mirror of
https://github.com/darold/sendmailanalyzer.git
synced 2026-05-17 22:02:51 -06:00
Add support to oipv6 addresses. Thanks to Dominique Fournier for the feature request.
This commit is contained in:
Darold Gilles
parent
cc04591a83
commit
3d98e4e597
1 changed files with 22 additions and 25 deletions
|
|
@ -282,7 +282,6 @@ sub start_loop
|
||||||
|
|
||||||
while (my $l = <SA_FILE>) {
|
while (my $l = <SA_FILE>) {
|
||||||
chomp($l);
|
chomp($l);
|
||||||
$l =~ s/[\[\]\\]//g;
|
|
||||||
$l =~ s/ ID \d+ mail.\w//;
|
$l =~ s/ ID \d+ mail.\w//;
|
||||||
next if ($l =~ /policy-spf/);
|
next if ($l =~ /policy-spf/);
|
||||||
$LAST_PARSED = $l;
|
$LAST_PARSED = $l;
|
||||||
|
|
@ -339,7 +338,6 @@ sub start_loop
|
||||||
# Read each incoming line
|
# Read each incoming line
|
||||||
while (my $l = <SA_PIPE>) {
|
while (my $l = <SA_PIPE>) {
|
||||||
chomp($l);
|
chomp($l);
|
||||||
$l =~ s/[\[\]\\]//g;
|
|
||||||
$l =~ s/ ID \d+ mail.\w//;
|
$l =~ s/ ID \d+ mail.\w//;
|
||||||
next if ($l =~ /policy-spf/);
|
next if ($l =~ /policy-spf/);
|
||||||
$LAST_PARSED = $l;
|
$LAST_PARSED = $l;
|
||||||
|
|
@ -397,7 +395,7 @@ sub parse_common_fields
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$type =~ s/\://;
|
$type =~ s/[\[\]\:]g//;
|
||||||
|
|
||||||
$host = $CONFIG{MERGING_HOST} if ($CONFIG{MERGING_HOST});
|
$host = $CONFIG{MERGING_HOST} if ($CONFIG{MERGING_HOST});
|
||||||
|
|
||||||
|
|
@ -425,8 +423,7 @@ sub store_data
|
||||||
} elsif ($type =~ /^$CONFIG{SPAMD_NAME}/i) {
|
} elsif ($type =~ /^$CONFIG{SPAMD_NAME}/i) {
|
||||||
&parse_spamd($date,$time,$host,$other);
|
&parse_spamd($date,$time,$host,$other);
|
||||||
} else {
|
} else {
|
||||||
$type =~ s/(\d+)/\[$1\]/;
|
&dprint("Skipping unknown syslog report => $date $time $host [$type]: $other");
|
||||||
&dprint("Skipping unknown syslog report => $date $time $host $type $other");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -479,7 +476,7 @@ sub parse_sendmail
|
||||||
} elsif ($str =~ /(connect to|setting up TLS connection to|Untrusted TLS connection established)/) {
|
} elsif ($str =~ /(connect to|setting up TLS connection to|Untrusted TLS connection established)/) {
|
||||||
return;
|
return;
|
||||||
# POSTFIX dnsbl message ???
|
# POSTFIX dnsbl message ???
|
||||||
} elsif ($str =~ m#addr \d+\.\d+\.\d+\.\d+ listed#i) {
|
} elsif ($str =~ m#addr [a-fA-F0-9\.\:]+ listed#) {
|
||||||
return;
|
return;
|
||||||
# POSTFIX postscreen messages: COMMAND (PIPELINING|COUNT LIMIT|TIME LIMIT)???
|
# POSTFIX postscreen messages: COMMAND (PIPELINING|COUNT LIMIT|TIME LIMIT)???
|
||||||
} elsif ($str =~ m#^COMMAND #i) {
|
} elsif ($str =~ m#^COMMAND #i) {
|
||||||
|
|
@ -618,7 +615,7 @@ sub parse_sendmail
|
||||||
# POSTFIX client origin
|
# POSTFIX client origin
|
||||||
} elsif ($str =~ m#^([^:\s]+): client=(.*)#) {
|
} elsif ($str =~ m#^([^:\s]+): client=(.*)#) {
|
||||||
my $id = $1;
|
my $id = $1;
|
||||||
my $relay = $2;
|
my $relay = lc($2);
|
||||||
$MSGID{$id}{relay} = &clean_relay($relay);
|
$MSGID{$id}{relay} = &clean_relay($relay);
|
||||||
# POSTFIX message id
|
# POSTFIX message id
|
||||||
} elsif ($str =~ m#^([^:\s]+): message-id=([^,]*)#) {
|
} elsif ($str =~ m#^([^:\s]+): message-id=([^,]*)#) {
|
||||||
|
|
@ -695,7 +692,7 @@ sub parse_sendmail
|
||||||
} elsif ($str =~ m#^([^:\s]+): to=([^,]+), relay=([^,]+),.*status=(.*)#) {
|
} elsif ($str =~ m#^([^:\s]+): to=([^,]+), relay=([^,]+),.*status=(.*)#) {
|
||||||
my $id = $1;
|
my $id = $1;
|
||||||
my $to = &edecode($2);
|
my $to = &edecode($2);
|
||||||
my $relay = &clean_relay($3);
|
my $relay = &clean_relay(lc($3));
|
||||||
if ($relay eq $CONFIG{'SKIP_RCPT_RELAY'}) {
|
if ($relay eq $CONFIG{'SKIP_RCPT_RELAY'}) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -716,7 +713,7 @@ sub parse_sendmail
|
||||||
} elsif ($str =~ m#^([^:\s]+): to=([^,]+), orig_to=([^,]+), relay=([^,]+),.*status=(.*)#) {
|
} elsif ($str =~ m#^([^:\s]+): to=([^,]+), orig_to=([^,]+), relay=([^,]+),.*status=(.*)#) {
|
||||||
my $id = $1;
|
my $id = $1;
|
||||||
my $to = &edecode($2);
|
my $to = &edecode($2);
|
||||||
my $relay = &clean_relay($4);
|
my $relay = &clean_relay(lc($4));
|
||||||
if ($relay eq $CONFIG{'SKIP_RCPT_RELAY'}) {
|
if ($relay eq $CONFIG{'SKIP_RCPT_RELAY'}) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -784,7 +781,7 @@ sub parse_sendmail
|
||||||
my $id = $1;
|
my $id = $1;
|
||||||
my $to = &edecode($2);
|
my $to = &edecode($2);
|
||||||
my $ctladdr = &edecode($3);
|
my $ctladdr = &edecode($3);
|
||||||
my $relay = &clean_relay($4);
|
my $relay = &clean_relay(lc($4));
|
||||||
if ($relay eq $CONFIG{'SKIP_RCPT_RELAY'}) {
|
if ($relay eq $CONFIG{'SKIP_RCPT_RELAY'}) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -1090,14 +1087,14 @@ sub parse_sendmail
|
||||||
push(@{$AUTH{$host}{$authid}{type}}, $1);
|
push(@{$AUTH{$host}{$authid}{type}}, $1);
|
||||||
push(@{$AUTH{$host}{$authid}{mech}}, $4);
|
push(@{$AUTH{$host}{$authid}{mech}}, $4);
|
||||||
push(@{$AUTH{$host}{$authid}{date}}, $date . $time);
|
push(@{$AUTH{$host}{$authid}{date}}, $date . $time);
|
||||||
push(@{$AUTH{$host}{$authid}{relay}}, &clean_relay($2));
|
push(@{$AUTH{$host}{$authid}{relay}}, &clean_relay(lc($2)));
|
||||||
# Catch Anonymous TLS connections
|
# Catch Anonymous TLS connections
|
||||||
} elsif ($str =~ m#Anonymous TLS connection established from ([^:])+: (.*) with cipher (.*)#) {
|
} elsif ($str =~ m#Anonymous TLS connection established from ([^:]+): (.*) with cipher (.*)#) {
|
||||||
my $authid = 'anonymous';
|
my $authid = 'anonymous';
|
||||||
push(@{$AUTH{$host}{$authid}{type}}, $2);
|
push(@{$AUTH{$host}{$authid}{type}}, $2);
|
||||||
push(@{$AUTH{$host}{$authid}{mech}}, $3);
|
push(@{$AUTH{$host}{$authid}{mech}}, $3);
|
||||||
push(@{$AUTH{$host}{$authid}{date}}, $date . $time);
|
push(@{$AUTH{$host}{$authid}{date}}, $date . $time);
|
||||||
push(@{$AUTH{$host}{$authid}{relay}}, &clean_relay($1));
|
push(@{$AUTH{$host}{$authid}{relay}}, &clean_relay(lc($1)));
|
||||||
# Catch server TLS connections
|
# Catch server TLS connections
|
||||||
} elsif ($str =~ m#(STARTTLS=[^,]+), relay=([^,]+), version=([^,]+), (verify=[^,]+), cipher=([^,]+), bits=([^,\s]+)#) {
|
} elsif ($str =~ m#(STARTTLS=[^,]+), relay=([^,]+), version=([^,]+), (verify=[^,]+), cipher=([^,]+), bits=([^,\s]+)#) {
|
||||||
my $dt = $date . $time;
|
my $dt = $date . $time;
|
||||||
|
|
@ -1149,7 +1146,7 @@ sub parse_mailscanner
|
||||||
$SPAMDETAIL{$host}{$id}{type} = 'spamassassin';
|
$SPAMDETAIL{$host}{$id}{type} = 'spamassassin';
|
||||||
$SPAMDETAIL{$host}{$id}{spam} = $text;
|
$SPAMDETAIL{$host}{$id}{spam} = $text;
|
||||||
}
|
}
|
||||||
if ($SPAM{$host}{$id}{from} =~ /(\d+\.\d+\.\d+\.\d+) \((.*)\)/) {
|
if ($SPAM{$host}{$id}{from} =~ /([a-fA-F0-9\.\:]+) \((.*)\)/) {
|
||||||
$SPAM{$host}{$id}{relay} = &clean_relay(lc($2));
|
$SPAM{$host}{$id}{relay} = &clean_relay(lc($2));
|
||||||
$SPAM{$host}{$id}{from} = $1;
|
$SPAM{$host}{$id}{from} = $1;
|
||||||
}
|
}
|
||||||
|
|
@ -1179,7 +1176,7 @@ sub parse_mailscanner
|
||||||
$SPAMDETAIL{$host}{$id}{type} = 'dnsbl';
|
$SPAMDETAIL{$host}{$id}{type} = 'dnsbl';
|
||||||
$SPAMDETAIL{$host}{$id}{spam} = $4;
|
$SPAMDETAIL{$host}{$id}{spam} = $4;
|
||||||
}
|
}
|
||||||
if ($SPAM{$host}{$id}{from} =~ /(\d+\.\d+\.\d+\.\d+) \((.*)\)/) {
|
if ($SPAM{$host}{$id}{from} =~ /([a-fA-F0-9\.\:]+) \((.*)\)/) {
|
||||||
$SPAM{$host}{$id}{relay} = &clean_relay(lc($2));
|
$SPAM{$host}{$id}{relay} = &clean_relay(lc($2));
|
||||||
$SPAM{$host}{$id}{from} = $1;
|
$SPAM{$host}{$id}{from} = $1;
|
||||||
}
|
}
|
||||||
|
|
@ -1210,7 +1207,7 @@ sub parse_amavis
|
||||||
|
|
||||||
my $pid = $1;
|
my $pid = $1;
|
||||||
my $status = $2;
|
my $status = $2;
|
||||||
my $relay = $4;
|
my $relay = lc($4);
|
||||||
my $msgid = $7;
|
my $msgid = $7;
|
||||||
my $hits = $8;
|
my $hits = $8;
|
||||||
my $size = $9;
|
my $size = $9;
|
||||||
|
|
@ -1254,7 +1251,7 @@ sub parse_amavis
|
||||||
|
|
||||||
my $pid = $1;
|
my $pid = $1;
|
||||||
my $status = $2;
|
my $status = $2;
|
||||||
my $relay = $3;
|
my $relay = lc($3);
|
||||||
my $id = $7;
|
my $id = $7;
|
||||||
my $queueid = $6;
|
my $queueid = $6;
|
||||||
my $sender = &edecode($4);
|
my $sender = &edecode($4);
|
||||||
|
|
@ -1294,7 +1291,7 @@ sub parse_amavis
|
||||||
}
|
}
|
||||||
} elsif ($str =~ /(Passed|Blocked) INFECTED \(([^\)]*)\), (.*) [<]*([^\s>]*)[>]* -> [<]*([^,>]*)[>]*,(.*) Message-ID: [<]*([^,>]+)[>]*, /) {
|
} elsif ($str =~ /(Passed|Blocked) INFECTED \(([^\)]*)\), (.*) [<]*([^\s>]*)[>]* -> [<]*([^,>]*)[>]*,(.*) Message-ID: [<]*([^,>]+)[>]*, /) {
|
||||||
my $virus = $2;
|
my $virus = $2;
|
||||||
my $relay = $3;
|
my $relay = lc($3);
|
||||||
my $from = $4;
|
my $from = $4;
|
||||||
my $to = &edecode($5);
|
my $to = &edecode($5);
|
||||||
my $id = &edecode($7);
|
my $id = &edecode($7);
|
||||||
|
|
@ -1504,16 +1501,16 @@ sub edecode
|
||||||
sub clean_relay
|
sub clean_relay
|
||||||
{
|
{
|
||||||
my ($relay) = @_;
|
my ($relay) = @_;
|
||||||
|
|
||||||
if ($relay =~ m#(\d+\.\d+\.\d+\.\d+) \(may be forged#i) {
|
if ($relay =~ m#\b([a-fA-F0-9\.\:]+) \(may be forged#) {
|
||||||
return $1;
|
return $1;
|
||||||
} elsif ($relay =~ m#localhost|127\.0\.0\.1#) {
|
} elsif ($relay =~ m#localhost|127\.0\.0\.1#) {
|
||||||
return 'localhost';
|
return 'localhost';
|
||||||
} elsif ($relay =~ s/(\d+\.\d+\.\d+\.\d+)//) {
|
} elsif ( $relay =~ s/\[([^\]]+)\]// ) {
|
||||||
my $fqdn = $relay;
|
my $fqdn = $relay;
|
||||||
my $ip = $1;
|
my $ip = $1;
|
||||||
$fqdn =~ s#:.*##;
|
$fqdn =~ s#:.*##;
|
||||||
if (lc($fqdn) eq 'unknown') {
|
if ($fqdn eq 'unknown') {
|
||||||
return $ip;
|
return $ip;
|
||||||
} elsif ($fqdn =~ /[\s,]/) {
|
} elsif ($fqdn =~ /[\s,]/) {
|
||||||
return $ip;
|
return $ip;
|
||||||
|
|
@ -1524,10 +1521,9 @@ sub clean_relay
|
||||||
$relay =~ s#^\s+##;
|
$relay =~ s#^\s+##;
|
||||||
$relay =~ s#\s+.*##;
|
$relay =~ s#\s+.*##;
|
||||||
$relay =~ s#\.$##;
|
$relay =~ s#\.$##;
|
||||||
$relay =~ s#:.*##;
|
$relay =~ s#\s.*##;
|
||||||
$relay =~ s#\s.*##g;
|
|
||||||
|
|
||||||
return lc($relay);
|
return $relay;
|
||||||
}
|
}
|
||||||
|
|
||||||
####
|
####
|
||||||
|
|
@ -1541,6 +1537,7 @@ sub format_time
|
||||||
$hour = sprintf("%02d", $hour);
|
$hour = sprintf("%02d", $hour);
|
||||||
$min = sprintf("%02d", $min);
|
$min = sprintf("%02d", $min);
|
||||||
$sec = sprintf("%02d", $sec);
|
$sec = sprintf("%02d", $sec);
|
||||||
|
|
||||||
return 1900+$year . sprintf("%02d", $mon+1) . sprintf("%02d", $mday) . "$hour$min$sec";
|
return 1900+$year . sprintf("%02d", $mon+1) . sprintf("%02d", $mday) . "$hour$min$sec";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue