About / News Features Download Documentation Installation Admin guide Configuration License Support Contact ScreenShots Help support SendmailAnalyzer!	SendmailAnalyzer configuration The default path to configuration file is /etc/sendmailanalyzer.conf If you want to change this path, please edit cgi-bin/sa_report.cgi and sa_cache to match you're need. For sendmailanalyzer use the --config\|-c command line argument. The configuration file consist in a text file with a configuration option in upper case and a value or list of value separated by a tab character. Here are the definition of all this configuration directives. System commands options TAIL_PROG Path to the system tail command. Can be overwritten with --tail or -t in sendmailanalyzer args. Default is /usr/bin/tail. TAIL_ARGS Command line argument passed to the tail system command. Can be overwritten with --args or -a in sendmailanalyzer args. Default is -n 0 -f. ZCAT_PROG Path to zcat system command used to parse compressed log file. Can be overwritten with --zcat or -z in sendmailanalyzer args. Default is /usr/bin/zcat. FREE_SPACE Select the freeing space method for data files older than the current month. The value can be: - delete: definitively remove all data files. - archive: make a gzipped tarball of data files before deleting them. - none: don't do anything. Need lot of space disk. Default is archive. Input/output options LOG_FILE Path to the maillog file to analyse. Can be overwritten with --log or -l in sendmailanalyzer args. Default is /var/log/maillog. If the extension is .gz SendmailAnalyzer will automatically use zcat to parse the compressed log. OUT_DIR Output directory for data storage. Can be overwritten with --output or -o in sendmailanalyzer args. The directory must exist, being writable by the user running sendmailanalyzer and sa_cache. It must be readable by the http user for CGI script sa_report.cgi. Default is /var/www/sendmailanalyzer DEBUG Turn on/off debug/verbose output mode. Can be overwritten with --debug or -d in sendmailanalyzer args. Default is 0, disable. DELAY Delay in second to flush collected data to disk. Can be overwritten with --write-delay or -w in sendmailanalyzer args. Default is 60 seconds. During this time data are kept in memory to limit disk I/O and gain speed. If you experience an out of memory on huge mail server adjust this value to something smaller depending of your hardware configuration. Reporting/display options ERROR_CODE Path to SMTP error code file (relative to CGI directory) where sa_report.cgi is running. Default: lang/ERROR_CODE. LANG Path to the translation file (relative to CGI directory) where sa_report.cgi is running. Default: lang/en_US. URL_LOGO Url to the barorng image. Default: salogo.gif TOP Number of object displayed in the top statistics. Default is 25. TOP_MBOX Number of object displayed in the top email addresses statistics. Default is 25. MAX_RCPT Max number of recipients per message where senders will be reported. Default 25 recipients max. MAX_SIZE Max size in bytes per message where senders will be reported. Default is 10000000. MAX_LINE Max lines to show in detail view. Default is 100. SIZE_UNIT Size Unit to use, default is Bytes. Other values are KBytes and MBytes. DOMAIN_REPORT Compute statistics and cache for a list of domain and display a link in the front page for a per domain access. See DOMAIN_USER if you want to grant special access on these pages. You can have multiple DOMAIN_REPORT lines. If you are running rsyslog with multiple host use DOMAIN_HOST_REPORT instead. Example: DOMAIN_REPORT domain1.com,domain2.com DOMAIN_HOST_REPORT Compute statistics and cache for the given host followed by a list of domain and display a link in the front page for a per domain access under each host. You can have multiple DOMAIN_HOST_REPORT lines. See DOMAIN_USER if you want to grant special access on these pages. For example: DOMAIN_HOST_REPORT host1 domain1.com,domain2.com DOMAIN_HOST_REPORT host2 domain2.com,domain3.com ANONYMIZE This option allow the anonymization of the output, i-e it remove any sender/recipient personal information from the report. REPLACE_HOST This option replace some hostname in all relay information for anonymization You must used one REPLACE_HOST line per replacement. REPLACE_HOST internal.relay.dom external.relay.dom SPAM_VIEW Enable/Disable menu links to Spam views. Default show it: 1 VIRUS_VIEW Enable/Disable menu links to Virus views. Default show it: 1 DSN_VIEW Enable/Disable menu links to Notification views. Default show it: 1 POSTGREY_VIEW Enable/Disable menu links to Postgrey usage views. Default show it: 1 SHOW_DIRECTION Enable/Disable messaging/spam/virus/dsn direction statistics. Default is show. On some mailhost this could show wrong information if the direction could not be easily determined. So you can remove these views by setting it to 0. SPAM_TOOLS List of antispam name separated by a comma used for Spam details view. You may want to custom this list to just show menu link on available reports. Default list is: spamdmilter,jchkmail,dnsbl,spamassassin,amavis,mimedefang,dnsblmilter Feel free to remove those you're not using to not see link to empty report in the menu. SHOW_DIRECTION Enable/Disable messaging/spam/virus/dsn direction statistics. Default is show. On some mailhost this could show wrong information if the direction could not be easily determined. So you can remove these views by setting it to 0. Maillog parsing options FULL Parse maillog from begining before running tail program. Can be overwritten with --full or -f in sendmailanalyzer args. Default is 0, jump at the end of log. Most of the time you may want to enable this to jump at the last parsed line during the previous run. BREAK Do not run tail program and exit after a full parsing of the log file. Can be overwritten with --break or -b in sendmailanalyzer args. Default is 0, go ahead with tail. MTA_NAME Syslog name of the MTA. Syslog write it to maillog with the pid as ... sendmail[1234] ... This is required to only parse relevant lines. Can be overwritten with --sendmail or -s in sendmailanalyzer args. Default is sendmail, some distro come with sm-mta instead. Some other have multiple names (ex: sm-mta, sendmail and sm-msp-queue) in this case you can set the value of this directive to a pipe separated list of values, for example: sm-mta\|sendmail\|sm-msp-queue. Default: sm-mta\|sendmail MAILSCAN_NAME Syslog name of MailScanner. Syslog write it to maillog with the pid as ... MailScanner[1234] ... This is required to only parse relevant lines Can be overwritten with --mailscanner or -m in sendmailanalyzer args. Default is MailScanner. AMAVIS_NAME Syslog name of Amavis. Syslog write it to maillog with the pid as ... amavis[1234] ... This is required to only parse relevant lines. Default is amavis. MD_NAME Syslog name of MimeDefang. Syslog write it to maillog with the pid as ... mimedefang.pl[1234] ... This is required to only parse relevant lines based on parsing mimedefang log generated by method md_graphdefang_log() Default is mimedefang.pl. CLAMD_NAME Syslog name of Clamd. When using Mailscanner with clamd if you want virus report you must configure clamd to log with syslog and use LOG_MAIL. Default value is 'clamd' (... clamd[1234] ...) Can be overwritten with --clamd or -n POSTGREY_NAME Syslog name of Postgrey. Syslog write it to maillog with the pid as follow: ... postgrey[1234] ... This is required to only parse relevant logged lines Can be overwritten with --postgrey or -g. Default is postgrey LOCAL_DOMAIN Coma separated list of internal domain to be used when SendmailAnalyzer is running on a mail host which received message from any side. SA can't know what message are internal or external in this case, so the only way to know if a mail come from Internet or Lan/Wan is to check the domain part of the relay sender address. You can have multiple LOCAL_DOMAIN lines for better reading. For example: LOCAL_DOMAIN domain1.com,domain2.com,... LOCAL_DOMAIN domain3.com LOCAL_DOMAIN domain4.com LOCAL_HOST_DOMAIN Same as above but with host distinction for use with rsyslog. You can have multiple LOCAL_HOST_DOMAIN lines, ie: one per host. For example: LOCAL_HOST_DOMAIN sysloghost1 domain1.com,domain2.com LOCAL_HOST_DOMAIN sysloghost2 domain3.com,domain4.com MAIL_HUB FQDN coma separated list of internal mail hubs, aka: where email are redirected if the host is a gateway. For example: mailhost.mydom.dom This directive is very important to help SendmailAnalyzer to find the direction of incoming and outgoing message. MAIL_GW FQDN coma separated list of MTA gateways where external mail comes from. This directive is very important to help SendmailAnalyzer to find the direction of incoming and outgoing message. DEFAULT_DOMAIN Default domain or hostname to add to an email address if there's just the username. When the host is a delivery system it is possible that the user email address do not have the domain part (ex: @domain.com). By default SendmailAnalyzer will add the '@localhost' domain but you may want to change this domain, so use this directive SPAM_DETAIL This directive allow report for Spam details. Enable by default. This allow you to see complete detail of your favorite antispam as well as score, cache hit and autolearn if your antispam report it. To disable set it to 0, you will save disk space. SMTP_AUTH This directive allow report for SMTP authentication. Enable by default. This allow you to see per authent type (server or client) user and relay statistics. If you not use SMTP Auth set it to 0 to disable this feature. These stats are not available in per domain views. CLAMD_NAME Syslog name of Clamd. When using Mailscanner with clamd if you want virus report you must configure clamd to log with syslog and use LOG_MAIL. Default value is 'clamd' (... clamd[1234] ...) Can be overwritten with --clamd or -n MERGING_HOST Use this directive to combined multiple mailhost report on a single report. This allow you to aggregate multiple mailhost that syslogs to a remote server throught rsyslog to have only one SendmailAnalyzer report. The value must only use alphanumeric character as it is used to create subdirectory. Domain / user views options LOW_LIMIT, MEDIUM_LIMIT, HIGH_LIMIT (NO MORE USED) User messaging data limit in megabytes to show/warn the level of mail activity. LOW_LIMIT (3 by default), mail activity under this limit is shown as green. MEDIUM_LIMIT (5 by default), mail activity under this limit is shown as orange. HIGH_LIMIT (10 by default), mail activity under this limit is shown as red. above the hight limit the user is warn for abuse. Set all to 0 if you want to disable this feature. ADMIN List of admins username separated by coma that must have full access to all report. The username is checked again the http REMOTE_USER environment variable. Default is every one can access, in this case you may want to add a .htaccess. DOMAIN_USER List of per user domain access control. The first field is the username and the second field (separated by tabulation) is a coma separated list of domain name to be allowed to this user. You could add as many lines of DOMAIN_USER as you want in the configuration file. Access control Access control is based on the REMOTE_USER environment variable stored by the httpd server during an htaccess Authentication. If this variable is not set, there is full access for every one.

About / News
Features
Download
Documentation

Help support
SendmailAnalyzer!

SendmailAnalyzer configuration

The default path to configuration file is /etc/sendmailanalyzer.conf If you want to change this path, please edit cgi-bin/sa_report.cgi and sa_cache to match you're need. For sendmailanalyzer use the --config|-c command line argument.

The configuration file consist in a text file with a configuration option in upper case and a value or list of value separated by a tab character.

Here are the definition of all this configuration directives.

System commands options

TAIL_PROG

Path to the system tail command. Can be overwritten with --tail or -t in sendmailanalyzer args. Default is /usr/bin/tail.

TAIL_ARGS

Command line argument passed to the tail system command. Can be overwritten with --args or -a in sendmailanalyzer args. Default is -n 0 -f.

ZCAT_PROG

Path to zcat system command used to parse compressed log file. Can be overwritten with --zcat or -z in sendmailanalyzer args. Default is /usr/bin/zcat.

FREE_SPACE

Select the freeing space method for data files older than the current month. The value can be:

	- delete: definitively remove all data files.
	- archive: make a gzipped tarball of data files before deleting them.
	- none: don't do anything. Need lot of space disk.

Default is archive.

Input/output options

LOG_FILE

Path to the maillog file to analyse. Can be overwritten with --log or -l in sendmailanalyzer args. Default is /var/log/maillog. If the extension is .gz SendmailAnalyzer will automatically use zcat to parse the compressed log.

OUT_DIR

Output directory for data storage. Can be overwritten with --output or -o in sendmailanalyzer args. The directory must exist, being writable by the user running sendmailanalyzer and sa_cache. It must be readable by the http user for CGI script sa_report.cgi. Default is /var/www/sendmailanalyzer

DEBUG

Turn on/off debug/verbose output mode. Can be overwritten with --debug or -d in sendmailanalyzer args. Default is 0, disable.

DELAY

Delay in second to flush collected data to disk. Can be overwritten with --write-delay or -w in sendmailanalyzer args. Default is 60 seconds. During this time data are kept in memory to limit disk I/O and gain speed. If you experience an out of memory on huge mail server adjust this value to something smaller depending of your hardware configuration.

Reporting/display options

ERROR_CODE

Path to SMTP error code file (relative to CGI directory) where sa_report.cgi is running. Default: lang/ERROR_CODE.

LANG

Path to the translation file (relative to CGI directory) where sa_report.cgi is running. Default: lang/en_US.

URL_LOGO

Url to the barorng image. Default: salogo.gif

TOP

Number of object displayed in the top statistics. Default is 25.

TOP_MBOX

Number of object displayed in the top email addresses statistics. Default is 25.

MAX_RCPT

Max number of recipients per message where senders will be reported. Default 25 recipients max.

MAX_SIZE

Max size in bytes per message where senders will be reported. Default is 10000000.

MAX_LINE

Max lines to show in detail view. Default is 100.

SIZE_UNIT

Size Unit to use, default is Bytes. Other values are KBytes and MBytes.

DOMAIN_REPORT

Compute statistics and cache for a list of domain and display a link in the front page for a per domain access. See DOMAIN_USER if you want to grant special access on these pages. You can have multiple DOMAIN_REPORT lines. If you are running rsyslog with multiple host use DOMAIN_HOST_REPORT instead. Example:

	DOMAIN_REPORT	domain1.com,domain2.com

DOMAIN_HOST_REPORT

Compute statistics and cache for the given host followed by a list of domain and display a link in the front page for a per domain access under each host. You can have multiple DOMAIN_HOST_REPORT lines. See DOMAIN_USER if you want to grant special access on these pages. For example:

	DOMAIN_HOST_REPORT	host1	domain1.com,domain2.com
	DOMAIN_HOST_REPORT	host2	domain2.com,domain3.com

ANONYMIZE

This option allow the anonymization of the output, i-e it remove any sender/recipient personal information from the report.

REPLACE_HOST

This option replace some hostname in all relay information for anonymization You must used one REPLACE_HOST line per replacement.

	REPLACE_HOST	internal.relay.dom	external.relay.dom

SPAM_VIEW

Enable/Disable menu links to Spam views. Default show it: 1

VIRUS_VIEW

Enable/Disable menu links to Virus views. Default show it: 1

DSN_VIEW

Enable/Disable menu links to Notification views. Default show it: 1

POSTGREY_VIEW

Enable/Disable menu links to Postgrey usage views. Default show it: 1

SHOW_DIRECTION
Enable/Disable messaging/spam/virus/dsn direction statistics. Default is show. On some mailhost this could show wrong information if the direction could not be easily determined. So you can remove these views by setting it to 0.

SPAM_TOOLS

List of antispam name separated by a comma used for Spam details view. You may want to custom this list to just show menu link on available reports. Default list is:

spamdmilter,jchkmail,dnsbl,spamassassin,amavis,mimedefang,dnsblmilter

Feel free to remove those you're not using to not see link to empty report in the menu.

SHOW_DIRECTION

Enable/Disable messaging/spam/virus/dsn direction statistics. Default is show. On some mailhost this could show wrong information if the direction could not be easily determined. So you can remove these views by setting it to 0.

Maillog parsing options

FULL

Parse maillog from begining before running tail program. Can be overwritten with --full or -f in sendmailanalyzer args. Default is 0, jump at the end of log. Most of the time you may want to enable this to jump at the last parsed line during the previous run.

BREAK

Do not run tail program and exit after a full parsing of the log file. Can be overwritten with --break or -b in sendmailanalyzer args. Default is 0, go ahead with tail.

MTA_NAME

Syslog name of the MTA. Syslog write it to maillog with the pid as ... sendmail[1234] ... This is required to only parse relevant lines. Can be overwritten with --sendmail or -s in sendmailanalyzer args. Default is sendmail, some distro come with sm-mta instead. Some other have multiple names (ex: sm-mta, sendmail and sm-msp-queue) in this case you can set the value of this directive to a pipe separated list of values, for example: sm-mta|sendmail|sm-msp-queue. Default: sm-mta|sendmail

MAILSCAN_NAME

Syslog name of MailScanner. Syslog write it to maillog with the pid as ... MailScanner[1234] ... This is required to only parse relevant lines Can be overwritten with --mailscanner or -m in sendmailanalyzer args. Default is MailScanner.

AMAVIS_NAME

Syslog name of Amavis. Syslog write it to maillog with the pid as ... amavis[1234] ... This is required to only parse relevant lines. Default is amavis.

MD_NAME

Syslog name of MimeDefang. Syslog write it to maillog with the pid as ... mimedefang.pl[1234] ... This is required to only parse relevant lines based on parsing mimedefang log generated by method md_graphdefang_log() Default is mimedefang.pl.

CLAMD_NAME

Syslog name of Clamd. When using Mailscanner with clamd if you want virus report you must configure clamd to log with syslog and use LOG_MAIL. Default value is 'clamd' (... clamd[1234] ...) Can be overwritten with --clamd or -n

POSTGREY_NAME

Syslog name of Postgrey. Syslog write it to maillog with the pid as follow: ... postgrey[1234] ... This is required to only parse relevant logged lines Can be overwritten with --postgrey or -g. Default is postgrey

LOCAL_DOMAIN

Coma separated list of internal domain to be used when SendmailAnalyzer is running on a mail host which received message from any side. SA can't know what message are internal or external in this case, so the only way to know if a mail come from Internet or Lan/Wan is to check the domain part of the relay sender address. You can have multiple LOCAL_DOMAIN lines for better reading.

For example:

	LOCAL_DOMAIN	domain1.com,domain2.com,...
	LOCAL_DOMAIN	domain3.com
	LOCAL_DOMAIN	domain4.com

LOCAL_HOST_DOMAIN

Same as above but with host distinction for use with rsyslog. You can have multiple LOCAL_HOST_DOMAIN lines, ie: one per host.

For example:

	LOCAL_HOST_DOMAIN   sysloghost1        domain1.com,domain2.com
	LOCAL_HOST_DOMAIN   sysloghost2        domain3.com,domain4.com

MAIL_HUB

FQDN coma separated list of internal mail hubs, aka: where email are redirected if the host is a gateway. For example: mailhost.mydom.dom This directive is very important to help SendmailAnalyzer to find the direction of incoming and outgoing message.

MAIL_GW

FQDN coma separated list of MTA gateways where external mail comes from. This directive is very important to help SendmailAnalyzer to find the direction of incoming and outgoing message.

DEFAULT_DOMAIN

Default domain or hostname to add to an email address if there's just the username. When the host is a delivery system it is possible that the user email address do not have the domain part (ex: @domain.com). By default SendmailAnalyzer will add the '@localhost' domain but you may want to change this domain, so use this directive

SPAM_DETAIL

This directive allow report for Spam details. Enable by default. This allow you to see complete detail of your favorite antispam as well as score, cache hit and autolearn if your antispam report it. To disable set it to 0, you will save disk space.

SMTP_AUTH

This directive allow report for SMTP authentication. Enable by default. This allow you to see per authent type (server or client) user and relay statistics. If you not use SMTP Auth set it to 0 to disable this feature. These stats are not available in per domain views.

CLAMD_NAME

MERGING_HOST

Use this directive to combined multiple mailhost report on a single report. This allow you to aggregate multiple mailhost that syslogs to a remote server throught rsyslog to have only one SendmailAnalyzer report. The value must only use alphanumeric character as it is used to create subdirectory.

Domain / user views options

LOW_LIMIT, MEDIUM_LIMIT, HIGH_LIMIT (NO MORE USED)

User messaging data limit in megabytes to show/warn the level of mail activity. LOW_LIMIT (3 by default), mail activity under this limit is shown as green. MEDIUM_LIMIT (5 by default), mail activity under this limit is shown as orange. HIGH_LIMIT (10 by default), mail activity under this limit is shown as red. above the hight limit the user is warn for abuse. Set all to 0 if you want to disable this feature.

ADMIN

List of admins username separated by coma that must have full access to all report. The username is checked again the http REMOTE_USER environment variable. Default is every one can access, in this case you may want to add a .htaccess.

DOMAIN_USER

List of per user domain access control. The first field is the username and the second field (separated by tabulation) is a coma separated list of domain name to be allowed to this user. You could add as many lines of DOMAIN_USER as you want in the configuration file.

Access control

Access control is based on the REMOTE_USER environment variable stored by the httpd server during an htaccess Authentication. If this variable is not set, there is full access for every one.