Date: Sat, 16 Feb 2002 22:22:32 -0500 (EST) From: Mikhail Teterin <mi@corbulon.video-collage.com> To: FreeBSD-gnats-submit@freebsd.org Cc: brian@freebsd.org Subject: bin/35018: enhancing daily/460.status-mail-rejects Message-ID: <200202170322.g1H3MWRP078161@corbulon.video-collage.com>
next in thread | raw e-mail | index | archive | help
>Number: 35018
>Category: bin
>Synopsis: enhancing daily/460.status-mail-rejects
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 16 19:30:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Mikhail Teterin
>Release: FreeBSD 4.5-STABLE i386
>Organization:
Virtual Estates, Inc.
>Environment:
System: FreeBSD corbulon.video-collage.com 4.5-STABLE FreeBSD 4.5-STABLE #1: Mon Feb 11 02:22:13 EST 2002 mi@corbulon.video-collage.com:/home/src/sys/compile/Corbulon i386
>Description:
My primary trouble with the current version, is that it relies
on the arg1 element of the logged string to contain the culprit.
That is often a wrong assumption -- depending on the ruleset, arg1
may contain the local address, for example.
The attached patch makes use of the relay= element of the string,
processing its entire content -- not just the IP address.
The patch also:
. obviates the need for
daily_status_mail_rejects_logs
by using find(1) to find the maillog-s modified within
the last two days
. allows one to keep maillog-s bzip2-ed
. removes one invocation of sort(1) and one of uniq(1) --
both, perl and awk are quite capable of counting and
hashing
. removes one invocation of date -- both awk and perl
are capable of figuring out the todays date
. stops the input processing as soon as the timestamp
on the next line starts indicating today -- to save time
. replaces perl with awk, because I don't know perl that
well
>How-To-Repeat:
Here is the typical output of the current version. Note, that
ALDAN.ALGEBRA.COM and virtual-estates.net are local machines
here and are listed because certain addresses at them are blocked.
Checking for rejected mail hosts:
7 ALDAN.ALGEBRA.COM
4 virtual-estates.net
4 [200.35.80.90]
3 [207.252.175.120]
2 imail.com
2 [61.144.185.23]
1 tig249-rsby.isp.net.au
1 spiderman.webworld1.net
1 host-148-244-121-173.block.alestra.net.mx
1 [216.105.175.129]
1 [208.60.110.2]
1 [200.74.132.158]
1 61-222-234-50.HINET-IP.hinet.net
Here are the same logs processed by the new version:
Checking for rejected mail hosts:
4 [200.35.80.90]
3 [207.252.175.120]
2 auction.jackpot.com [64.70.22.158] (may be forged)
2 [64.86.133.90]
2 [61.144.185.23]
1 tig249-rsby.isp.net.au [203.202.67.250]
1 qm-2.dlbdirect.com [64.152.73.103]
1 opt.edirectnetwork.net [66.115.47.116] (may be forged)
1 mailer5.hispeedoffers.com [64.32.63.39]
1 mail8.transcentives.net [216.23.198.158]
1 mail.bigfoot.com [64.15.239.140]
1 laoutbound3.jackpot.com [64.70.22.156]
1 host-148-244-121-173.block.alestra.net.mx [148.244.121.173]
1 cc7.optinmail.cc [64.38.239.36]
1 cc43.optinmail.cc [64.38.239.149]
1 cc42.optinmail.cc [64.38.239.148]
1 cc13.optinmail.cc [64.38.239.77]
1 [216.105.175.129]
1 [211.20.3.171]
1 [208.60.110.2]
1 [203.247.158.7]
1 [200.74.132.158]
1 61-222-234-50.HINET-IP.hinet.net [61.222.234.50]
>Fix:
--- 460.status-mail-rejects Tue Oct 31 18:47:27 2000
+++ 460.status-mail-rejects Sat Feb 16 22:05:02 2002
@@ -33,23 +33,32 @@
echo Checking for rejected mail hosts:
- start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'`
- n=$(($daily_status_mail_rejects_logs - 2))
rc=$({
- while [ $n -ge 0 ]
+ for f in `find /var/log -name maillog\* \
+ \( -mtime 1 -o -mtime 2 \) | xargs ls -tr`
do
- if [ -f /var/log/maillog.$n ]
- then
- cat /var/log/maillog.$n
- elif [ -f /var/log/maillog.$n.gz ]
- then
- zcat -fc /var/log/maillog.$n.gz
- fi
- n=$(($n - 1))
+ case $f in
+ *.gz) zcat -fc $f;;
+ *.bz2) bzip2 -cd $f;;
+ *) cat $f;;
+ esac
done
- cat /var/log/maillog
- } |
- perl -ne "print \"\$2\n\"
- if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" |
- sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l)
+ } | awk '
+ BEGIN {
+ today=systime();
+ yesterday=strftime("%b %d", today-86400);
+ today=strftime("%b %d", today);
+ }
+ {
+ relay=gensub("^" yesterday ".*, relay=([^,]+), reject=.*",
+ "\\1", 1);
+ if (relay != $0)
+ rejects[relay]++;
+ else if (match($0, "^" today))
+ exit;
+ }
+ END {
+ for (relay in rejects)
+ printf("%4d %s\n", rejects[relay], relay);
+ }' | sort -fnr | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi;;
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202170322.g1H3MWRP078161>