After reading around on the 'net, I became aware of some problems with pflogsumm.pl as a reporting tool. One of the problems is that all email that isn't rejected is actually double counted when there is an anti-virus program running. Here's the scoop from Jim Sun's page:
14. Pflogsumm Reports Double Traffic When Anti-Virus Scanner Used
Sadly, there's absolutely nothing I can do about this.
The problem arises because of the way in which anti-virus scanning is
handled by Postfix. Basically, Postfix "delivers" each email to the
anti-virus scanner and the anti-virus scanner re-sends it through
Postfix. So each email really is received twice and sent/delivered
twice.
And yes, I tried. I really, really tried. If I recall correctly, I
spent come two days mucking-about with this problem. Actually thought
I had it once or twice. But the results inevitably failed regression
testing. At the end of this, and with some more careful thought, I
realized it just wasn't possible. If you think you can prove me
wrong, please do so. I'd be quite pleased to be proven wrong on this
one.
Here's what I found to fix that problem:
Go to http://www.caspergasper.com/spam.shtml and download his script Here.
Put the script (pflog_amavis) wherever you want, but there are two things you'll have to check in the script.
In the line that starts "my $pflogsumm =" make sure that the path points to where you have pflogsumm, and the other thing is to add ".pl" to the end of pflogsumm at the end of the file name.
Next, open up the original pflogsumm.pl and find the lines that say:
- Code: Select all
# Calculate percentage of messages rejected and discarded
my $msgsRjctdPct = 0;
my $msgsDscrddPct = 0;
if(my $msgsTotal = $msgsDlvrd + $msgsRjctd + $msgsDscrdd) {
$msgsRjctdPct = int(($msgsRjctd/$msgsTotal) * 100);
$msgsDscrddPct = int(($msgsDscrdd/$msgsTotal) * 100);
In the forth line down, change it as follows:
- Code: Select all
if(my $msgsTotal = $msgsDlvrd / 2 + $msgsRjctd + $msgsDscrdd) {
The reason for this is that I found that although the script forces pflogsumm.pl to report the right number of emails, pflogsumm.pl is still doing the math for what percentage of total mail was rejected using the old doubled numbers. With the change I made above, the percentage is not only more accurate, but is WAY higher (which is truthful) and looks WAY BETTER if you are showing superiors just how effective your new spamfilter is!
The next thing you'll have to do is change your crontab to the look something like the following (depending on how you have yours set up):
- Code: Select all
/usr/local/bin/pflog_amavis -i -d yesterday /var/log/maillog 2>&1 | /bin/mail -s "Postfix daily mail summary" root
Please make note that unlike pflogsumm.pl, pflog_amavis has no ".pl" extension.
Hope this helps.
Joe
