Note: This script has been updated.
I'm using the OpenBSD spamd (cache) to do greylisting on my mailserver. Greylisting is still a surprisingly efficient method to deter spammers, especially those brute-forcing through random recipient lists.
On the downside, mailserver statistics generated by Mailgraph (cache) don't say much about current spammer activity anymore, as most connections just don't reach the mail server with a setup like this.
So the following small Munin (cache) plugin sums up information from the spamd database (number of greylist, whitelist, and trapped entries). Note that the number of entries doesn't match the number of sender hosts, as spamd stores information about each host/sender-address/recipient-addres combination.
As the number of GREY entries is usually an order of magnitude higher than the whitelisted (or trapped) entries, I'm using a logarithmic scale on this graph. Otherwise the two smaller values will just be flattened out...
Example graph:
I'm using the OpenBSD spamd (cache) to do greylisting on my mailserver. Greylisting is still a surprisingly efficient method to deter spammers, especially those brute-forcing through random recipient lists.
On the downside, mailserver statistics generated by Mailgraph (cache) don't say much about current spammer activity anymore, as most connections just don't reach the mail server with a setup like this.
So the following small Munin (cache) plugin sums up information from the spamd database (number of greylist, whitelist, and trapped entries). Note that the number of entries doesn't match the number of sender hosts, as spamd stores information about each host/sender-address/recipient-addres combination.
#!/bin/sh
#
# Parameters:
#
# config (required)
# autoconf (optional - used by munin-config)
#
# Magick markers (optional):
#%# family=auto
#%# capabilities=autoconf
#
# A. Bochmann 2009, based on standard munin plugin
if [ "$1" = "autoconf" ]; then
if ( spamdb >/dev/null 2>&1 ); then
echo yes
exit 0
else
if [ $? -eq 127 ]; then
echo "no (could not run \"spamdb\")"
exit 1
else
echo no
exit 1
fi
fi
fi
if [ "$1" = "config" ]; then
echo 'graph_title spamdb state'
echo 'graph_title spamdb state'
echo 'graph_args --logarithmic --base 1000 -l 1'
echo 'graph_vlabel spamdb state counts'
echo 'graph_category other'
echo 'graph_scale no'
echo 'GREY.label grey'
echo 'GREY.type GAUGE'
echo 'GREY.max 500000'
echo 'WHITE.label white'
echo 'WHITE.type GAUGE'
echo 'WHITE.max 500000'
echo 'TRAPPED.label trapped'
echo 'TRAPPED.type GAUGE'
echo 'TRAPPED.max 500000'
exit 0
fi
spamdb | awk -F'|' '$1 != "SPAMTRAP" {print $1}' | sort | uniq -c | awk '{print $2 ".value " $1}'
As the number of GREY entries is usually an order of magnitude higher than the whitelisted (or trapped) entries, I'm using a logarithmic scale on this graph. Otherwise the two smaller values will just be flattened out...
Example graph: