2004.02_Charly's Column-Spamstats-Who is Causing You the Most Trouble.pdf

SYSADMIN

Charly’s Column

Dirt Tracker

The popular Spamassassin tool reliably filters genuine messages from

the usual digital garbage. The Spamstats program monitors the spam

killer and reports on its activities, enabling you to actively tailor the

filters and monitor spam trends. BY CHARLY KÜHNAST

vent spam, this has had no

noticeable effect on the tons of

unsolicited mail that hit most mailboxes.

Most admins use Spamassassin [1] to

defend their networks, and the tool per-

forms very well. Unfortunately, that

means you need a tool to monitor the

spam killer’s activities: enter Spamstats.

Spamstats [2] creates precise statistics

for email handling and calculates the

spam quota. The compressed package

weighs in at a mere 13.5 Kbytes, and

provides a very readable README that

tells you all about the way Spamstats

works. The script itself is written in Perl,

and requires the Perl modules Getopt::

Long and Compress::Zlib. If you do not

have these, you should surf to CPAN to

obtain them:

ters that Spamstats accepts.

Only one of these parameters is

really necessary, and that is -f / path/log-

file.

In the current version, Spamstats reads

logfiles created by Exim, Postfix, and

Sendmail, in combination with Spam-

assassin’s spamd . Qmail support is

planned. Spamstats can handle multiple

logs at the same time; they can even be

compressed. That means the following

syntax

another gimmick: If you ask, Spamstats

will tell you which email accounts have

been hit hardest by spammers. For exam-

ple, if I want to know which three

accounts have been hit hardest by spam-

mers, I can simply type

/usr/local/bin/spamstats U

0.4b5.pl -f /var/log/mail U

-number 3

/usr/local/bin/spamstats U

0.4b5.pl -f /var/log/mail /var/ U

archive/altmail.gz

In my case, the winner is the account I

use for Usenet posting – and that is no

big surprise. Maybe I should feed the

data I collected to RRDTool to visualize

my spam trends over a longer period of

time? But then again, the results might

be depressing.

is perfectly okay. I tried this out with my

own Postfix/Spamassassin – but only for

the current log that contains new entries

created after 0:00 hours – this produced

the output shown in Figure 1.

■

perl -MCPAN -e 'shell'

cpan> install Compress::Zlib

cpan> install Getopt::Long

INFO

Good Morning

Hey, 23 percent spam quota – that’s less

than my normal average! But then again

it is Monday morning, so the credit card

vendors and “cheapest Vi*gr* suppliers”

will not be online yet.

If you want to publish your Spamstats

on the Web, you can enable HTML out-

put with the -html flag. And there is

[1] Spamassassin:

http://eu3.spamassassin.org

[2] Spamstats: http://www.gryzor.com/tools/

#spamstats

Following this, a call to

/usr/local/bin/spamstats U

0.4b5.pl -help

Charly Kühnast is a

Unix System Man-

ager at the data-

center in Moers, near

Germany’s famous

River Rhine. His tasks

include ensuring fire-

wall security and availability and

taking care of the DMZ (demilitarized

zone). Although Charly started out on

IBM mainframes, he has been working

almost exclusively with Linux since

1995. To stay in shape he tries to get in

some karate training on his leisure

time.

outputs a short overview of the parame-

SYSADMIN

Network Monitoring ............ 57

Creating a toolset to monitor your network

and predicts damaging problems before

they cause too much damage.

Admin Workshop ................... 62

Just who has logged onto your system?

When and where did they enter? Trace all

your users for auditing.

Figure 1: 23 percent of all received messages are

spam

February 2004

www.linux-magazine.com

The Sysadmin’s Daily Grind: Spamstats

A lthough there is legislation to pre-

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: