http://www.perlmonks.org?node_id=197911
Category: [E-Mail Programs] or [Text Processing]
Author/Contact Info Limbic~Region
Description: Builds a hash whose index is a "from" "to" pair, and then increments it every time the pair is encountered. Finally, the information is sorted displaying the highest pairs first. Tested on HPUX 11.0 running Sendmail 8.9.3.
THIS IS UNPOLISHED CODE

One of my many hats I wear at work is Email administrator. One of the toughest jobs I have is identifying mail loops that are eating up system resources. I found a great program here that did way more than I wanted, but it was written in C (powers that be wouldn't go for it). I also found this on CPAN, but it didn't do what I wanted. After performing a Super Search here, I decided to write my own. It is VERY unpolished. Ideas that someone else could use to make this a much better program are:

  • Provide ability to specify location of mail log
  • Clean up output (trailing commas, <>, etc)
  • Keep track of message size between pairs
  • Parse status messages (deffered, user unknown, etc)

    If anyone finds this useful and decides to implement any of those suggestions, let me know. For now, it is functional, but it can always be better.

    #!/usr/bin/perl -w
    use strict;
    open(SENDMAIL, "/var/adm/syslog/mail.log");
    
    my %pairs;
    my %from;
    
    while (my $line = <SENDMAIL>) {
     chomp $line;
     my @fields = split(" ", $line);
     next if ( $fields[6] !~ /to=/ && $fields[6] !~ /from=/ );
     if ( $fields[6] =~ /from=/ ) {
      $from{$fields[5]} = "\L$fields[6]";
     }
     else {
      $pairs{"$from{$fields[5]} \L$fields[6]"}++;
     }
    }
    close(SENDMAIL);
    
    foreach my $key (sort {$pairs{$b} <=> $pairs{$a}} (keys(%pairs))) {
     print "$pairs{$key} $key\n";
    }
    

    Thanks,

    Limbic~Region

  • Replies are listed 'Best First'.
    Re: Sendmail pairs
    by rob_au (Abbot) on Sep 15, 2002 at 00:24 UTC
      It may be worth having a look at the SyslogScan package on CPAN - This package can be used to parse sendmail logs and return a wealth of information on mail usage. For example, using this package, your code could be reduced to:
      use SyslogScan::DeliveryIterator; use strict; my $logs = [ '/var/adm/syslog/mail.log' ]; my $iterator = new SyslogScan::DeliveryIterator( syslogList => $logs ) +; while ( my $delivery = $iterator->next() ){ print $delivery->{Sender} . " -> " . join( ",", @{$delivery->{ReceiverList}} ), "\n"; }

      This package is also discussed in the sample chapter of the excellent resource "Perl for System Administration" which can be found here.