Re: [Exim] Where did all the mail come from and go?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc MERLIN
Dátum:  
Címzett: Dave C.
CC: Jeffrey Goldberg, exim-users
Tárgy: Re: [Exim] Where did all the mail come from and go?
On Sun, Jan 28, 2001 at 02:00:00PM -0500, Dave C. wrote:
> > The logs are way to big for a human to parse :-)
>
> Well, I didnt mean to inspect them visually. The following would do
> the job nicely..
>
> for sender in `cat main | grep "<=" | cut -f 5 -d" " | sort | uniq`; do
> count=`cat main | grep "<= $sender" | wc --lines | sed 's/ //g'`;
> echo "$count : $sender" ;
> done


Yes, this is what I wanted to do (although in shell, it would probably take
several hours to run on my mail logs :-)

> > That's why I need to hack eximstats to output stats per sender (sender
> > Email, not sender host)


and I just took the time to do that:
(Phillip, feel free to merge that in with the current eximstats)

--- eximstats.debian    Tue Sep 12 17:40:18 2000
+++ eximstats.me    Fri Feb  2 16:16:27 2001
@@ -291,6 +291,9 @@
 my($m_data) = $_[2];
 my($name) = ($topcount == 1)? "$text" : "$topcount ${text}s";
 my($temp) = "Top $name by message count";
+my $totcount=0;
+my $totbytes=0;
+
 printf ("%s\n%s\n\n", $temp, "-" x length($temp));


 $count = 1;
@@ -303,9 +306,16 @@
              keys %{$m_count})
   {
   printf("%7d %10d   %s\n", $$m_count{$key}, $$m_data{$key}, $key);
+  $totcount+=$$m_count{$key};
+  $totbytes+=$$m_data{$key};
   last if $count++ >= $topcount;
   }


+print " ","_"x78,"\n";
+printf("%7d %10d\n", $totcount, $totbytes);
+$totcount=0;
+$totbytes=0;
+
$temp = "Top $name by volume";
printf ("\n%s\n%s\n\n", $temp, "-" x length($temp));

@@ -319,9 +329,13 @@
              keys %{$m_count})
   {
   printf("%7d %10d   %s\n", $$m_count{$key}, $$m_data{$key}, $key);
+  $totcount+=$$m_count{$key};
+  $totbytes+=$$m_data{$key};
   last if $count++ >= $topcount;
   }


+print " ","_"x78,"\n";
+printf("%7d %10d\n", $totcount, $totbytes);
print "\n";
}

@@ -438,6 +452,13 @@
     $thissize = 0 if !defined($thissize);
     $size{$id} = $thissize;
     ($host) = /\sH=(\S+)/;
+    ($envfromemail) = /(\S+)\s[RHU]=/;
+    # Crap, this is the envelope sender too...
+    #($hdrfromemail) = /\sfrom <(\S*)>\s/;
+    #$hdrfromemail = "<>" if (defined ($hdrfromemail) and not $hdrfromemail);
+    #print "$envfromemail and $hdrfromemail\n";
+    print "Couldn't get envelope sender: line is $_\n" if (not defined $envfromemail);
+    #print "hdr: Line is $_\n" if (not defined $hdrfromemail);
     if (defined $host)
       {
       if ($show_relay)                   # Save incoming information
@@ -464,6 +485,12 @@
     $received_count{$host}++;
     $received_data{$host} = 0 if !defined $received_data{$host};
     $received_data{$host} += $thissize;
+    $envfromemail_count{$envfromemail}++;
+    $envfromemail_data{$envfromemail} = 0 if !defined $envfromemail_data{$envfromemail};
+    $envfromemail_data{$envfromemail} += $thissize;
+#    $hdrfromemail_count{$hdrfromemail}++;
+#    $hdrfromemail_data{$hdrfromemail} = 0 if !defined $hdrfromemail_data{$hdrfromemail};
+#    $hdrfromemail_data{$hdrfromemail} += $thissize;
     $received_count_total++;
     $received_data_total += $thissize;
     if ($received_data_total > $gig)
@@ -724,6 +751,7 @@
 if ($topcount > 0)
   {
   &print_league_table("sending host", \%received_count, \%received_data);
+  &print_league_table("envelope sender", \%envfromemail_count, \%envfromemail_data);
   &print_league_table("local sender", \%received_count_user,
     \%received_data_user) if $local_league_table;
   &print_league_table("destination", \%delivered_count, \%delivered_data);



It prints some nice info, but I find that I needed to bump the count to
about 1000, to get totals that were close to the totals at the beginning of
the mail.

In the meantime, I found my problem: the rotation of /var/log/exim/mainlog
was switched from once a day to once a week and eximstats was showing
compounded logs every day, saying they were daily logs.
Excuse me while I go in the back and shoot myself :-)

Marc
-- 
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key