Todd Aiken | 1 Dec 17:37 2005
Picon

RE: SpamAssassin 3.1.0 auto-whitelist lockfile problem

> So ... a possible solution (I've not subjected this to any 
> testing with any version of SA other than 3.1.0).
> 
> Open "mimedefang.pl" and find the "spam_assassin_init" routine (line
> 6258 in MD 2.54).  Where it makes the new SpamAssassin object, add the
> parameter:
> 
>     userstate_dir => "/dir/where/you/want/db/files",
> 
> ... so the entire piece reads something like:
> 
>     $SASpamTester = Mail::SpamAssassin->new({
>         local_tests_only   => $SALocalTestsOnly,
>         dont_copy_prefs    => 1,
>         userprefs_filename => $config,
>         userstate_dir => "/dir/where/you/want/files",
>         LOCAL_RULES_DIR    => $LOCAL_RULES_DIR});
> 
> Usual rules apply for the directory - create it by hand and 
> make it 700 for your defang user.
> 
> This works for me on FC3.

Many thanks for that.  I've been wanting a long time to move the default
location out of root's home directory, and this did the trick.  Also
running MD 2.54 and SA 3.1.0 on a Slackware 10.1 box.

> Dunno if someone could put this into a nice configuration option :))

That would be nice.  :-D
(Continue reading)

Kenneth Porter | 2 Dec 02:16 2005

Humor: Foxtrot on malware

<http://images.ucomics.com/comics/ft/2005/ft051129.gif>
Mathew Thomas | 2 Dec 04:33 2005
Picon
Picon

Creating live graph for monitoring the mail systems

Hi

I use some Perl script to analyse the syslog which produces a lot of
information like total mail, no. inbound/outbound mail, no. of spam, no.
of mail with viruses, dropped mail, etc daily via a cron job. I would
like to use the data to produce some graph for live monitoring the mail
gateways via web. I can run the script every half an hour or 15 min and
produce the necessary data.

I don't know how to go ahead with it. Please reply. Thanks in advance
for the help

Mathew

Alan Premselaar | 2 Dec 06:20 2005

Re: Creating live graph for monitoring the mail systems


Mathew Thomas wrote:
> Hi
> 
> I use some Perl script to analyse the syslog which produces a lot of
> information like total mail, no. inbound/outbound mail, no. of spam, no.
> of mail with viruses, dropped mail, etc daily via a cron job. I would
> like to use the data to produce some graph for live monitoring the mail
> gateways via web. I can run the script every half an hour or 15 min and
> produce the necessary data.
> 
> I don't know how to go ahead with it. Please reply. Thanks in advance
> for the help
> 
> Mathew

Mathew,

  You can do all of that with Graphdefang, which should be in the
contrib directory of MIMEDefang.  I haven't checked to see if it's still
included, but it used to be.

not sure if this is exactly what you want, since it won't use your
script, but it should produce semi-real-time-graph-monitoring.

HTH

Alan
Kenneth Porter | 2 Dec 06:41 2005

Re: Creating live graph for monitoring the mail systems

--On Friday, December 02, 2005 2:33 PM +1100 Mathew Thomas 
<mathew.thomas <at> rmit.edu.au> wrote:

> I would
> like to use the data to produce some graph for live monitoring the mail
> gateways via web. I can run the script every half an hour or 15 min and
> produce the necessary data.

Look at graphdefang. It's in the MD distribution. I googled the other day 
and found a lot of public examples of it running.

<http://www.google.com/search?hl=en&q=%22Graphs+created+with+GraphDefang.%22&btnG=Google+Search>

Ashley M. Kirchner | 3 Dec 01:30 2005

Negative addresses??


    Can someone explain this to me?  It's from a spam message (in fact, 
a lot of them are coming through MD+SA these days) and they all show the 
same thing, negative numbers:

--------
Received: from -1216216520 ([222.60.136.228])
    by serpico.pcraft.com (8.13.0/8.13.0) with SMTP id jB30Mott008917
    for <ashley.kirchner <at> highpeaks.org>; Fri, 2 Dec 2005 17:22:54 -0700
Received: from goprat.com (-1216301840 [-1213314064])
    by ghfixtures.com (Qmailv1) with ESMTP id 8568A5A816
    for <ashley.kirchner <at> highpeaks.org>; Fri, 02 Dec 2005 17:22:58 -0800
--------
Received: from 1438002568 ([84.237.176.196])
    by serpico.pcraft.com (8.13.0/8.13.0) with SMTP id jB308JGl008642
    for <ashley.kirchner <at> highpeaks.org>; Fri, 2 Dec 2005 17:08:24 -0700
Received: from gradykelly.com (1480536112 [1438170304])
    by gn7.admefres.com (Qmailv1) with ESMTP id 3E3BC79B69
    for <ashley.kirchner <at> highpeaks.org>; Fri, 02 Dec 2005 20:14:54 -0500
--------

    By the way, the message sobject is always the same, 'Software'.

--

-- 
W | It's not a bug - it's an undocumented feature.
  +--------------------------------------------------------------------
  Ashley M. Kirchner <mailto:ashley <at> pcraft.com>   .   303.442.6410 x130
  IT Director / SysAdmin / Websmith             .     800.441.3873 x130
  Photo Craft Laboratories, Inc.            .     3550 Arapahoe Ave. #6
  http://www.pcraft.com ..... .  .    .       Boulder, CO 80303, U.S.A.
(Continue reading)

Kelson | 3 Dec 02:17 2005
Picon

Re: Negative addresses??

Ashley M. Kirchner wrote:
>    Can someone explain this to me?  It's from a spam message (in fact, a 
> lot of them are coming through MD+SA these days) and they all show the 
> same thing, negative numbers:
> 
> Received: from -1216216520 ([222.60.136.228])
>    by serpico.pcraft.com (8.13.0/8.13.0) with SMTP id jB30Mott008917
>    for <ashley.kirchner <at> highpeaks.org>; Fri, 2 Dec 2005 17:22:54 -0700

Here it looks like the negative number is actually the HELO string, 
which can be set to pretty much anything.

> Received: from goprat.com (-1216301840 [-1213314064])
>    by ghfixtures.com (Qmailv1) with ESMTP id 8568A5A816
>    for <ashley.kirchner <at> highpeaks.org>; Fri, 02 Dec 2005 17:22:58 -0800

Assuming serpico.pcraft.com is your server, this line is probably 
forged, so again anything could go into the spots.

If I were to guess, someone has spamwarethat's generating random numbers 
for fake IP addresses, but has an error in formatting, so they're 
getting displayed as negative integers instead of dotted quads.

--

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>
James Ebright | 3 Dec 22:01 2005

Re: Creating live graph for monitoring the mail systems

Providing you only return integers, MRTG woudld be simple to setup for this.

Graphdefang as already was mentioned is pretty simple to although the config
is not too well ocumented if I remember right (been a while).

If you return floating points then you should look at rddtool (which is what
MRTG is moving to soon as well).

Jim

On Fri, 02 Dec 2005 14:33:19 +1100, Mathew Thomas wrote
> Hi
> 
> I use some Perl script to analyse the syslog which produces a lot of
> information like total mail, no. inbound/outbound mail, no. of spam, 
> no. of mail with viruses, dropped mail, etc daily via a cron job. I would
> like to use the data to produce some graph for live monitoring the mail
> gateways via web. I can run the script every half an hour or 15 min and
> produce the necessary data.

--

James R. Ebright
ESISnet    252.672.5600
www.esisnet.com

Mack | 3 Dec 23:06 2005

RE: Creating live graph for monitoring the mail systems

If you have access to a mysql (or equiv) database, and use MD accordingly,
you can use JPGRAPH to produce some nice on the fly graphs

-----Original Message-----
From: mimedefang-bounces <at> lists.roaringpenguin.com
[mailto:mimedefang-bounces <at> lists.roaringpenguin.com]On Behalf Of Mathew
Thomas
Sent: 02 December 2005 03:33
To: mimedefang <at> lists.roaringpenguin.com
Subject: [Mimedefang] Creating live graph for monitoring the mail
systems

Hi

I use some Perl script to analyse the syslog which produces a lot of
information like total mail, no. inbound/outbound mail, no. of spam, no.
of mail with viruses, dropped mail, etc daily via a cron job. I would
like to use the data to produce some graph for live monitoring the mail
gateways via web. I can run the script every half an hour or 15 min and
produce the necessary data.

I don't know how to go ahead with it. Please reply. Thanks in advance
for the help

Mathew

_______________________________________________
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang <at> lists.roaringpenguin.com
(Continue reading)

Stewart | 5 Dec 05:55 2005
Picon

Re: Creating live graph for monitoring the mail systems


On 02/12/2005, at 4:20 PM, Alan Premselaar wrote:

>   You can do all of that with Graphdefang, which should be in the
> contrib directory of MIMEDefang.  I haven't checked to see if it's  
> still
> included, but it used to be.

..finally prodded to do something about it on my debian systems, i  
find it's not included in the mimedefang .deb but available as a  
separate package...

..S.

Gmane