[Greylist-users] Re: looking at logs

Philip Kizer pckizer at nostrum.com
Sun May 2 08:20:29 PDT 2004 

martin dempsey <mjd at digitaleveryware.com> wrote:
>> How do I look at my graylisting logs anyway? I am using Exim 4.30 on
>> Debian 3.0. I would love to know how much is actually getting blocked.
>>
>Just like the sendmail version, its all in the database. So database queries 
>will pull out the information you need. 

For just knowing how much is blocked, you can use the already provided
db_maintenance.pl example script nightly from cron, the 'deleted' count
will pretty much tell you exactly what you're wanting to know (here's last
night's output from my system that's run at the same time every night):

  Loading Config File: [config-file-elidded]
  DBI Connecting to DBI:mysql:database=[DSN-elidded]
  3175956 copied/updated to reporting table
  497393 expired rows deleted from active table

With a small additions to the script, you can add your own reporting
features (I just added this to mine since I had been planning to anyway):

  Loading Config File: [config-file-elidded]
  DBI Connecting to DBI:mysql:database=[DSN-elidded]
  2674232 copied/updated to reporting table
  173 expired unused reverse rows deleted from active table
  155935 expired rows deleted from active table

just figure out what you want to report and add a section:

--- db_maintenance.pl-orig      Sun May  2 10:00:40 2004
+++ db_maintenance.pl   Sun May  2 09:49:54 2004
@@ -147,0 +148,4 @@
+  my $rows = $dbh->do("DELETE FROM relaytofrom WHERE record_expires < NOW() - INTERVAL 1 HOUR AND origin_type = 'AUTO' and relay_ip is NULL");
+  print "$rows expired unused reverse rows deleted from active table\n";
+
+  # delete any rows that expired more than an hour ago


If you're concerned about specific messages and their logs, I've sent some
patches to Evan; but I don't know if he's still concentrating on the CVS
version of the relaydelay.pl enough to apply patches (since I see from the
web-based ViewCVS that it hasn't been updated in 9 months).  Although this
doesn't look like it would help you (Christopher) if you're using the Exim
code rather than Evan's...

For those using Evan's, I can try to regenerate my patches as separate
entities since I've done a little rearranging, too, and a patch from the
CVS codebase to my running code would have quite a few unrelated changes.
One of the big changes for me is that every action my relaydelay.pl takes
is logged via syslog as mail.{notice,info,debug} (rather than being printed
to STDOUT) depending on the alert and the logs use the sendmail queue_id so
that I only have to look at one mail logfile to discern what was the
disposition for a particular message delivery attempt and if greylisting
was the deciding factor, which database row ID caused the final decision.


-philip

-- 
Philip Kizer, Chief Systems Engineer, Texas A&M University
USENIX Liaison to Texas A&M University         <usenix at tamu.edu>
Texas A&M CIS Operating Systems Group, Unix   <pckizer at tamu.edu>

More information about the Greylist-users mailing list