Mailgraph

Discussion in 'Tips/Tricks/Mods' started by Ovidiu, Dec 9, 2005.

  1. Ovidiu

    Ovidiu Active Member

    I guess you all know by now that I love graphs :)

    I found a new tool: http://people.ee.ethz.ch/~dws/software/mailgraph/
    its called mailgraph and is supposed to display mail statistics like sent/received/rejected/spam/virus and bounced...

    unfortunately it will not really show spam for me and it shows a little bit too few of my virus mails ;-(

    first of all it is set to monitor the syslog file but I changed that to the /var/log/mail.log.ispconfigsave which seemed a better idea to me - right?

    I added one line to catch viruses is this ok?
    are there other lines indicating virus?

    the standard line to find infected mails is this but it does not work for me:
    any other idea on how to identify spam?


    ###edit###
    Or maybe you know another tool to display this kind of information graphically?
     
    Last edited: Dec 9, 2005
  2. Ovidiu

    Ovidiu Active Member

    no one has got any ideas? any other soft that can do this?
     
  3. ecorona

    ecorona New Member

    I set it up, but no spam/virus graph at all.
     
  4. Ovidiu

    Ovidiu Active Member

    anyone got an update on this? I am using the perfect debian 3.1 setup

    no graphs show up at all,.... while I followed this tutorial: http://www.howtoforge.com/mail_statistics_mailgraph_pflogsumm

    although I must admit I had a manually installed version of rrdtool, but right now I also installed the apt-get version and still no graphs to be seen here: http://www.web-designerz.de/cgi-bin/mailgraph.cgi

    also the pflogsumm has this entry:
    which seems to be a legitimate email from ebay - does it not?
    on the other hand it seems its a forgery, sorry for misusing this post
    in case you want to help I have some more hints:

    it seems like an 500 server error but I can see the basic page, just not the graphs...
    Ok this is solved too: the mailgraph was trying to store its images here: /var/lib/mailgraph/,cgi-bin meaning inside /var/lib/mailgraph which was by default owned by www-data:www-data so I had to change to the user the suexec of that virtualhost was running :)
    no I am just wondering why the directory looks this strange: /var/lib/mailgraph/,cgi-bin?? well does not matter, but what about this:

    I thought I could just download the newest version 1.12 and replace the 3 files of which mailgraph consists with the newer version as debian stable is using version 1.10 but if I do this I do not see any graphs, no idea why as the directories and the owners and groups stay the same...

    any chance to get SA and clamav to make logs that could be used to count spam and viruses instead of having to somehow implement amavis?
     
    Last edited: Sep 12, 2006
  5. falko

    falko Super Moderator ISPConfig Developer

    I don't know if that's possible... :(
     
  6. Ovidiu

    Ovidiu Active Member

    I found severall issues:

    a) saying spamd is faster and better than spamassassin: http://mail-archives.apache.org/mod...rs/200607.mbox/<[email protected]>

    b) Mail::SpamAssassin::Logger http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.5/lib/Mail/SpamAssassin/Logger.pm can you look at those links? there is also a Mail::SpamAssassin::Logger::File http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.5/lib/Mail/SpamAssassin/Logger/File.pm and a Mail::SpamAssassin::Logger::Syslog http://www.annocpan.org/~FELICITY/Mail-SpamAssassin-3.1.5/lib/Mail/SpamAssassin/Logger/Syslog.pm

    I do not have any clue how to use b) and I do not know much about a)...

    maybe someone interested too can get me going...
     
    Last edited: Sep 13, 2006
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Spamd is faster, but we can not simply switch from spamassassin to spamd as the spamc command that is used to send the messages to spamd does not support the commandline switch for specifying the spamassassin configuartion file that ISPConfig uses. There is a workaround for that by symlinking the spamassassin config files in every users directory but I we will have to test that in the dev branch if it is reliable.
     
  8. Ovidiu

    Ovidiu Active Member

    ok thx for explaining, but how about those SA "modules" I linked above? I am not sure how these modules are to be used.. but they seem to be doing what we need: bring logging to spamassassin
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    I've never tested one of them, but I see no reason why they should not work if you load them in the spamassassin configuration uder /home/admispconfig/ispconfig/tools/spamassassin
     
  10. Ovidiu

    Ovidiu Active Member

    hi,

    I'll try out Mail::SpamAssassin::Logger::Syslog that seems the most appropiate one to use but can you give me some hints about where to put?

     
  11. falko

    falko Super Moderator ISPConfig Developer

    When you search in /home/admispconfig/ispconfig/tools/spamassassin, you should find a directory with .pm (Perl modules) files in it. Put it into that directory.
     
  12. edge

    edge Active Member Moderator

    Is it not a simple perl -MCPAN -e shell and than an install Mail::SpamAssassin::Logger::Syslog

    (I've done it on a virtula Debain OS, and it installed fine as far as I can see "/usr/bin/make install -- OK")

    I do also see "spamd" in the mail log files, but as it's a virtual system, and as I do not have a working mailserver setup on it I can not test the rest!
     
    Last edited: Sep 14, 2006
  13. Hans

    Hans Moderator ISPConfig Developer

  14. Ovidiu

    Ovidiu Active Member

    what I did was use the cpan method and loaded this:

    into the init.pre file but I see no spam log trace anywhere... neither inside mail.* neither inside syslog....
     
  15. Ovidiu

    Ovidiu Active Member

    anyone able to help with this?
     
  16. Ovidiu

    Ovidiu Active Member

    anyone please? there must be someone who knows how to use this module... :-(
     
  17. todvard

    todvard ISPConfig Developer ISPConfig Developer

    Here is an easy way how to configure mailgraph with ISPConfig.
    The main problem with ISPConfig's spam and virus detection system is that nor clamassassin neither spamassassin log to syslog, so mailgraph won't know anything about found spams and viruses. We will use procmail and logger to send entries to syslog files (logger is a part of bsdutils package on debian based distributions, which means it is probably already installed).

    First, install mailgraph:
    Code:
    apt-get install mailgraph
    (or use your distributions default package installer)
    (If you installing it from source be sure that you start it with "--ignore-localhost" option.)

    Start the daemon:
    Code:
    /etc/init.d/mailgraph start
    Copy mailgraph.cgi to a cgi-bin directory of an ISPConfig configured website which has CGI enabled. Check mailgraph in a browser. If it is working keep reading, if not, go back and doublecheck everything.

    Configure spam detection:
    add the following lines to a user's .spamassassin.rc file:
    Code:
    :0 c
    * ^X-Spam-Status: Yes
    | logger -p mail.info -t spamd spamd: identified spam
    Add it after the line starting with "| /home/admispconfig/ispconf...", don't forget to put an empty line between them.

    Configure virus detection:
    add the following lines to a user's .antivirus.rc file:
    Code:
    :0:
    * ^X-Virus-Status: Yes
    {
        :0 c
        | logger -p mail.info -t smtp-vilter clamd: found virus
    
        :0
        /dev/null
    }
    
    Add it after the line starting with "| /home/admispconfig/ispconf...", don't forget to put an empty line between them.

    Now you have a user, with whom you can test mailgraph. Use his/her email address to test spam and virus detection:
    Code:
    mail -s spamtest [email protected]
    XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
    .
    
    Check /var/log/mail.log. You should see a new entry, something like that:
    Code:
    Mar  7 12:20:27 isp spamd: spamd: identified spam
    Check mailgraph in the browser. In few minutes you should see that number of found spam is increasing.

    Test virus detection too, send an EICAR anti-virus test message to the same user. (you can download test files form here. Don't be afraid, it's not a virus, just a test!).
    Check /var/log/mail.log again. You should see a new entry, something like that:
    Code:
    Mar  7 11:37:46 isp smtp-vilter: clamd: found virus
    Check mailgraph in the browser. In few minutes you should see that number of found viruses is increasing.

    If everything is working fine you can enable configurations server-wide. Do the same changes in /root/ispconfig/isp/conf/antivirus.rc.master and /root/ispconfig/isp/conf/spamassassin.rc.master files (or use the included patch files) Keep a copy from original files, just in case... A user's config file will be updated when you change any setting on that user in ISPConfig. (or you can use this link to see how to update them in one step.)

    Hope it helps.
    T.
     

    Attached Files:

    Last edited: Mar 7, 2007
  18. Ovidiu

    Ovidiu Active Member

    I woudl like to try this but I am having more serious problems:

    here is the url: http://www.web-designerz.de/cgi-bin/mailgraph.cgi
    this is web1, the suexec entry in the vhost looks like:
    and this entry is inside my vhost entry too:

    this is the output of a ls -al:

    so why do I get 403 errors?

    here is the error log of the site:
    why is it trying to read a .htaccess file inside cgi-bin? even saving an empty .htaccess into cgi-bin did not solve anything...
     
  19. martinfst

    martinfst ISPConfig Developer ISPConfig Developer

    Any rewrite rule that might be playing tricks on you? Looks oke to me so far....:confused:
     
  20. Ovidiu

    Ovidiu Active Member

    I do have an .htaccess inside /var/www/web1/web and as the scriptalias redirects from /var/www/web1/web/cgi-bin to: /var/www/web1/cgi-bin the .htaccess from there might be making problems:


    I have wordpress installed inside this web - can you help?
     

Share This Page