-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplainmails-in
executable file
·82 lines (81 loc) · 2.46 KB
/
plainmails-in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/bin/php
<?php
$max_mx = 10;
$conns = [];
$stdin = fopen( 'php://stdin', 'r' );
while ( !feof( $stdin ) ) {
$line = fgets( $stdin );
# get both of the following lines and group them by pid
# Jul 5 15:38:06 smtp-in postfix/smtpd[10726]: Anonymous TLS connection established from primus.example.com[123.123.123.123]: TLSv1.2 with ...
# Jul 5 15:38:09 smtp-in postfix/smtpd[10726]: 831334C0B1: client=primus.example.com[123.123.123.123]
preg_match( '#^.*?postfix/smtpd\[(.*?)\]: (.*?(TLS connection| client=).*?)$#', $line, $matches );
if ( $matches ) {
$pid = $matches[1];
$txt = $matches[2];
$conns[$pid][] = $txt;
}
}
fclose( $stdin );
ksort( $conns );
$mx_plain = [];
$mx_tls = [];
$mails_tls = 0;
$mails_plain = 0;
foreach ( $conns as $conn ) {
$tls_ips = [];
foreach ( $conn as $line ) {
# add TLS connection IP to array
# TLS connection established from primus.example.com[123.123.123.123]:
preg_match( '#^.*?TLS connection established from (.*?)\[(.*?)\].*?$#', $line, $matches );
if ( $matches ) {
list( $full, $host, $ip ) = $matches;
$tls_ips[] = $ip;
}
# check if client-IP is in array
# 831334C0B1: client=primus.example.com[123.123.123.123]
preg_match( '#^.*?client=(.*?)\[(.*?)\].*?$#', $line, $matches2 );
if ( $matches2 ) {
list( $from_line, $from_host, $from_ip ) = $matches2;
if ( ! in_array( $from_ip, $tls_ips ) ) {
$mails_plain++;
$mx_plain[] = "$from_host ($from_ip)";
}
else {
$mails_tls++;
$mx_tls[] = "$from_host ($from_ip)";
}
}
}
}
$mails_total = $mails_tls + $mails_plain;
$mails_plain_perc = ( $mails_total == 0 ) ? 0 : round( $mails_plain / $mails_total * 100);
underline( "Incoming mail count (total $mails_total):" );
echo "$mails_tls\tusing TLS\n";
echo "$mails_plain\tunencrypted ($mails_plain_perc %)\n";
$mx_plain_count = array_count_values( $mx_plain );
arsort( $mx_plain_count );
echo "\n";
$mx_tls_count = array_count_values( $mx_tls );
arsort( $mx_tls_count );
underline( "Top $max_mx encrypted MX hosts:" );
$i = 0;
foreach ( $mx_tls_count as $mx_tls_host=>$mx_tls_val ) {
echo "$mx_tls_val\t$mx_tls_host\n";
$i++;
if ( $i == $max_mx ) break;
}
echo "\n";
underline( "Top $max_mx unencrypted MX hosts:" );
$i = 0;
foreach ( $mx_plain_count as $mx_plain_host=>$mx_plain_val ) {
echo "$mx_plain_val\t$mx_plain_host\n";
$i++;
if ( $i == $max_mx ) break;
}
echo "\n";
function underline( $string ) {
$len = strlen( $string );
echo "$string\n";
echo str_repeat( '-', $len ) . "\n";
return;
}