1

Topic: Configure Amavisd-new Logwatch Output

======== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 6.4
- Related log if you're reporting an issue:
====

Configure Amavisd-new Logwatch Output


Hi there,

After installing iRedMail and iRedAdmin open source a few weeks ago, I bought iRedAdmin Pro. Installation and configuration went well, and I haven't run into any notable issues.

Just one question for anyone who might know: The default Logwatch output for Amavisd-new seems to be much more verbose than necessary, with thousands of lines like this:

1   (04286-06) Passed CLEAN {RelayedOutbound}, LOCAL [IP_ADDRESS]:28026 [IP_ADDRESS] <EMAIL_ADDRESS> -> <EMAIL_ADDRESS>, Message-ID: <002001cevf47$94c4ed00$be4ec700$@co.zm>, mail_id: b7XwlmVXyr3c, Hits: -8.373, size: 682647, queued_as: 31A9A73C3, 1131 ms

Where can I configure this to reduce the output to only aggregate statistics? I've looked at /usr/share/logwatch/default.conf/services/amavis.conf , but I don't see anything in there that would seem to be related.

Any suggestions? Thanks.


Craig

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Configure Amavisd-new Logwatch Output

Hi Craig.  Not sure if you are still looking for an answer to this question.

Currently CentOS is using Logwatch 7.3.6. 

If you look at /usr/share/logwatch/scripts/services/amavis you will see that file is version 2.48, dated 2007/05/16.   

Little wonder it has trouble with unmatched entries.

Go to http://sourceforge.net/projects/logrepo … -logwatch/ and download the latest version. Then do the following.

tar xzf amavis-logwatch-1.XX.XX.tgz
cd amavis-logwatch-1-XX.XX
make install-logwatch

This will install a new filter under your /etc/logwatch directory which will override the old copy in /usr/share/logwatch

Next time Logwatch runs you should see nice clean Amavis output which looks something like this.   Taken from a live server that we've just started migrating accounts to.  As you can see we still have a couple of tweaks to make.

--------------------- Amavisd-new Begin ------------------------ 

    2261   Total messages scanned ------------------  100.00%
 513.367M  Total bytes scanned                    523,731,542
========   ==================================================

     205   Blocked ---------------------------------   16.26%
       1     Banned name blocked                        0.08%
     204     Spam blocked                              16.18%

    1056   Passed ----------------------------------   83.74%
      37     Spammy passed                              2.93%
      29     Bad header passed                          2.30%
     990     Clean passed                              78.51%
========   ==================================================

       2   Banned ----------------------------------    0.08%
       2     Banned file blocked                        0.08%

     441   Spam ------------------------------------   19.11%
      77     Spammy passed                              2.93%
     404     Spam blocked                              16.18%

    2019   Ham -------------------------------------   80.81%
      59     Bad header passed                          2.30%
    1990     Clean passed                              78.51%
========   ==================================================

       1   SpamAssassin bypassed   


**Unmatched Entries**
       2   No ext program for   .rar, tried: unrar, rar
       2   Deleting db files __db.001,nanny.db,__db.003,__db.002,snmp.db,__db.004 in /var/spool/amavisd/db

---------------------- Amavisd-new End ------------------------- 

3

Re: Configure Amavisd-new Logwatch Output

Hi bmackay,

Thanks very much for responding. I wasn't still actively looking, as other priorities took over and this was pushed to the back burner, but now that you've posted a suggestion I'll put this back on the to-do list.

Thanks again, especially for responding to an old thread.


Craig