Location: PHPKode > projects > XMail Log Archiver > xmlogarch.d/reports.d/smtp.php
<?php
/*
	 License
    XMail Log Archiver
	 http://xmlogarch.sourceforge.net
    Copyright (C) 2006 Bryn Mosher

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License Version 2 as
	 published by the Free Software Foundation.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not contact , write to 
	 hide@address.com
	 - or -
	 Free Software Foundation, Inc.
	 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/

#
# (ie myreport.php  is named myreport )
# name of php file  without the '.php' extension
$modTitle = "SMTP Requests";

#
# this is used to detect loaded modules
# key must be the same as name
#val is array of required modules
$reqRepMod['smtp'] = array();

#
# this is the function to perform the report
# must be called ($modulenName)Do() and recieves no parameters
function smtpDo () {
	global $logRoot;
	reportSmtp( $logRoot );
}

#
# the reports code belongs below
function reportSmtp ( $logRoot ) {
	$retVal = FALSE;
	global $xmailServer;
	$sr = "SMTP-REPORT";
	$begun = ( isset( $GLOBALS["begun"] ) ) ? ( $GLOBALS["begun"] ) : ( date( _dateFmt ) );
	logIt( "SMTP Log report for " . date( _dateFmt, $begun ) . ":", $sr );
	memUse( "SMTP Reporting started" );
	$allSmtp = array();
//	$catSmtp = "";
	if ( $smtpLogs = getLogsToarch( $logRoot, -1, "smtp" ) ) {
		logIt ( "Total " . count( $smtpLogs ) . " SMTP logs found in log directory.", $sr );
		pIt ( "Reading SMTP log file lines... ", NULL, $GLOBALS["showDots"] );
		$dots = 0;
		foreach ( $smtpLogs as $logName ) {
			$dots++;
			if ( $totSmtp[$logName] = slurpLog( slashDir( $logRoot ) . $logName ) ) {
				dot( $dots );
// EOL FUNKY				$allSmtp = array_merge( $allSmtp, explode( PHP_EOL, $totSmtp[$logName] ) ); # line break just in case
				$allSmtp = array_merge( $allSmtp, explode( "\n", $totSmtp[$logName] ) ); # line break just in case
			} else {
				dot( $dots, "E" );
			}
		}
		pIt ( " Done." . PHP_EOL, NULL, $GLOBALS["showDots"] );
	}
	memUse( "Concatinated SMTP log file contents" );
	unset( $totSmtp );
	memUse( "Discarded SMTP log file contents" );
	logIt ( "Total " . count( $allSmtp ) . " SMTP log lines.", $sr );
	$grep = "/" . implode( "\t", array_fill( 0, 13, "\\\"([\\S\\s^\\\"]*?)\\\"" ) ) . ".*?/";
	pIt ( "Parsing SMTP log entries... ", NULL, $GLOBALS["showDots"] );
	$dots = 0;
	$keyCount = 0;
	$all['failedAuth'] = array();
	$all['filtered'] = array();
	$all['fullErrors'] = array();
	$all['relayErrors'] = array();
	foreach ( $allSmtp as $logLine ) {
		$dots++;
		if ( preg_match( $grep, $logLine, $logItems ) ) {
			$retVal = TRUE;
			$keyCount++;
			dot( $dots, NULL, NULL, $GLOBALS["dotsPer"] * $GLOBALS["dotsPerEntry"] );
			$all['servers'][] = $logItems[1];
			$all['domains'][] = $logItems[2];
			$all['ips'][] = $logItems[3];
			$all['scores']['ips'][$keyCount] = $logItems[3];
			$all['timeStamps'][] = $logItems[4];
			$all['clDomains'][] = $logItems[5];
			if ( $logItems[5] == $xmailServer ) {
				$all['locSenders'][$keyCount] = $logItems[10]; # store the status
			} else {
				$all['remSenders'][$keyCount] = $logItems[10]; # store the status
				$all['scores']['remoteClientDomains'][$keyCount] = $logItems[5];
			}
			$all['destDomains'][] = $logItems[6];
			$all['senders'][] = $logItems[7];
			$all['scores']['senders'][$keyCount] = $logItems[7];
			$all['recips'][] = $logItems[8];
			$all['scores']['recipients'][$keyCount] = $logItems[8];
			$all['messId'][] = $logItems[9];
			$all['statuses'][] = $logItems[10];
			$all['scores']['statuses'][$keyCount] = $logItems[10];
			$all['authUsers'][] = $logItems[11];
			$all['messageSizes'][] = $logItems[12];
			$all['scores']['messageSizes'][$logItems[7]] = $logItems[12];
			$all['scores']['highScoreMethods']['messageSizes'] = "big";
			$all['cliFqdns'][] =  $logItems[13];
			switch ( $logItems[10] ) { # statuses - we use $keyCount to keep the associated log item intact
				case "AUTH=EFAIL:TYPE=PLAIN":
						$all['scores']['failedAuth'][$keyCount] = "PLAIN";
					break;
				case "AUTH=EFAIL:TYPE=LOGIN":
						$all['scores']['failedAuth'][$keyCount] = "LOGIN";
					break;
				case "AUTH=EFAIL:TYPE=CRAM-MD5":
						$all['scores']['failedAuth'][$keyCount] = "CRAM-MD5";
					break;
				case "AUTH=EFAIL:TYPE=EXTRN":
						$all['scores']['failedAuth'][$keyCount] = "EXTRN";
					break;
				case "DATA=EFILTER":
					$all['scores']['filtered'][$keyCount] = $logItems[7]; // sender
					break;
				case "ETRN=EACCESS":
					# we gleefuly ignore this one because it means SMTP sending is disabled.
					# if it's disabled, the we're really only reportiing this  item
					# and we've done the rest of the work (if there is any) for nothing.
					break;
				case "RECV=OK":
					$all['scores']['messageSent'][$keyCount] = $logItems[8]; //recipient ( local user )
					$all['scores']['messageSentSenders'][$keyCount] = $logItems[7]; //recipient ( local user )
					break;
				case "RCPT=OK":
					$all['scores']['messageAccepted'][$keyCount] = $logItems[8]; //recipient ( local user )
					$all['scores']['messageAcceptedSenders'][$keyCount] = $logItems[7]; //recipient ( local user )
					break;
				case "RCPT=ESYNTAX":
					break;
				case "RCPT=EDSBL":
					break;
				case "RCPT=EFULL":
					$all['scores']['fullErrors'][$keyCount] = $logItems[8]; //recipient ( local user )
					break;
				case "RCPT=EACCESS":
					break;
				case "RCPT=EAVAIL":
					break;
				case "RCPT=ERELAY":
					$all['scores']['relayErrorsSenders'][$keyCount] = $logItems[7]; // sender to recipient
					$all['scores']['relayErrorsRecipients'][$keyCount] = $logItems[8]; // sender to recipient
					break;
				case "RCPT=ENBR":
					break;
				case "SNDRIP=EIPSPAM":
					break;
				case "SNDRIP=EIPMAP":
					break;
				case "SNDRIP=ERDNS":
					break;
				case "SMTP=EERRS":
					break;
				case "SNDR=EEMPTY":
					break;
				case "SNDR=ESYNTAX":
					break;
				case "SNDR=ENODNS":
					break;
				case "SNDR=ESPAM":
					break;
				case "SIZE=EBIG":
					break;
				case "VRFY=EACCESS":
					break;
			}
		} else {
			dot( $dots, "E", NULL, $GLOBALS["dotsPer"] * $GLOBALS["dotsPerEntry"] );
		}
	}
	pIt ( " Done." . PHP_EOL, NULL, $GLOBALS["showDots"] );
	unset( $allSmtp );
	memUse( "Created SMTP entry array" );
	$entsNum = count( $all['servers'] );
	$report = count( array_unique( $all['servers'] ) ) . " server(s) serving " . count( array_unique( $all['domains'] ) ) . " domain(s) for SMTP requests.";
	logIt ( $report, $sr );
	$report = "Total " . $entsNum . " SMTP requests found in logs.";
	logIt ( $report, $sr );
	$report = count( array_unique( $all['ips'] ) ) . " unique IP addresses of " . count( $all['ips'] ) . " total made SMTP requests.";
	logIt ( $report, $sr );
	$report = "There were " . ( $entsNum - count( $all['ips'] ) ) . " SMTP requests with invalid or missing IPs.";
	logIt ( $report, $sr );
	$report = count( array_unique( $all['clDomains'] ) ) . " client domains tried to send messages to " . count( array_unique( $all['destDomains'] ) ) . " destination domains.";
	logIt ( $report, $sr );
	$report = count( $all['locSenders'] ) . " local user SMTP requests (" . count( array_unique( $all['locSenders'] ) ) . " unique users).";
	logIt ( $report, $sr );
	$report = count( $all['remSenders'] ) . " remote user SMTP requests (" . count( array_unique( $all['remSenders'] ) ) . " unique users).";
	logIt ( $report, $sr );
	$report = "Total " . count( $all['failedAuth'] ) . " SMTP authentication failures.";
	logIt ( $report, $sr );
	$report = "Total " . count( $all['filtered'] ) . " SMTP requests rejected by message filter.";
	logIt ( $report, $sr );
	$report = "Total " . count( $all['fullErrors'] ) . " SMTP requests failed due to full maiboxes.";
	logIt ( $report, $sr );
	$report = "Total " . count( $all['relayErrors'] ) . " SMTP relay errors.";
	logIt ( $report, $sr );
	$titles = array(
		"report" => "SMTP",
		"ips" => "SMTP Connecting IP Addresses",
		"recipients" => "SMTP Recepients",
		"senders" => "SMTP Senders",
		"statuses" => "SMTP Request Statuses",
		"messageAccepted" => "SMTP Accepted Recipients",
		"messageAcceptedSenders" => "SMTP Accepted Senders",
		"messageSent" => "SMTP Data Accepted Recipients",
		"messageSentSenders" => "SMTP Data Accepted Senders",
		"remoteClientDomains" => "SMTP Client Domains",
		"relayErrorsSenders" => "SMTP Error Senders",
		"relayErrorsRecipients" => "SMTP Error Recipients",
		"failedAuth" => "SMTP Failed Auth Types",
		"filtered" => "SMTP Filtered Senders",
		);
	highScores ( $all['scores'], $titles );
	unset( $all );
	memUse( "Discarded SMTP entry array" );
	return $retVal;
}
?>
Return current item: XMail Log Archiver