#!PERL_COMMAND -w
-# $Cambridge: exim/src/src/eximstats.src,v 1.19 2009/10/19 12:26:34 nm4 Exp $
-# Copyright (c) 2001 University of Cambridge.
+# Copyright (c) 2001-2016 University of Cambridge.
# See the file NOTICE for conditions of use and distribution.
# Perl script to generate statistics from one or more Exim log files.
# 2007-09-20 V1.60 Heiko Schlittermann
# Fix for misinterpreted log lines
#
+# 2013-01-14 V1.61 Steve Campbell
+# Watch out for senders sending "HELO [IpAddr]"
#
#
# For documentation on the logfile format, see
@days_per_month = (0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334);
$gig = 1024 * 1024 * 1024;
-$VERSION = '1.60';
+$VERSION = '1.61';
# How much space do we allow for the Hosts/Domains/Emails/Edomains column headers?
$COLUMN_WIDTHS = 8;
}
else {
# We don't want any rounding to be done.
- # and we don't need broken formated output which on one hand avoids numbers from
+ # and we don't need broken formatted output which on one hand avoids numbers from
# being interpreted as string by Spreadsheed Calculators, on the other hand
# breaks if more than 4 digits! -> flexible length instead of fixed length
# Format the return value at the output routine! -fh
# Eg 3h20m5s => 12005
#######################################################################
sub unformat_time {
- my($formated_time) = pop @_;
+ my($formatted_time) = pop @_;
my $time = 0;
- while ($formated_time =~ s/^(\d+)([wdhms]?)//) {
+ while ($formatted_time =~ s/^(\d+)([wdhms]?)//) {
$time += $1 if ($2 eq '' || $2 eq 's');
$time += $1 * 60 if ($2 eq 'm');
$time += $1 * 60 * 60 if ($2 eq 'h');
# "H=Host (UnverifiedHost) [IpAddr]" or "H=(UnverifiedHost) [IpAddr]".
# We do 2 separate matches to keep the matches simple and fast.
# Host is local unless otherwise specified.
- $ip = (/\\bH=.*?(\\[[^]]+\\])/) ? $1
+ # Watch out for "H=([IpAddr])" in case they send "[IpAddr]" as their HELO!
+ $ip = (/\\bH=(?:|.*? )(\\[[^]]+\\])/) ? $1
# 2008-03-31 06:25:22 Connection from [213.246.33.217]:39456 refused: too many connections from that IP address // .hs
: (/Connection from (\[\S+\])/) ? $1
# 2008-03-31 06:52:40 SMTP call from mail.cacoshrf.com (ccsd02.ccsd.local) [69.24.118.229]:4511 dropped: too many nonmail commands (last was "RSET") // .hs
# 2005-09-23 15:07:49 1EInHJ-0007Ex-Au H=(a.b.c) [10.0.0.1] F=<> rejected after DATA: This message contains a virus: (Eicar-Test-Signature) please scan your system.
# 2005-10-06 10:50:07 1ENRS3-0000Nr-Kt => blackhole (DATA ACL discarded recipients): This message contains a virus: (Worm.SomeFool.P) please scan your system.
/ rejected after DATA: (.*)/ ||
+ / (rejected DATA: .*)/ ||
/.DATA ACL discarded recipients.: (.*)/ ||
/rejected after DATA: (unqualified address not permitted)/ ||
/(VRFY rejected)/ ||
my $previous_seconds_on_queue = 0;
if (/^\s*(Under|Over|)\s+(\d+[smhdw])\s+(\d+)/) {
print STDERR "Parsing $_" if $debug;
- my($modifier,$formated_time,$count) = ($1,$2,$3);
- my $seconds = unformat_time($formated_time);
+ my($modifier,$formatted_time,$count) = ($1,$2,$3);
+ my $seconds = unformat_time($formatted_time);
my $time_on_queue = ($seconds + $previous_seconds_on_queue) / 2;
$previous_seconds_on_queue = $seconds;
$time_on_queue = $seconds * 2 if ($modifier eq 'Over');