#!PERL_COMMAND -w
-# $Cambridge: exim/src/src/eximstats.src,v 1.15 2007/04/03 15:50:58 steve Exp $
-# Copyright (c) 2001 University of Cambridge.
+# Copyright (c) 2001-2014 University of Cambridge.
# See the file NOTICE for conditions of use and distribution.
# Perl script to generate statistics from one or more Exim log files.
# Fixed Grand Total Summary Domains, Edomains, and Email columns
# for Rejects, Temp Rejects, Ham, and Spam rows.
#
+# 2007-04-11 V1.58 Steve Campbell
+# Fix to get <> and blackhole to show in edomain tables.
+#
+# 2007-09-20 V1.59 Steve Campbell
+# Added the -bylocaldomain option
+#
+# 2007-09-20 V1.60 Heiko Schlittermann
+# Fix for misinterpreted log lines
+#
+# 2013-01-14 V1.61 Steve Campbell
+# Watch out for senders sending "HELO [IpAddr]"
#
#
# For documentation on the logfile format, see
Show the delivery times (B<DT>)for all the messages.
-Exim must have been configured to use the +delivery_time logging option
+Exim must have been configured to use the +deliver_time logging option
for this option to work.
I<list> is an optional list of times. Eg -show_dt1,2,4,8 will show
This program does not perfectly handle messages whose received
and delivered log lines are in different files, which can happen
when you have multiple mail servers and a message cannot be
-immeadiately delivered. Fixing this could be tricky...
+immediately delivered. Fixing this could be tricky...
Merging of xls files is not (yet) possible. Be free to implement :)
@days_per_month = (0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334);
$gig = 1024 * 1024 * 1024;
-$VERSION = '1.57';
+$VERSION = '1.61';
# How much space do we allow for the Hosts/Domains/Emails/Edomains column headers?
$COLUMN_WIDTHS = 8;
# The following are parameters whose values are
# set by command line switches:
use vars qw($show_errors $show_relay $show_transport $transport_pattern);
-use vars qw($topcount $local_league_table $include_remote_users);
+use vars qw($topcount $local_league_table $include_remote_users $do_local_domain);
use vars qw($hist_opt $hist_interval $hist_number $volume_rounding $emptyOK);
use vars qw($relay_pattern @queue_times @user_patterns @user_descriptions);
use vars qw(@rcpt_times @delivery_times);
use vars qw(%delivered_messages %delivered_data %delivered_data_gigs %delivered_addresses);
use vars qw(%received_count_user %received_data_user %received_data_gigs_user);
use vars qw(%delivered_messages_user %delivered_addresses_user %delivered_data_user %delivered_data_gigs_user);
+use vars qw(%delivered_messages_local_domain %delivered_addresses_local_domain %delivered_data_local_domain %delivered_data_gigs_local_domain);
use vars qw(%transported_count %transported_data %transported_data_gigs);
use vars qw(%relayed %errors_count $message_errors);
use vars qw(@qt_all_bin @qt_remote_bin);
-bydomain show results by sending domain.
-byemail show results by sender's email address
-byedomain show results by sender's email domain
+-bylocaldomain show results by local domain
-pattern "Description" /pattern/
Count lines matching specified patterns and show them in
my $parser = '
my($ip,$host,$email,$edomain,$domain,$thissize,$size,$old,$new);
my($tod,$m_hour,$m_min,$id,$flag,$extra,$length);
- my($seconds,$queued,$rcpt_time);
+ my($seconds,$queued,$rcpt_time,$local_domain);
my $rej_id = 0;
while (<$fh>) {
# "H=Host (UnverifiedHost) [IpAddr]" or "H=(UnverifiedHost) [IpAddr]".
# We do 2 separate matches to keep the matches simple and fast.
# Host is local unless otherwise specified.
- $ip = (/\\bH=.*?(\\[[^]]+\\])/) ? $1 : "local";
+ # Watch out for "H=([IpAddr])" in case they send "[IpAddr]" as their HELO!
+ $ip = (/\\bH=(?:|.*? )(\\[[^]]+\\])/) ? $1
+ # 2008-03-31 06:25:22 Connection from [213.246.33.217]:39456 refused: too many connections from that IP address // .hs
+ : (/Connection from (\[\S+\])/) ? $1
+ # 2008-03-31 06:52:40 SMTP call from mail.cacoshrf.com (ccsd02.ccsd.local) [69.24.118.229]:4511 dropped: too many nonmail commands (last was "RSET") // .hs
+ : (/SMTP call from .*?(\[\S+\])/) ? $1
+ : "local";
$host = (/\\bH=(\\S+)/) ? $1 : "local";
$domain = "localdomain"; #Domain is localdomain unless otherwise specified.
#IFDEF ($do_sender{Domain})
- if ($host !~ /^\\[/ && $host =~ /^(\\(?)[^\\.]+\\.([^\\.]+\\..*)/) {
+ if ($host =~ /^\\[/ || $host =~ /^[\\d\\.]+$/) {
+ # Host is just an IP address.
+ $domain = $host;
+ }
+ elsif ($host =~ /^(\\(?)[^\\.]+\\.([^\\.]+\\..*)/) {
# Remove the host portion from the DNS name. We ensure that we end up
# with at least xxx.yyy. $host can be "(x.y.z)" or "x.y.z".
$domain = lc("$1.$2");
#ENDIF ($do_sender{Email})
#IFDEF ($do_sender{Edomain})
+ if (/^(<>|blackhole)/) {
+ $edomain = $1;
+ }
#IFDEF ($include_original_destination)
- #$edomain = (/^(\S+) (<\S*?\\@(\S+)>)?/) ? $3 || $1 : "";
- $edomain = (/^(\S+ (<\S*?\\@(\S+?)>)?)/) ? $1 : "";
- chomp($edomain);
- lc($edomain);
+ elsif (/^(\S+ (<\S*?\\@(\S+?)>)?)/) {
+ $edomain = $1;
+ chomp($edomain);
+ $edomain =~ s/@(\S+?)>/"@" . lc($1) . ">"/e;
+ }
#ENDIF ($include_original_destination)
-
#IFNDEF ($include_original_destination)
- $edomain = (/^\S*?\\@(\S+)/) ? lc($1) : "";
+ elsif (/^\S*?\\@(\S+)/) {
+ $edomain = lc($1);
+ }
#ENDIF ($include_original_destination)
+ else {
+ $edomain = "";
+ }
+
#ENDIF ($do_sender{Edomain})
if ($tod lt $begin) {
#ENDIF ($include_original_destination)
#my($parent) = $_ =~ /(<[^@]+@?[^>]*>)/;
my($parent) = $_ =~ / (<.+?>) /; #DT 1.54
- $user = "$user $parent" if defined $parent;
+ if (defined $parent) {
+ $user = "$user $parent";
+ #IFDEF ($do_local_domain)
+ if ($parent =~ /\\@(.+)>/) {
+ $local_domain = lc($1);
+ ++$delivered_messages_local_domain{$local_domain};
+ ++$delivered_addresses_local_domain{$local_domain};
+ add_volume(\\$delivered_data_local_domain{$local_domain},\\$delivered_data_gigs_local_domain{$local_domain},$size);
+ }
+ #ENDIF ($do_local_domain)
+ }
}
++$delivered_messages_user{$user};
++$delivered_addresses_user{$user};
# 2005-09-23 15:07:49 1EInHJ-0007Ex-Au H=(a.b.c) [10.0.0.1] F=<> rejected after DATA: This message contains a virus: (Eicar-Test-Signature) please scan your system.
# 2005-10-06 10:50:07 1ENRS3-0000Nr-Kt => blackhole (DATA ACL discarded recipients): This message contains a virus: (Worm.SomeFool.P) please scan your system.
/ rejected after DATA: (.*)/ ||
+ / (rejected DATA: .*)/ ||
/.DATA ACL discarded recipients.: (.*)/ ||
/rejected after DATA: (unqualified address not permitted)/ ||
/(VRFY rejected)/ ||
++$rejected_count_by_reason{"\u$1$2"};
++$rejected_count_by_ip{$ip};
}
+ elsif (
+ # 2008-03-31 06:25:22 H=mail.densitron.com [216.70.140.224]:45386 temporarily rejected connection in "connect" ACL: too fast reconnects // .hs
+ # 2008-03-31 06:25:22 H=mail.densitron.com [216.70.140.224]:45386 temporarily rejected connection in "connect" ACL // .hs
+ /(temporarily rejected connection in .*?ACL:?.*)/
+ ) {
+ ++$temporarily_rejected_count_by_ip{$ip};
+ ++$temporarily_rejected_count_by_reason{"\u$1"};
+ }
else {
++$rejected_count_by_reason{Unknown};
++$rejected_count_by_ip{$ip};
print $htm_fh "<li><a href=\"#Local destination count\">Top $topcount local destinations by message count</a>\n";
print $htm_fh "<li><a href=\"#Local destination volume\">Top $topcount local destinations by volume</a>\n";
}
+ if (($local_league_table || $include_remote_users) && %delivered_messages_local_domain) {
+ print $htm_fh "<li><a href=\"#Local domain destination count\">Top $topcount local domain destinations by message count</a>\n";
+ print $htm_fh "<li><a href=\"#Local domain destination volume\">Top $topcount local domain destinations by volume</a>\n";
+ }
print $htm_fh "<li><a href=\"#Rejected ip count\">Top $topcount rejected ips by message count</a>\n" if %rejected_count_by_ip;
print $htm_fh "<li><a href=\"#Temporarily rejected ip count\">Top $topcount temporarily rejected ips by message count</a>\n" if %temporarily_rejected_count_by_ip;
$data_href = \%delivered_data_user;
$data_gigs_href = \%delivered_data_gigs_user;
}
+ elsif ($category =~ /local domain destination/) {
+ $messages_href = \%delivered_messages_local_domain;
+ $addresses_href = \%delivered_addresses_local_domain;
+ $data_href = \%delivered_data_local_domain;
+ $data_gigs_href = \%delivered_data_gigs_local_domain;
+ }
elsif ($category =~ /(\S+) destination/) {
#Top 50 (host|domain|email|edomain) destinations
#Top (host|domain|email|edomain) destination
elsif ($ARGV[0] =~ /^-byemail$/) { $do_sender{Email} = 1 }
elsif ($ARGV[0] =~ /^-byemaildomain$/) { $do_sender{Edomain} = 1 }
elsif ($ARGV[0] =~ /^-byedomain$/) { $do_sender{Edomain} = 1 }
+ elsif ($ARGV[0] =~ /^-bylocaldomain$/) { $do_local_domain = 1 }
elsif ($ARGV[0] =~ /^-emptyok$/) { $emptyOK = 1 }
elsif ($ARGV[0] =~ /^-nvr$/) { $volume_rounding = 0 }
elsif ($ARGV[0] =~ /^-show_rt([,\d\+\-\*\/]+)?$/) { @rcpt_times = parse_time_list($1) }
print_league_table("\l$_ destination", $delivered_messages{$_}, $delivered_addresses{$_}, $delivered_data{$_},$delivered_data_gigs{$_}, $ws_top50, \$ws_top50_row);
}
print_league_table("local destination", \%delivered_messages_user, \%delivered_addresses_user, \%delivered_data_user,\%delivered_data_gigs_user, $ws_top50, \$ws_top50_row) if (($local_league_table || $include_remote_users) && %delivered_messages_user);
+ print_league_table("local domain destination", \%delivered_messages_local_domain, \%delivered_addresses_local_domain, \%delivered_data_local_domain,\%delivered_data_gigs_local_domain, $ws_top50, \$ws_top50_row) if (($local_league_table || $include_remote_users) && %delivered_messages_local_domain);
print_league_table("rejected ip", \%rejected_count_by_ip, undef, undef, undef, $ws_rej, \$ws_rej_row) if %rejected_count_by_ip;
print_league_table("temporarily rejected ip", \%temporarily_rejected_count_by_ip, undef, undef, undef, $ws_rej, \$ws_rej_row) if %temporarily_rejected_count_by_ip;
git://git.exim.org / exim.git / blobdiff