#!/usr/bin/perl -w # Sample Rows from spamd's syslog: # SPAM: #Oct 6 06:25:04 wbs sendmail[23124]: g96BP4C23124: from=, size=1358, class=0, nrcpts=1, msgid=<200210051058.TZK5253@smtp.fastweb.it>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] #Oct 6 06:25:04 wbs spamd[11318]: connection from localhost.localdomain [127.0.0.1] at port 38273 #Oct 6 06:25:04 wbs spamd[23129]: info: setuid to tex succeeded #Oct 6 06:25:04 wbs spamd[23129]: processing message <200210051058.TZK5253@smtp.fastweb.it> for tex:502, expecting 1623 bytes. #Oct 6 06:25:06 wbs spamd[23129]: identified spam (6.2/5.0) for tex:502 in 1.3 seconds, 1623 bytes. #CLEAN MESSAGE #Oct 6 06:40:28 wbs sendmail[23163]: g96BeSC23163: from=, size=892, class=0, nrcpts=1, msgid=<200210061137.g96Bbv410245@moses.wbschool.net>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1] #Oct 6 06:40:28 wbs spamd[11318]: connection from localhost.localdomain [127.0.0.1] at port 38318 #Oct 6 06:40:28 wbs spamd[23168]: info: setuid to dottie succeeded #Oct 6 06:40:28 wbs spamd[23168]: processing message <200210061137.g96Bbv410245@moses.wbschool.net> for dottie:509, expecting 1167 bytes. #Oct 6 06:40:30 wbs spamd[23168]: clean message (-96.5/8.0) for dottie:509 in 1.5 seconds, 1167 bytes. $event{'spamd'}{'general'} = sub { if ($text =~ m/^processing message (.+) for (\S+):\d+.+$/) { if ($unixtime > $MaxDBUnixTime) { my $msgid = $1; my $for = $2; $spamd{$pid}{'msgid'} = $msgid; $spamd{$pid}{'for'} = $for; #provide a lookup for the sendmail parsing section $spamd{$msgid} = $pid; } } elsif ($text =~ m/^(\w+ \w+) \((.+)\/.+\) for .+$/) { if ($unixtime > $MaxDBUnixTime) { my $words = $1; my $score = $2; if ($words eq 'identified spam') { $event = 'spam' } elsif ($words eq 'clean message') { $event = 'non-spam' } $spamd{$pid}{'event'} = $event; $spamd{$pid}{'score'} = $score; } } };