[yaala] Sendmail filter

Constantine yaala@verplant.org
Fri, 24 Sep 2004 20:25:31 -0400


I have a lot of spam coming to my sendmail 8.11.6 server. I'm interested 
in getting some statistics of which hosts are the main sources of spam. 
I'd be intersted in the following:

Reports on total connections:

1. Report on domain names: top-level domains, second-level domains, 
third-level domains all sorted by the number of connections.
2. Report on IP-addresses: /8, /16/ /24 networks all sorted by the 
number of connections.

Then, I'd like to divide the reports into two categories -- the one 
where the connection was denied (by the ruleset from /etc/mail/access), 
and the ones which ended up sending some mail to me.

If it is possible to show the percentage of denied/allowed connections 
in the 1/2 reports, then it would be great!

Also, I might want to limit reports to some specific addresses which are 
most likely to get some spam.

This way, I will be able to find the hosts which send most spam, and add 
them to my /etc/mail/access.

If anyone is aware of any utility that can perform the mentioned job, or 
at least some part of it, please, let me know.

As far as I'm aware, yaala does not yet support sendmail log format. 
I'll be very thankful if someone is going to write the parser for that 
format, as it is a quete popular format.

Thank you,