's root domain (if available) or ip address.
When polyze finds a rejection it looks for a similar one that it found
already to increment its count. If it doesn't find one it adds a new
rejection with a count of 1. The example report shows three
rejections of which two are similar.
Copying
-------
©Copyright <barnold@tilde.club>
polyze may be copied only under the same terms as perl[1] or under the
GNU GPL[2] (version 3 or later). This is free software: you are free
to change and redistribute it. There is NO WARRANTY, to the extent
permitted by law.
1. http://dev.perl.org/licenses/artistic.html
2. https://www.gnu.org/licenses/gpl-3.0.en.html
Dependencies
------------
postfix
libdomain-publicsuffix-perl
libdatetime-perl
libmoose-perl
libcommon-sense-perl
libnumber-format-perl
Installing
----------
Install dependencies.
After a git clone, cd into polyze/ and with root privilege do
# DESTDIR='' make install
To sanity check, run
# polyze --help
To try it out, run
# polyze
on its own and it will attempt to report on yesterday's mail
rejections, to standard output.
Cron
----
This assumes your system supports /etc/cron.daily/.
Included is /etc/cron.daily/polyze which mails the postmaster a report
on yesterday's rejections. This cron script uses the postconf value
of mydomain for two things. One is to infer the postmaster's email
address. The other is the '--elide-domain' value (see 'polyze
--help'). To see the mydomain value, run
$ postconf -h mydomain
If that prints 'example.com' then polyze mails its reports to
<postmaster@example.com> and it removes '@example.com' from reported
recipient addresses. If you need a different domain, edit
/etc/cron.daily/polyze to change the argument passed to
send-polyze-daily.
There's no debian confile cleverness here unfortunately, so if you
ever re-install, you'll need to repeat your edit. Or get your
'mydomain' set suitably.
Bugs
----
Polyze should probably do something with the SMTP status code.
The perl modules lack pod.
Send bug reports or comments to <barnold@tilde.club>.
Reference in New Issue View Git Blame Copy Permalink