MailGraph HOWTO

os2lover

Look in you're suexec log. That is a common error by CGI when something has gone wrong :)

xgeek

Try to copy the CGI file to the CGI-BIN ;)

Maybe that works instead of "linking"
 
Ok great it works :)
Indead in the suexec log I saw the same error that xgeek was encountering. So then I took your advice to xgeek to copy the cgi instead of linking to it, and then it worked perfectly :)

Maybe it's a good idea to change that in the howto :)
 
Same here. I moved the cgi file rather than linking and it works great.

Thanks a bunch :D
 
fusionictnl said:
Ok I will do the basic changes to have them count. So you don't have to recode the mailgraph.pl:

You'll have to change the deny messages of you're filters (virus/blacklists etc.)

For blacklist mine are:

deny message = Sorry but you're blacklisted at $dnslist_domain

changed it to:

deny message = SPAM Sorry but you're blacklisted at $dnslist_domain


For virusses:

deny message = This message contains a virus or other malware ($malware_name)

Changed to:

deny message = MALWARE This message contains a virus or other malware ($malware_name)

These entry's are arround line 500.

It's very important to have the strings at the beginning as it scans for that in the exim logs.

For all other ones the strings as followed:

BOUNCED - Bounced messages
REJECTED - Rejected messages
SPAM - Spam messages
MALWARE - Virus messages
MIME_ERROR - Incorrect Mime messages
BAD_ATTACHMENT - Incorrect attachments

We'll this should be enough to get some realistic stats.. Except for spamassassin tagged messages.

Okay I have tried changing my deny messages to include SPAM at the start. And with or without, rejected mails do not get graphed.

I have logs in /var/log/exim/rejectlog but they do not get picked up.

Also I can not find any reference to:-
BOUNCED - Bounced messages
REJECTED - Rejected messages
SPAM - Spam messages
MALWARE - Virus messages
MIME_ERROR - Incorrect Mime messages
BAD_ATTACHMENT - Incorrect attachments
in my exim.conf.

I am using Jeff's spamblocker exim.conf RSS-1.2da + Spam Assassin + clamav
(Note:- Incoming and outgoing mail gets graphed okay, just not any bounced, rejected, spam or viruses)

Any ideas?

Many thanks
Stephen
 
When you've changed the deny message check you're /var/log/exim/mainlog for these messages:

cat /var/log/exim/mainlog | grep "SPAM"
cat /var/log/exim/mainlog | grep "MALWARE"


Make sure you've restarted exim after the changes
Make sure you've restarted the mailgraph process ;)

And it could take a time before they get graphed as RDD keeps a history/cache database.

If you want to be sure delete the /var/lib/mailgraph/*.RDD files
 
It will only find SPAM that has been denied at the ACL level. Unfortunately Spamassassin is not configured to block at the ACL level. I am going to rewrite part of the mailgraph.pl code in order to better pick up spam that is trapped. Stay tuned for a URL to the file.

and Happy New Year :)

--Josh
 
Okay I have been running this a month now and Spam blocked with the spamblocker is still not getting logged by MailGraph.


I have checked that SPAM is added to the start of the deny message and it is. See log entry from /var/log/exim/mainlog
Code:
2005-01-23 04:29:36 H=h141n3c1o1116.bredband.skanova.com [213.67.210.141] F=<[email protected]> rejected RCPT <[email protected]>: SPAM to unblock h141n3c1o1116.bredband.skanova.com see [url]http://spam.mydomain.com/[/url]

I have had over 1000 messages blocked by spamblock this month and they are all logged correctly.

Both Exim and Mailgraph have been restarted but still no go.

Does this work for anyone else?

Cheers
Stephen
 
How do I fix these errors while running ./configure?

Code:
----------------------------------------------------------------------------
* I could not find a working copy of freetype2. Check config.log for hints on why
  this is the case. Maybe you need to set LDFLAGS and CPPFLAGS appropriately
  so that compiler and the linker can find libfreetype and its header files. If
  you have not installed freetype2, you can get it either from its original home on

     [url]http://prdownloads.sourceforge.net/freetype/[/url]

  You can find also find an archive copy on

     [url]http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/libs[/url]

  The last tested version of freetype2 is 2.1.9.

       LIBS=-lpng -lz -lm 
   LDFLAGS=
  CPPFLAGS= -I/usr/include/freetype2

----------------------------------------------------------------------------
                
checking for cgiInit in -lcgi... no
checking for pkg-config... (cached) no
configure: WARNING:
----------------------------------------------------------------------------
* I could not find a working copy of cgilib. Check config.log for hints on why
  this is the case. Maybe you need to set LDFLAGS and CPPFLAGS appropriately
  so that compiler and the linker can find libcgi and its header files. If
  you have not installed cgilib, you can get it either from its original home on

     [url]http://www.infodrom.org/projects/cgilib[/url]

  You can find also find an archive copy on

     [url]http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/pub/libs[/url]

  The last tested version of cgilib is 0.5.

       LIBS=-lpng -lz -lm 
   LDFLAGS=
  CPPFLAGS=

----------------------------------------------------------------------------
 
i have the same error, although i have freetype installed:

[root@server01 software]# rpm -qa | grep freetype
freetype-2.1.3-6
[root@server01 software]#

[root@server01 software]# yum update freetype
Gathering header information file(s) from server(s)
Server: Red Hat Linux 9 - i386 - Base
Server: Dag RPM Repository for Red Hat Enterprise Linux
Server: Red Hat Linux 9 - Updates
Finding updated packages
Downloading needed headers
freetype is installed and the latest version.
No actions to take
[root@server01 software]#
 
hey guys

Hey,

Great work here, however I have a small issue. I installed mailgraph from ports and got it all working, but it only seems to show "SPAM" records, i didnt even need to add anything to the DENY message, however I have done so now.

Have a look at my mailgraph at: http://www.directadmin.co.nz/cgi-bin/mailgraph.cgi you'll see it only shows in gray the spam messages, no sent / received mail.

I'm also wondering if it is possible to graph mail that's past the ACL, i.e. I have a nod32 router / transport that i'd like to graph, plus spamassassin. I saw mention of someone going to hax this, how did you get on?

Thanks in advance.
Barry
 
error

Ok,

I get thr following error:

line not in syslog format: 2005-09-19 03:03:44 1EFYm5-000LgS-3g Completed
at /usr/local/bin/mailgraph.pl line 126
Parse::Syslog::next('Parse::Syslog=HASH(0x8114548)') called at /usr/local/bin/mailgraph.pl line 328
Parse::Syslog::main() called at /usr/local/bin/mailgraph.pl line 662
line not in syslog format: 2005-09-19 03:03:44 1EH0hk-0002cF-87 <= [email protected] U=mail P=virus-scanned S=4853 [email protected] T="Mail delivery failed: returning message to sender" from <[email protected]> for [email protected]
at /usr/local/bin/mailgraph.pl line 126
Parse::Syslog::next('Parse::Syslog=HASH(0x8114548)') called at /usr/local/bin/mailgraph.pl line 328
Parse::Syslog::main() called at /usr/local/bin/mailgraph.pl line 662
line not in syslog format: 2005-09-19 03:03:44 1EH0hk-0002cA-6H => mailer-daemon <[email protected]> F=<> R=nod32 T=nod32_transport S=4580
at /usr/local/bin/mailgraph.pl line 126
Parse::Syslog::next('Parse::Syslog=HASH(0x8114548)') called at /usr/local/bin/mailgraph.pl line 328
Parse::Syslog::main() called at /usr/local/bin/mailgraph.pl line 662


What would cause that?
 
Is the program expecting to find email logs in a specific format? If so, then for what mail server, and in what format?

I wrote the log file format for the exim mail logs a few years ago; you can find the format in /etc/exim.conf, and change it if required.

Jeff
 
2 problems.

1 - It says exim isnt in syslog format so I tried metalog and I get it isnt in metalog format, so what should I use for the -t variable what type of log is exim log.

2 - I get no graphs because rrd file doesnt exist but I assume this is because the perl script isnt working.
 
Exim does not use syslog. It has it's own log system. I wrote the exim log designation currently in use.

Perhaps my choices don't work for you.

Do they have an "exim" option? If they do, then you can download a sample exim.conf file from exim.org, and use the log description portion of it.

Note: Do not/b] use the entire example exim.conf file; it definitely won't work; it will totally break exim on your server.

If you do this, be sure to restart exim afterwards.

Jeff
 
Back
Top