After installing qSheff, audit the log files to ensure everything went as planned :
# tail -f /var/log/path/to/current @4000000041c18ca305190bcc new msg 68931 @4000000041c18ca30527ec64 info msg 68931: bytes 1204 from <0000truenetworking@onelist.com> qp 31459 uid 1009 @4000000041c18ca305502d14 starting delivery 302397: msg 68931 to local rtxo.net.tr-85858585@rtxo.net.tr @4000000041c18ca30553ea1c status: local 1/400 remote 20/400 @4000000041c18ca305f34314 delivery 302397: success: did_0+0+1/ @4000000041c18ca305f8e864 status: local 0/400 remote 20/400 @4000000041c18ca305fd591c end msg 68931
# tail -f /var/log/qsheff.log 31/01/06 00:24:05: [qsheff], QUEUE, queue=q-1138659839-993801-71574, recvfrom=209.31.154.42, from=`rwatson_@_FreeBSD.org', to=`perforce_@_freebsd.org', subj=`PERFORCE change 90729 for review', size=30442,, 31/01/06 00:39:03: [qsheff], SPAM, queue=q-1138660742-5382-71745, recvfrom=66.225.220.97, from=`paypal@email.paypal.com', to=`cayci_@_enderunix.org', subj=`Account Review Team', size=6225, spam=` href="http://80.154.19.133/www.paypal.com" ', rule=`(PayPal)(security)(credit)(card)(href)' 30/01/06 19:09:43: [qsheff], VIRUS, queue=q-1138640822-504446-67100, recvfrom=64.90.164.206, from=`ismo@_enderunix.org', to=`qmail@lists.enderunix.org', subj=`[qmail] Fw: Sexy', size=184089, prog=`clamd', virus=`Worm.VB-9' 01/03/06 16:43:33: [qSheff] SPAM, queue=q-1141224210-661393-72042, recvfrom=, from=`simsek', to=`simsek', subj=`Baris', size=120, spam=`Subject: Baris', rule=`(Subject: Baris)' 01/03/06 16:43:49: [qSheff] QUEUE, queue=q-1141224219-42781-72070, recvfrom=, from=`simsek', to=`simsek', subj=`simsek', size=121, error=`qmail-queue', hint=`No such file or directory'
qsheff.log file is pretty clear and detailed. The output is suitable for 'cat' and 'cut' processes. Thus system administrators can write scripts to pull statistics from these logs or take precautions. qsheff-mrtg.sh is a few-line script that produces mrtg output from this log file.
qsheff-mrtg.sh
qsheff-mrtg.sh is a script to produce output suitable for Tobias Oetiker's MRTG software. These outputs can be feeded to MRTG for web-based monitoring of spam traffic. MRTG should be installed for this feature.
MRTG web page: http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
There is a sample spam traffic output at http://www.enderunix.org/qsheff/index.php?sect=screenshot⟨=en
To run properly, qsheff-mrtg.sh appends qsheff.log to qsheff.log.cumulative and empties qsheff.log. Thus qsheff.log will be emptied on every MRTG run. The system administrator will only be able to view the recent (since last MRTG process) logs in qsheff. Older logs can be found in the qsheff.log.cumulative file. Since qsheff.log is periodically emptied, the log rotation software should check qsheff.log.cumulative instead.
Installation steps are very simple.
# wget http://www.enderunix.org/qsheff/qsheff-mrtg-20041213.tar.gz # gunzip qsheff-mrtg-20041213.tar.gz # tar xvf qsheff-mrtg-20041213.tar # cd qsheff-mrtg
Place qsheff-mrtg.cfg and qsheff-mrtg.sh in a directory. For example /root/scripts directory. Edit qsheff-mrtg.cfg to assign Workdir and Target values. Workdir, should be in your web server's DocumentRoot :
WorkDir: /usr/local/apache/htdocs/qsheff-stats Target[spam]: `/root/scripts/qsheff-mrtg.sh`
A cron job should be set up to continuously monitor the traffic.
# crontab -e */5 * * * * /usr/local/bin/mrtg /root/scripts/mrtg.cfg
A cron job to run every 5 minutes has been set.