Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

A simple script to parse Postscreen logs

tree: 47faf10bef

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 README.md
Octocat-spinner-32 postscreen_stats.py
README.md

Postscreen Statistics Parser

Simple script to compute some statistics on Postfix/Postscreen Activity Run it against your postfix syslogs

Published under GPL v2

Examples:

Short report on full log file

$ python postscreen_stats.py -f maillog.1 -r short -y 2011
=== Postscreen statistics ===
0 BLACKLISTED
33 COMMAND COUNT LIMIT
0 COMMAND LENGTH LIMIT
16 COMMAND PIPELINING
6 COMMAND TIME LIMIT
11010 CONNECT
536 DNSBL
503 HANGUP
42 NOQUEUE MAXCONN
0 NOQUEUE PORT BUSY
2258 NOQUEUE REJECT 450 (graylist)
1600 PASS NEW
8391 PASS OLD
239 PREGREET
84 WHITELISTED
=== Clients statistics ===
4 avg. dnsbl rank
840 came back count
2131 clients
32245 seconds avg. reco. delay
=== First reconnection delay (graylist) ===
delay| <10s   |>10to30s| >30to1m| >1to5m | >5to30m|>30mto2h| >2hto5h|>5hto12h|>12to24h| >24h   |
count|12      |21      |21      |196     |261     |88      |40      |29      |53      |119     |
   % |1.4     |2.5     |2.5     |23      |31      |10      |4.8     |3.5     |6.3     |14      |

Get the statistics for a specific IP only

$ python postscreen_stats.py -f maillog.1 -r ip -i 1.2.3.4
Filtering results to match: 1.2.3.4
1.2.3.4
    connections count: 2
    first seen on 2011-10-22 09:37:54
    last seen on 2011-10-22 09:38:00
    DNSBL count: 1
    DNSBL ranks: ['6']
    HANGUP count: 2

Geo Localisation of blocked IPs

Use the '-g' switch to activate geolocalisation against hostip.info. At the moment, there are two big limitations to geolocalisation: 1. It's slow ! Don't expect to get more than 2/3 IPs per second. So if you have 2000 IPs to geolocalise, it will take a while to run 2. It only gives the Country of the IP. I didn't find the need to query the whole GPS data, but that's easy enough to change.

$ python postscreen_stats.py -f maillog.1 -r short -g

=== Postscreen statistics ===
1 BARE NEWLINE
33 COMMAND COUNT LIMIT
16 COMMAND PIPELINING
6 COMMAND TIME LIMIT
11010 CONNECT
536 DNSBL
503 HANGUP
2258 NOQUEUE 450 deep protocol test reconnection
42 NOQUEUE too many connections
1600 PASS NEW
8391 PASS OLD
239 PREGREET
84 WHITELISTED

=== Clients statistics ===
4 avg. dnsbl rank
2131 clients

=== Blocked IPs per country ===
[('XX', 238), ('US', 162), ('IN', 21), ('ID', 10), ('RU', 9), ('EU', 5), ('VN', 4), ('BR', 3), ('DE', 3), ('CO', 3), ('CA', 3), ('KR', 3), ('UK', 3), ('JP', 2), ('RO', 2), ('CN', 2), ('IT', 2), ('AR', 2), ('AU', 2), ('KZ', 2), ('MX', 2), ('FR', 1), ('BG', 1), ('BO', 1), ('NL', 1), ('PT', 1), ('TW', 1), ('TR', 1), ('TN', 1), ('LT', 1), ('PA', 1), ('PK', 1), ('PH', 1), ('PL', 1), ('CM', 1), ('IQ', 1), ('CZ', 1), ('ES', 1), ('SZ', 1), ('KE', 1), ('MW', 1), ('SA', 1), ('UA', 1)]
Something went wrong with that request. Please try again.