>>в awk - подобного инструмента - я незнaю и пологал, что код
>>не перл будет меньше / проще.
>Теоретизировать не хочется, sorry
>Могу только ещё раз повторить - приведите фрагменты лога,
>тогда можно будет и скрипто-байты посчитать )
ну, раз вы настаиваете, вот лог, а про скриптобайты это круто загнули.
по сути: мыло приходит к постфиксу, от него к ассассину (тот определяет спам это или нет и кидает письмо обратно постфиксу), затем проверяется на вирусы и снова через постфикс идет к внутреннему серверу, с которого юзверы и берут свою почту.
оба письма спамные (хотя ассассин второе не опоснал как спам, но ведь нам как раз эти 2 варианта и нужны: т.е. спам (1) и не_спам(2))
Feb 7 14:01:50 pf postfix/smtpd[15782]: connect from ppp83-237-107-71.pppoe.mtu-net.ru[83.237.107.71]
Feb 7 14:01:54 pf postfix/smtpd[15782]: 4840569C3A: client=ppp83-237-107-71.pppoe.mtu-net.ru[83.237.107.71]
Feb 7 14:01:54 pf postfix/cleanup[15854]: 4840569C3A: message-id=<9323481215.83283283230136@0451.com>
Feb 7 14:01:55 pf postfix/qmgr[32282]: 4840569C3A: from=<czqiji@0451.com>, size=2927, nrcpt=1 (queue active)
Feb 7 14:01:55 pf spamd[24045]: connection from localhost [127.0.0.1] at port 47126
Feb 7 14:01:55 pf spamd[24045]: processing message <9323481215.83283283230136@0451.com> for nobody:65534.
Feb 7 14:01:55 pf spamd[24045]: identified spam (10.1/8.0) for nobody:65534 in 0.2 seconds, 2861 bytes.
Feb 7 14:01:55 pf spamd[24045]: result: Y 10 - BAYES_99,DATE_IN_PAST_06_12,DRUGS_ERECTILE,DRUG_DOSAGE,HTML_FONT_BIG,HTML_FONT_SIZE_LARGE,HTML_MESSAGE,HTML_SHOUTING5,ONLINE_PHARMACY,UPPERCASE_25_50 scantime=0.2,size=2861,mid=<9323481215.83283283230136@0451.com>,bayes=1,autolearn=disabled
Feb 7 14:01:56 pf postfix/smtpd[15782]: disconnect from ppp83-237-107-71.pppoe.mtu-net.ru[83.237.107.71]
Feb 7 14:01:56 pf postfix/pickup[8215]: 1C6BB69C50: uid=65534 from=<czqiji@0451.com>
Feb 7 14:01:56 pf postfix/cleanup[15854]: 1C6BB69C50: message-id=<9323481215.83283283230136@0451.com>
Feb 7 14:01:56 pf postfix/pipe[15866]: 4840569C3A: to=<a1aaa1azzzz1zaaaaa@mydomain.com>, relay=spamassassin, delay=2, status=sent (pf.mydomain.com)
Feb 7 14:01:56 pf postfix/qmgr[32282]: 4840569C3A: removed
Feb 7 14:01:56 pf postfix/qmgr[32282]: 1C6BB69C50: from=<czqiji@0451.com>, size=6157, nrcpt=1 (queue active)
Feb 7 14:01:56 pf clamsmtpd: 1004F3: accepted connection from: 127.0.0.1
Feb 7 14:01:56 pf postfix/smtpd[15922]: connect from localhost[127.0.0.1]
Feb 7 14:01:56 pf postfix/smtpd[15922]: F2BBC69C56: client=localhost[127.0.0.1]
Feb 7 14:01:57 pf clamd[27574]: SelfCheck: Database status OK.
Feb 7 14:01:57 pf clamd[27574]: /tmp/clamsmtpd.BiDLTd: OK
Feb 7 14:01:57 pf postfix/cleanup[15854]: F2BBC69C56: message-id=<9323481215.83283283230136@0451.com>
Feb 7 14:01:57 pf clamsmtpd: 1004F3: from=czqiji@0451.com, to=a1aaa1azzzz1zaaaaa@mydomain.com, status=CLEAN
Feb 7 14:01:57 pf postfix/smtp[15920]: 1C6BB69C50: to=<a1aaa1azzzz1zaaaaa@mydomain.com>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 Ok: queued as F2BBC69C56)
Feb 7 14:01:57 pf postfix/qmgr[32282]: F2BBC69C56: from=<czqiji@0451.com>, size=6414, nrcpt=1 (queue active)
Feb 7 14:01:57 pf postfix/qmgr[32282]: 1C6BB69C50: removed
Feb 7 14:01:57 pf postfix/smtpd[15922]: disconnect from localhost[127.0.0.1]
Feb 7 14:02:02 pf postfix/smtp[15936]: F2BBC69C56: to=<a1aaa1azzzz1zaaaaa@mydomain.com>, relay=192.168.0.14[192.168.0.14], delay=6, status=sent (250 Message accepted for delivery)
Feb 7 14:02:02 pf postfix/qmgr[32282]: F2BBC69C56: removed
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Feb 7 14:19:01 pf postfix/smtpd[20723]: connect from 219-86-97-135.dynamic.tfn.net.tw[219.86.97.135]
Feb 7 14:19:05 pf postfix/smtpd[20723]: 434EF68E4F: client=219-86-97-135.dynamic.tfn.net.tw[219.86.97.135]
Feb 7 14:19:09 pf postfix/cleanup[20824]: 434EF68E4F: message-id=<124439.2741586399343.213473685133.HXKU.4666@sportcenter.com>
Feb 7 14:19:14 pf postfix/qmgr[32282]: 434EF68E4F: from=<Maria.Dean@floridaroof.com>, size=19556, nrcpt=3 (queue active)
Feb 7 14:19:14 pf spamd[25440]: connection from localhost [127.0.0.1] at port 55382
Feb 7 14:19:14 pf spamd[25440]: processing message <124439.2741586399343.213473685133.HXKU.4666@sportcenter.com> for nobody:65534.
Feb 7 14:19:14 pf spamd[25440]: clean message (7.0/8.0) for nobody:65534 in 0.1 seconds, 19230 bytes.
Feb 7 14:19:14 pf spamd[25440]: result: . 7 - BAYES_99,HTML_80_90,HTML_IMAGE_ONLY_24,HTML_MESSAGE scantime=0.1,size=19230,mid=<124439.2741586399343.213473685133.HXKU.4666@sportcenter.com>,bayes=0.999999999999892,autolearn=disabled
Feb 7 14:19:14 pf postfix/pickup[8215]: 7335368E51: uid=65534 from=<Maria.Dean@floridaroof.com>
Feb 7 14:19:14 pf postfix/pipe[20831]: 434EF68E4F: to=<tku@mydomain.com>, relay=spamassassin, delay=11, status=sent (pf.mydomain.com)
Feb 7 14:19:14 pf postfix/pipe[20831]: 434EF68E4F: to=<wqd@mydomain.com>, relay=spamassassin, delay=11, status=sent (pf.mydomain.com)
Feb 7 14:19:14 pf postfix/pipe[20831]: 434EF68E4F: to=<sde@mydomain.com>, relay=spamassassin, delay=11, status=sent (pf.mydomain.com)
Feb 7 14:19:14 pf postfix/qmgr[32282]: 434EF68E4F: removed
Feb 7 14:19:14 pf postfix/cleanup[20824]: 7335368E51: message-id=<124439.2741586399343.213473685133.HXKU.4666@sportcenter.com>
Feb 7 14:19:14 pf postfix/qmgr[32282]: 7335368E51: from=<Maria.Dean@floridaroof.com>, size=19929, nrcpt=3 (queue active)
Feb 7 14:19:14 pf clamsmtpd: 1004F6: accepted connection from: 127.0.0.1
Feb 7 14:19:14 pf postfix/smtpd[20837]: connect from localhost[127.0.0.1]
Feb 7 14:19:14 pf postfix/smtpd[20837]: C63BD68E4F: client=localhost[127.0.0.1]
Feb 7 14:19:14 pf postfix/smtpd[20723]: disconnect from 219-86-97-135.dynamic.tfn.net.tw[219.86.97.135]
Feb 7 14:19:15 pf clamd[27574]: SelfCheck: Database status OK.
Feb 7 14:19:15 pf clamd[27574]: /tmp/clamsmtpd.bdwtQr: OK
Feb 7 14:19:15 pf postfix/cleanup[20824]: C63BD68E4F: message-id=<124439.2741586399343.213473685133.HXKU.4666@sportcenter.com>
Feb 7 14:19:15 pf postfix/qmgr[32282]: C63BD68E4F: from=<Maria.Dean@floridaroof.com>, size=20145, nrcpt=3 (queue active)
Feb 7 14:19:15 pf clamsmtpd: 1004F6: from=Maria.Dean@floridaroof.com, to=tku@mydomain.com, to=wqd@mydomain.com, to=sde@mydomain.com, status=CLEAN
Feb 7 14:19:15 pf postfix/smtp[20835]: 7335368E51: to=<tku@mydomain.com>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 Ok: queued as C63BD68E4F)
Feb 7 14:19:15 pf postfix/smtp[20835]: 7335368E51: to=<wqd@mydomain.com>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 Ok: queued as C63BD68E4F)
Feb 7 14:19:15 pf postfix/smtp[20835]: 7335368E51: to=<sde@mydomain.com>, relay=127.0.0.1[127.0.0.1], delay=1, status=sent (250 Ok: queued as C63BD68E4F)
Feb 7 14:19:15 pf postfix/qmgr[32282]: 7335368E51: removed
Feb 7 14:19:15 pf postfix/smtpd[20837]: disconnect from localhost[127.0.0.1]
Feb 7 14:19:20 pf postfix/smtp[20841]: C63BD68E4F: to=<tku@mydomain.com>, relay=192.168.0.14[192.168.0.14], delay=6, status=sent (250 Message accepted for delivery)
Feb 7 14:19:20 pf postfix/smtp[20841]: C63BD68E4F: to=<wqd@mydomain.com>, relay=192.168.0.14[192.168.0.14], delay=6, status=sent (250 Message accepted for delivery)
Feb 7 14:19:20 pf postfix/smtp[20841]: C63BD68E4F: to=<sde@mydomain.com>, relay=192.168.0.14[192.168.0.14], delay=6, status=sent (250 Message accepted for delivery)
Feb 7 14:19:20 pf postfix/qmgr[32282]: C63BD68E4F: removed
Вариант для распечатки
Программирование под UNIX (Public)
(??) on 01-Фев-06, 16:04 
