Guest User

spamdyke-stats

a guest
Oct 24th, 2011
782
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl -w
  2.  
  3. # This code was written by Felix Buenemann.
  4. #
  5. # It was posted to the spamdyke-users mailing list on Nov 4 2008.
  6. #
  7. # It has been modified by Brent Gardner:
  8. # - removed commented-out code
  9. # - fixed some indenting 'cause I have OCD :P
  10. # - fixed a bug that prevented processing of Spamdyke info in Qmail logs
  11. #
  12.  
  13.  
  14. my $build = "2010022601";
  15. use diagnostics;
  16. use strict;
  17. use Getopt::Long;
  18. my $tldtop = 0;
  19. my $detailed = 1;
  20. my $syslog = 1;
  21. GetOptions (
  22.         "tld=i"   => \$tldtop,
  23.         "detail!" => \$detailed
  24. ) or exit 1;
  25.  
  26. # Usage:  # cat /var/log/qmail/smtpd/current | ./this_file
  27.  
  28. my %status = ();        # hash of status connections
  29. my %origin = ();        # hash of tld per status code
  30. my %originsum = ();     # hash of tld per status code sums
  31. my %rblstat = ();       # hash of DNSBL lists matched
  32. my %rhsblstat = ();     # hash of RHSBL lists matched
  33. my %rdnsblstat = ();    # hash of patterns in IP_IN_RDNS_BLACKLIST  matched
  34. my ($allow, $deny, $timeout, $error, $allowpercentage, $timeoutpercentage,
  35. $errorpercentage, $spampercentage, $sum, $rblsum, $rhsblsum, $rdnsblsum);
  36.  
  37. sub percentage {
  38.         my $num = pop;
  39.         my $sum = pop;
  40.         return "  0.00%" unless $sum;
  41.         $num = $num/$sum*100.0;
  42.         return sprintf("%3d.%02d%%", $num, ($num - int($num))*100);
  43. }
  44.  
  45. #print "spamdyke-stats build $build\n\n";
  46.  
  47. while(<>){
  48.         if( substr($_,0,1) eq '@' ) {
  49.  
  50.                 # this gets rid of the leading 25-char timestamp and a space
  51.                 #
  52.                 $_ = substr $_,26;
  53.  
  54.                 # BG: this gets rid of all lines that don't start with "spamdyke[<pid>]: "
  55.                 #
  56.                 next unless ( m/(^spamdyke\[[0-9]+\]: )(.*)/i );
  57.  
  58.                 # BG: this in conjunction with the previous line gets rid of the leading "spamdyke[<pid>]: "
  59.                 #
  60.                 $_ = $2;
  61.  
  62.         } else {
  63.                 my ($hostname,$id,$line) = split / /, substr($_,16), 3;
  64.                 next unless substr($id,0,9) eq 'spamdyke[';
  65.                 $_ = $line;
  66.         }
  67.         if( m/^(ALLOWED|ERROR|TIMEOUT|((DENIED|FILTER)_[^ ]+))/ ) {
  68.                 my $line = substr $_,length $1;
  69.                 $_ = $1;
  70.                 if( $detailed ) {
  71.                         if( m/FILTER_RBL_MATCH/ ){
  72.                                 $line =~ m/rbl: (\S+)/;
  73.                                 $rblstat{$1}++;
  74.                                 $rblsum++;
  75.                         }
  76.                         elsif( m/FILTER_RHSBL_MATCH/ ){
  77.                                 $line =~ m/rhsbl: (\S+)/;
  78.                                 $rhsblstat{$1}++;
  79.                                 $rhsblsum++;
  80.                         }
  81.                         elsif( m/FILTER_IP_IN_RDNS_BLACKLIST/ ){
  82.                                 $line =~ m/keyword: (\S+)/;
  83.                                 $rdnsblstat{$1}++;
  84.                                 $rdnsblsum++;
  85.                         }
  86.                 }
  87.                 next if m/^FILTER_/;
  88.                 $status{$_}++;
  89.                 if($tldtop and $line =~ m/ origin_rdns: ([^ ]+)/) {
  90.                         my $rdns = $1;
  91.                         $originsum{$_}++;
  92.                         if($rdns =~ m/^\(unknown\)$/){
  93.                                 next;
  94.                         } elsif($rdns =~ m/\.(com|net)$/){
  95.                                 $origin{$_}{$1}++;
  96.                         } elsif($rdns =~ m/\.([a-z]{2,2}\.[a-z]{2,2})$/){ # co.uk
  97.                                 $origin{$_}{$1}++;
  98.                         } elsif($rdns =~ m/\.([a-z]{2,})$/){ # de, ru, ...
  99.                                 $origin{$_}{$1}++
  100.                         } else {
  101.                                 next;
  102.                         }
  103.                 }
  104.         }
  105. }
  106.  
  107. $allow = 0;
  108. $deny = 0;
  109. $error = 0;
  110. $timeout = 0;
  111.  
  112. foreach my $stat (sort keys %status){
  113.         if( $stat =~ m/ALLOWED/ ){
  114.                 $allow = $status{$stat};
  115.         }
  116.         elsif( $stat =~ m/TIMEOUT/ ){
  117.                 $timeout += $status{$stat};
  118.         }
  119.         elsif( $stat =~ m/ERROR/ ){
  120.                 $error += $status{$stat};
  121.         }
  122.         else{
  123.                 $deny += $status{$stat};
  124.         }
  125. }
  126. $sum = ($deny + $error + $timeout + $allow);
  127.  
  128. foreach my $key (sort { $status{$b} <=> $status{$a} || $a cmp $b; } keys %status){
  129.         printf "%8d  %s  $key\n", $status{$key}, percentage($sum, $status{$key});
  130.         if(length %rblstat and $key eq "DENIED_RBL_MATCH" ){
  131.                 print "--------------- Breakdown ---------------\n";
  132.                 foreach my $key (sort { $rblstat{$b} <=> $rblstat{$a} || $a cmp $b; } keys %rblstat){
  133.                         printf "%8d  %s  $key\n", $rblstat{$key}, percentage($rblsum,$rblstat{$key});
  134.                 }
  135.                 print "-----------------------------------------\n";
  136.         }
  137.         elsif(length %rhsblstat and $key eq "DENIED_RHSBL_MATCH" ){
  138.                 print "--------------- Breakdown ---------------\n";
  139.                 foreach my $key (sort { $rhsblstat{$b} <=> $rblstat{$a} || $a cmp $b; } keys %rhsblstat){
  140.                         printf "%8d  %s  $key\n", $rhsblstat{$key}, percentage($rhsblsum,$rhsblstat{$key});
  141.                 }
  142.                 print "-----------------------------------------\n";
  143.         }
  144.         elsif(length %rdnsblstat and $key eq "DENIED_IP_IN_RDNS" ){
  145.                 print "--------------- Breakdown ---------------\n";
  146.                 foreach my $key (sort { $rdnsblstat{$b} <=> $rdnsblstat{$a} || $a cmp $b; } keys %rdnsblstat){
  147.                         printf "%8d  %s  $key\n", $rdnsblstat{$key}, percentage($rdnsblsum,$rdnsblstat{$key});
  148.                 }
  149.                 print "-----------------------------------------\n";
  150.         }
  151.         if($tldtop && $origin{$key}) {
  152.                 my $top = $tldtop;
  153.                 print "--------------- Top $top TLD ---------------\n";
  154.                 my $tldsum = 0;
  155.                 my $lastsum = 0;
  156.                 my @tldgroup = ();
  157.                 my %neworigin = ();
  158.                 foreach my $tld (sort { $origin{$key}{$a} <=> $origin{$key}{$b} } keys %{$origin{$key}}){
  159.                         if(($origin{$key}{$tld}/$originsum{$key}*100) == $lastsum) {
  160.                                 push(@tldgroup, $tld);
  161.                         } else {
  162.                                 if(scalar @tldgroup) {
  163.                                         $neworigin{join(', ', @tldgroup)} = $lastsum;
  164.                                         @tldgroup = ();
  165.                                 }
  166.                                 push(@tldgroup, $tld);
  167.                         }
  168.                         $lastsum = $origin{$key}{$tld}/$originsum{$key}*100;
  169.                         $tldsum += $origin{$key}{$tld};
  170.                 }
  171.                 if(scalar @tldgroup) {
  172.                         $neworigin{join(', ', @tldgroup)} = $lastsum * length @tldgroup;
  173.                 }
  174.                 foreach my $tld (sort { $neworigin{$b} <=> $neworigin{$a} } keys %neworigin){
  175.                         printf "%s\t$tld\n", percentage($originsum{$key}, $neworigin{$tld}/100.0*$originsum{$key});
  176.                         last unless --$top;
  177.                 }
  178.                 print "-----------------------------------------\n";
  179.         }
  180.        
  181. }
  182. my $format_summary = "%8d  %s";
  183. print "\n";
  184. print "---------------- Summary ----------------\n";
  185. printf "Allowed: $format_summary\n", $allow, percentage($sum, $allow);
  186. printf "Timeout: $format_summary\n", $timeout, percentage($sum, $timeout);
  187. printf "Errors : $format_summary\n", $error, percentage($sum, $error);
  188. printf "Denied : $format_summary\n", $deny, percentage($sum, $deny);
  189. printf "Total  : $format_summary\n", $sum, percentage($sum, $sum);
  190.  
  191.  
  192.  
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×