From owner-freebsd-bugs Sat Feb 16 19:30:14 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8E9A337B41A for ; Sat, 16 Feb 2002 19:30:00 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1H3U0918517; Sat, 16 Feb 2002 19:30:00 -0800 (PST) (envelope-from gnats) Received: from corbulon.video-collage.com (corbulon.video-collage.com [64.35.99.179]) by hub.freebsd.org (Postfix) with ESMTP id 40E8737B402; Sat, 16 Feb 2002 19:22:46 -0800 (PST) Received: from corbulon.video-collage.com (localhost [127.0.0.1]) by corbulon.video-collage.com (8.12.2/8.12.2) with ESMTP id g1H3MXR5078162; Sat, 16 Feb 2002 22:22:33 -0500 (EST) (envelope-from mi@corbulon.video-collage.com) Received: (from root@localhost) by corbulon.video-collage.com (8.12.2/8.12.2/Submit) id g1H3MWRP078161; Sat, 16 Feb 2002 22:22:32 -0500 (EST) (envelope-from mi) Message-Id: <200202170322.g1H3MWRP078161@corbulon.video-collage.com> Date: Sat, 16 Feb 2002 22:22:32 -0500 (EST) From: Mikhail Teterin Reply-To: Mikhail Teterin To: FreeBSD-gnats-submit@freebsd.org Cc: brian@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/35018: enhancing daily/460.status-mail-rejects Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 35018 >Category: bin >Synopsis: enhancing daily/460.status-mail-rejects >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Feb 16 19:30:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: Mikhail Teterin >Release: FreeBSD 4.5-STABLE i386 >Organization: Virtual Estates, Inc. >Environment: System: FreeBSD corbulon.video-collage.com 4.5-STABLE FreeBSD 4.5-STABLE #1: Mon Feb 11 02:22:13 EST 2002 mi@corbulon.video-collage.com:/home/src/sys/compile/Corbulon i386 >Description: My primary trouble with the current version, is that it relies on the arg1 element of the logged string to contain the culprit. That is often a wrong assumption -- depending on the ruleset, arg1 may contain the local address, for example. The attached patch makes use of the relay= element of the string, processing its entire content -- not just the IP address. The patch also: . obviates the need for daily_status_mail_rejects_logs by using find(1) to find the maillog-s modified within the last two days . allows one to keep maillog-s bzip2-ed . removes one invocation of sort(1) and one of uniq(1) -- both, perl and awk are quite capable of counting and hashing . removes one invocation of date -- both awk and perl are capable of figuring out the todays date . stops the input processing as soon as the timestamp on the next line starts indicating today -- to save time . replaces perl with awk, because I don't know perl that well >How-To-Repeat: Here is the typical output of the current version. Note, that ALDAN.ALGEBRA.COM and virtual-estates.net are local machines here and are listed because certain addresses at them are blocked. Checking for rejected mail hosts: 7 ALDAN.ALGEBRA.COM 4 virtual-estates.net 4 [200.35.80.90] 3 [207.252.175.120] 2 imail.com 2 [61.144.185.23] 1 tig249-rsby.isp.net.au 1 spiderman.webworld1.net 1 host-148-244-121-173.block.alestra.net.mx 1 [216.105.175.129] 1 [208.60.110.2] 1 [200.74.132.158] 1 61-222-234-50.HINET-IP.hinet.net Here are the same logs processed by the new version: Checking for rejected mail hosts: 4 [200.35.80.90] 3 [207.252.175.120] 2 auction.jackpot.com [64.70.22.158] (may be forged) 2 [64.86.133.90] 2 [61.144.185.23] 1 tig249-rsby.isp.net.au [203.202.67.250] 1 qm-2.dlbdirect.com [64.152.73.103] 1 opt.edirectnetwork.net [66.115.47.116] (may be forged) 1 mailer5.hispeedoffers.com [64.32.63.39] 1 mail8.transcentives.net [216.23.198.158] 1 mail.bigfoot.com [64.15.239.140] 1 laoutbound3.jackpot.com [64.70.22.156] 1 host-148-244-121-173.block.alestra.net.mx [148.244.121.173] 1 cc7.optinmail.cc [64.38.239.36] 1 cc43.optinmail.cc [64.38.239.149] 1 cc42.optinmail.cc [64.38.239.148] 1 cc13.optinmail.cc [64.38.239.77] 1 [216.105.175.129] 1 [211.20.3.171] 1 [208.60.110.2] 1 [203.247.158.7] 1 [200.74.132.158] 1 61-222-234-50.HINET-IP.hinet.net [61.222.234.50] >Fix: --- 460.status-mail-rejects Tue Oct 31 18:47:27 2000 +++ 460.status-mail-rejects Sat Feb 16 22:05:02 2002 @@ -33,23 +33,32 @@ echo Checking for rejected mail hosts: - start=`date -v-1d '+%b %d' | sed 's/0\(.\)$/ \1/'` - n=$(($daily_status_mail_rejects_logs - 2)) rc=$({ - while [ $n -ge 0 ] + for f in `find /var/log -name maillog\* \ + \( -mtime 1 -o -mtime 2 \) | xargs ls -tr` do - if [ -f /var/log/maillog.$n ] - then - cat /var/log/maillog.$n - elif [ -f /var/log/maillog.$n.gz ] - then - zcat -fc /var/log/maillog.$n.gz - fi - n=$(($n - 1)) + case $f in + *.gz) zcat -fc $f;; + *.bz2) bzip2 -cd $f;; + *) cat $f;; + esac done - cat /var/log/maillog - } | - perl -ne "print \"\$2\n\" - if (/reject=/ and /^$start.*ruleset=check_\S+,\s+arg1=(<[^@]+@)?([^>,]+).*reject=/o);" | - sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l) + } | awk ' + BEGIN { + today=systime(); + yesterday=strftime("%b %d", today-86400); + today=strftime("%b %d", today); + } + { + relay=gensub("^" yesterday ".*, relay=([^,]+), reject=.*", + "\\1", 1); + if (relay != $0) + rejects[relay]++; + else if (match($0, "^" today)) + exit; + } + END { + for (relay in rejects) + printf("%4d %s\n", rejects[relay], relay); + }' | sort -fnr | tee /dev/stderr | wc -l) [ $rc -gt 0 ] && rc=1 fi;; >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message