log analyzer that contain sender log (ip+remote address )

Hi,
I am using qmail 1.30.Is there any log file analyzer that will create
log that will contain sender( local network )ip address+the remote
email addresses that the sender sent the mail . I need this to fight
against spam/spyware .
I know that I can see this from smtp log but I wat a tool that give me
the report .
Please help .Thanx.

learnq wrote:

> Hi,
> I am using qmail 1.30.Is there any log file analyzer that will create
> log that will contain sender( local network )ip address+the remote
> email addresses that the sender sent the mail . I need this to fight
> against spam/spyware .
> I know that I can see this from smtp log but I wat a tool that give me
> the report .
> Please help .Thanx.
>

Get qmailanalog http://cr.yp.to/qmailanalog.html. it will help you
crunch the multilog logs.
Or if you are good in perl, write a parser perl script that will extract
the requisite information.

AK

is there any script that can do that job ? if it written before I do
not want to rewrite it :(...know c but not perl :(

learnq wrote:

> is there any script that can do that job ? if it written before I do
> not want to rewrite it :(...know c but not perl :(
>


Based on my recollection as to your setup the answer is no there is no
existing script that will take the output of a non-modified/unpathed
qmail version's log and provide enough information to assist in
combating spam.

You need to patch qmail-smtpd to have the sender's email address as well
as the recipient addresses outputed into the log.

Once you have those patches, you can then extract the information such
as remote IP as well as the sender's and recipients' addresses. Once
you build a pattern, you can implement/develope any and every approach
to deal with spam. Have a look at spam assasin and there are several
other options.

AK