NAME

pmx-mlog-watch - Scans the PureMessage message log and reports on anomalies

DESCRIPTION

The pmx-mlog-watch program scans the activity in the message log's inbound traffic for anomalies that may indicate spam activity. The message log is specified in the message_log setting within <Milter> sections of the pmx.conf file.

If anomalies are detected, a report is generated that describes the activity and the envelope sender or relay that was the cause.

OPTIONS

Options can be specified either in a configuration file (by default, etc/logwatch.conf), or on the command line. Options specified on the command line override those specified in the configuration file.

--config filename
Specify a non-default configuration file. If not specified, the default configuration stored in the etc/logwatch.conf file is used.

--scan-window minutes
This is the amount of time in minutes from the time the scan begins to go back and scan the log for anomalies. The default is 30 minutes.

--max-lines number_of_lines
This is the maximum number of lines that should be scanned at one time. (Each line corresponds to one message.) This prevents pmx-log-watch from running too long if lots of messages were received and the --scan-window is too large. If this number is met or exceeded, a warning is written to the log specified in the log_to setting in the pmx.conf configuration file (by default, pmx_log). The default is 10000 lines.

--max-rcpts number_of_recipients
This is the maximum number of recipients a sending relay can specify in one SMTP transaction. If this number is met or exceeded, a counter is incremented for the relay. The default is 50 recipients.

--max-size number_of_MB
If a sender sends a message that reaches or exceeds this value, a counter is incremented for the sender. The default is 10 MB.

--hw-relay number_of_messages
This specifies the maximum number of messages that can be received from one relay during the --scan-window. If a relay sends more than this number of messages, a report is generated. The default is 5000 messages.

--hw-senders number_of_messages
This specifies the maximum number of messages that can be received from one sender during the --scan-window. If a sender sends more than this number of messages, a report is generated. The default is 5000 messages.

--hw-rcpts number_of_max-rcpts_triggers
This specifies the maximum counter value for --max-rcpts. If a relay triggers the --max-rcpts counter more than the number of times specified here during the --scan-window, a report is generated. The default is 5000 triggers.

--hw-size number_of_max-size_triggers
This specifies the maximum counter value for --max-size. If a sender triggers the --max-size counter more than the number of times specified here during the --scan-window, a report is generated. The default is 5000 triggers.

SEE ALSO

the pmx-mlog manpage, the pmx-mlog-react manpage, the logwatch.conf manpage

COPYRIGHT

Copyright (C) 2000-2008 Sophos Group. All rights reserved. Sophos and PureMessage are trademarks of Sophos Plc and Sophos Group.