En este artículo aprenderemos a consultar estadísticas sobre SpamAssassin desde CLI mediante sa-stats, esta herramienta parseará el fichero de logs de mails y generará un informe sobre los emails marcados como SPAM por SpamAssassin.
Instalamos sa-stats:
pkg install sa-stats
Generamos el informe:
sa-stats
Email: 13 Autolearn: 0 AvgScore: 40.69 AvgScanTime: 0.72 sec
Spam: 5 Autolearn: 0 AvgScore: 105.80 AvgScanTime: 0.88 sec
Ham: 8 Autolearn: 0 AvgScore: 0.00 AvgScanTime: 0.62 sec
Time Spent Running SA: 0.00 hours
Time Spent Processing Spam: 0.00 hours
Time Spent Processing Ham: 0.00 hours
TOP SPAM RULES FIRED
----------------------------------------------------------------------
RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
----------------------------------------------------------------------
1 USER_IN_BLOCKLIST 5 38.46 100.00 0.00
2 USER_IN_BLACKLIST 5 38.46 100.00 0.00
3 SPF_HELO_NONE 5 69.23 100.00 50.00
4 FREEMAIL_FORGED_FROMDOMAIN 5 38.46 100.00 0.00
5 HTML_MESSAGE 5 100.00 100.00 100.00
6 MIME_HTML_ONLY 5 38.46 100.00 0.00
7 FREEMAIL_FROM 5 61.54 100.00 37.50
8 RDNS_NONE 5 38.46 100.00 0.00
9 HEADER_FROM_DIFFERENT_DOMAINS 5 38.46 100.00 0.00
10 SPOOFED_FREEMAIL_NO_RDNS 5 38.46 100.00 0.00
11 HTML_MIME_NO_HTML_TAG 4 30.77 80.00 0.00
12 SPOOFED_FREEMAIL 3 23.08 60.00 0.00
13 RCVD_IN_BL_SPAMCOP_NET 2 15.38 40.00 0.00
14 SPF_SOFTFAIL 2 15.38 40.00 0.00
15 RCVD_IN_VALIDITY_RPBL 2 15.38 40.00 0.00
16 SPF_NONE 1 7.69 20.00 0.00
17 MISSING_MID 1 7.69 20.00 0.00
18 DEAR_FRIEND 1 7.69 20.00 0.00
19 HTML_OBFUSCATE_05_10 1 7.69 20.00 0.00
20 HTML_IMAGE_ONLY_32 1 7.69 20.00 0.00
----------------------------------------------------------------------
TOP HAM RULES FIRED
----------------------------------------------------------------------
RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM
----------------------------------------------------------------------
1 HTML_MESSAGE 8 100.00 100.00 100.00
2 RCVD_IN_MSPIKE_H2 4 30.77 0.00 50.00
3 SPF_PASS 4 30.77 0.00 50.00
4 SPF_HELO_NONE 4 69.23 100.00 50.00
5 DKIM_VALID_AU 4 30.77 0.00 50.00
6 ALL_TRUSTED 4 30.77 0.00 50.00
7 DKIM_SIGNED 4 30.77 0.00 50.00
8 DKIM_VALID_EF 4 30.77 0.00 50.00
9 DKIM_VALID 4 30.77 0.00 50.00
10 FREEMAIL_FROM 3 61.54 100.00 37.50
11 HTML_IMAGE_RATIO_06 1 7.69 0.00 12.50
12 HTML_FONT_LOW_CONTRAST 1 7.69 0.00 12.50
13 URIBL_BLOCKED 1 7.69 0.00 12.50
----------------------------------------------------------------------
Esta tool permite varios parámetros que en ciertos escenarios pueden resultar útiles:
sa-stats -h
usage: /usr/local/bin/sa-stats [-l <dir>] [-f <file>] [-n <num>] [-w]
--logdir|-l <dir> Directory containing spamd logs
--filename|-f <file> File names or regex to look for in the logdir
--num|-n <num> Number of top rules to display
--web|-w Make it web friendly output
--help|-h Prints this help