<?php
/*
License
XMail Log Archiver
http://xmlogarch.sourceforge.net
Copyright (C) 2006 Bryn Mosher
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License Version 2 as
published by the Free Software Foundation.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not contact , write to
hide@address.com
- or -
Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#
# (ie myreport.php is named myreport )
# name of php file without the '.php' extension
$modTitle = "SMTP Requests";
#
# this is used to detect loaded modules
# key must be the same as name
#val is array of required modules
$reqRepMod['smtp'] = array();
#
# this is the function to perform the report
# must be called ($modulenName)Do() and recieves no parameters
function smtpDo () {
global $logRoot;
reportSmtp( $logRoot );
}
#
# the reports code belongs below
function reportSmtp ( $logRoot ) {
$retVal = FALSE;
global $xmailServer;
$sr = "SMTP-REPORT";
$begun = ( isset( $GLOBALS["begun"] ) ) ? ( $GLOBALS["begun"] ) : ( date( _dateFmt ) );
logIt( "SMTP Log report for " . date( _dateFmt, $begun ) . ":", $sr );
memUse( "SMTP Reporting started" );
$allSmtp = array();
// $catSmtp = "";
if ( $smtpLogs = getLogsToarch( $logRoot, -1, "smtp" ) ) {
logIt ( "Total " . count( $smtpLogs ) . " SMTP logs found in log directory.", $sr );
pIt ( "Reading SMTP log file lines... ", NULL, $GLOBALS["showDots"] );
$dots = 0;
foreach ( $smtpLogs as $logName ) {
$dots++;
if ( $totSmtp[$logName] = slurpLog( slashDir( $logRoot ) . $logName ) ) {
dot( $dots );
// EOL FUNKY $allSmtp = array_merge( $allSmtp, explode( PHP_EOL, $totSmtp[$logName] ) ); # line break just in case
$allSmtp = array_merge( $allSmtp, explode( "\n", $totSmtp[$logName] ) ); # line break just in case
} else {
dot( $dots, "E" );
}
}
pIt ( " Done." . PHP_EOL, NULL, $GLOBALS["showDots"] );
}
memUse( "Concatinated SMTP log file contents" );
unset( $totSmtp );
memUse( "Discarded SMTP log file contents" );
logIt ( "Total " . count( $allSmtp ) . " SMTP log lines.", $sr );
$grep = "/" . implode( "\t", array_fill( 0, 13, "\\\"([\\S\\s^\\\"]*?)\\\"" ) ) . ".*?/";
pIt ( "Parsing SMTP log entries... ", NULL, $GLOBALS["showDots"] );
$dots = 0;
$keyCount = 0;
$all['failedAuth'] = array();
$all['filtered'] = array();
$all['fullErrors'] = array();
$all['relayErrors'] = array();
foreach ( $allSmtp as $logLine ) {
$dots++;
if ( preg_match( $grep, $logLine, $logItems ) ) {
$retVal = TRUE;
$keyCount++;
dot( $dots, NULL, NULL, $GLOBALS["dotsPer"] * $GLOBALS["dotsPerEntry"] );
$all['servers'][] = $logItems[1];
$all['domains'][] = $logItems[2];
$all['ips'][] = $logItems[3];
$all['scores']['ips'][$keyCount] = $logItems[3];
$all['timeStamps'][] = $logItems[4];
$all['clDomains'][] = $logItems[5];
if ( $logItems[5] == $xmailServer ) {
$all['locSenders'][$keyCount] = $logItems[10]; # store the status
} else {
$all['remSenders'][$keyCount] = $logItems[10]; # store the status
$all['scores']['remoteClientDomains'][$keyCount] = $logItems[5];
}
$all['destDomains'][] = $logItems[6];
$all['senders'][] = $logItems[7];
$all['scores']['senders'][$keyCount] = $logItems[7];
$all['recips'][] = $logItems[8];
$all['scores']['recipients'][$keyCount] = $logItems[8];
$all['messId'][] = $logItems[9];
$all['statuses'][] = $logItems[10];
$all['scores']['statuses'][$keyCount] = $logItems[10];
$all['authUsers'][] = $logItems[11];
$all['messageSizes'][] = $logItems[12];
$all['scores']['messageSizes'][$logItems[7]] = $logItems[12];
$all['scores']['highScoreMethods']['messageSizes'] = "big";
$all['cliFqdns'][] = $logItems[13];
switch ( $logItems[10] ) { # statuses - we use $keyCount to keep the associated log item intact
case "AUTH=EFAIL:TYPE=PLAIN":
$all['scores']['failedAuth'][$keyCount] = "PLAIN";
break;
case "AUTH=EFAIL:TYPE=LOGIN":
$all['scores']['failedAuth'][$keyCount] = "LOGIN";
break;
case "AUTH=EFAIL:TYPE=CRAM-MD5":
$all['scores']['failedAuth'][$keyCount] = "CRAM-MD5";
break;
case "AUTH=EFAIL:TYPE=EXTRN":
$all['scores']['failedAuth'][$keyCount] = "EXTRN";
break;
case "DATA=EFILTER":
$all['scores']['filtered'][$keyCount] = $logItems[7]; // sender
break;
case "ETRN=EACCESS":
# we gleefuly ignore this one because it means SMTP sending is disabled.
# if it's disabled, the we're really only reportiing this item
# and we've done the rest of the work (if there is any) for nothing.
break;
case "RECV=OK":
$all['scores']['messageSent'][$keyCount] = $logItems[8]; //recipient ( local user )
$all['scores']['messageSentSenders'][$keyCount] = $logItems[7]; //recipient ( local user )
break;
case "RCPT=OK":
$all['scores']['messageAccepted'][$keyCount] = $logItems[8]; //recipient ( local user )
$all['scores']['messageAcceptedSenders'][$keyCount] = $logItems[7]; //recipient ( local user )
break;
case "RCPT=ESYNTAX":
break;
case "RCPT=EDSBL":
break;
case "RCPT=EFULL":
$all['scores']['fullErrors'][$keyCount] = $logItems[8]; //recipient ( local user )
break;
case "RCPT=EACCESS":
break;
case "RCPT=EAVAIL":
break;
case "RCPT=ERELAY":
$all['scores']['relayErrorsSenders'][$keyCount] = $logItems[7]; // sender to recipient
$all['scores']['relayErrorsRecipients'][$keyCount] = $logItems[8]; // sender to recipient
break;
case "RCPT=ENBR":
break;
case "SNDRIP=EIPSPAM":
break;
case "SNDRIP=EIPMAP":
break;
case "SNDRIP=ERDNS":
break;
case "SMTP=EERRS":
break;
case "SNDR=EEMPTY":
break;
case "SNDR=ESYNTAX":
break;
case "SNDR=ENODNS":
break;
case "SNDR=ESPAM":
break;
case "SIZE=EBIG":
break;
case "VRFY=EACCESS":
break;
}
} else {
dot( $dots, "E", NULL, $GLOBALS["dotsPer"] * $GLOBALS["dotsPerEntry"] );
}
}
pIt ( " Done." . PHP_EOL, NULL, $GLOBALS["showDots"] );
unset( $allSmtp );
memUse( "Created SMTP entry array" );
$entsNum = count( $all['servers'] );
$report = count( array_unique( $all['servers'] ) ) . " server(s) serving " . count( array_unique( $all['domains'] ) ) . " domain(s) for SMTP requests.";
logIt ( $report, $sr );
$report = "Total " . $entsNum . " SMTP requests found in logs.";
logIt ( $report, $sr );
$report = count( array_unique( $all['ips'] ) ) . " unique IP addresses of " . count( $all['ips'] ) . " total made SMTP requests.";
logIt ( $report, $sr );
$report = "There were " . ( $entsNum - count( $all['ips'] ) ) . " SMTP requests with invalid or missing IPs.";
logIt ( $report, $sr );
$report = count( array_unique( $all['clDomains'] ) ) . " client domains tried to send messages to " . count( array_unique( $all['destDomains'] ) ) . " destination domains.";
logIt ( $report, $sr );
$report = count( $all['locSenders'] ) . " local user SMTP requests (" . count( array_unique( $all['locSenders'] ) ) . " unique users).";
logIt ( $report, $sr );
$report = count( $all['remSenders'] ) . " remote user SMTP requests (" . count( array_unique( $all['remSenders'] ) ) . " unique users).";
logIt ( $report, $sr );
$report = "Total " . count( $all['failedAuth'] ) . " SMTP authentication failures.";
logIt ( $report, $sr );
$report = "Total " . count( $all['filtered'] ) . " SMTP requests rejected by message filter.";
logIt ( $report, $sr );
$report = "Total " . count( $all['fullErrors'] ) . " SMTP requests failed due to full maiboxes.";
logIt ( $report, $sr );
$report = "Total " . count( $all['relayErrors'] ) . " SMTP relay errors.";
logIt ( $report, $sr );
$titles = array(
"report" => "SMTP",
"ips" => "SMTP Connecting IP Addresses",
"recipients" => "SMTP Recepients",
"senders" => "SMTP Senders",
"statuses" => "SMTP Request Statuses",
"messageAccepted" => "SMTP Accepted Recipients",
"messageAcceptedSenders" => "SMTP Accepted Senders",
"messageSent" => "SMTP Data Accepted Recipients",
"messageSentSenders" => "SMTP Data Accepted Senders",
"remoteClientDomains" => "SMTP Client Domains",
"relayErrorsSenders" => "SMTP Error Senders",
"relayErrorsRecipients" => "SMTP Error Recipients",
"failedAuth" => "SMTP Failed Auth Types",
"filtered" => "SMTP Filtered Senders",
);
highScores ( $all['scores'], $titles );
unset( $all );
memUse( "Discarded SMTP entry array" );
return $retVal;
}
?>