#!/usr/bin/perl -w
###############################################
# This script should be called with a parameter
# of a maillog file.
#
my (@messages, @byrecip);

$Tag2Score = 0;
$i = 0;
$messagecount = 0;

while(<>) {
    next unless ($_ =~ /amavis/);  # Skip lines that don't contain "amavis"

    if ($_ =~ /header: X-Spam-Status:/) {
       # Grab all spam scores between tag1 and tag2
      ($LowScore) = /hits=([-]*[0-9]+[\.]+[0-9]+)/;
      push (@byscore, $LowScore);
    }

    next unless ($_ =~ /\) SPAM,/);  # Skip lines that don't contain "SPAM"

    # Grab the info we want from this line
    ($FromAddress, $ToAddress, $Score, $Tests) = /SPAM,\s*<([^>]*)> -> <([^>]*)>.+hits=([-]*[0-9]+[\.]+[0-9]+).+tests=(.+)/; 
    if (! $Tag2Score) {
      ($Tag2Score) = /tag2=(\d+\.\d+)/;
    }
    if ($FromAddress =~ /@/) {
       ($Sender, $Domain) = split(/@/, $FromAddress);
       if ($Domain eq '') { $Domain = 'blank.blank.blank'; }
    }
    else {
	$Sender = '<none>';
        $Domain = 'blank.blank.blank';
    }
    $Domain =~ s/.*\.+(.+\..+)/$1/; 

    # Add all the scores above tag2 [remove this if in pass-through mode]
    push (@byscore, $Score);

    ($messages[$i]{domain},
    $messages[$i]{sender},
    $messages[$i]{from},
    $messages[$i]{to},
    $messages[$i]{score},
    $messages[$i]{tests})= ($Domain, $Sender, $FromAddress, $ToAddress, $Score, $Tests);

    ($byrecip[$i]{to}) = lc($ToAddress);
    ($bysender[$i]{from}, $bysender[$i]{score}) = (lc($FromAddress), $Score);
    ($bydomain[$i]{domain}) = lc($Domain);

    $i++;
    $messagecount++;
}

#############################################
## Print out spam score distribution
#############################################
print <<EOL;

-----------------------------------------------------------------------
SPAM Blocking Report
-----------------------------------------------------------------------

All Spam Score Distribution
    Range      Count
    -------------------------------------------------------------------
EOL

# create a format for the output
format SDist =
    @<<<<<<<<< @>>>>
    $CurRange, $ScoreCount
.

$~ = 'SDist';

@byscore = sort ( { $a <=> $b } @byscore );

# define all the ranges
@Range = (0,1,2,3,4,5,6,7,8,9,10,15,20,30,40,50,60,70,80,90,100,200);
$ScoreCount = 0;

$Tag2Below = 0;
$Tag2Above = 0;

# jump to the first range of our lowest spam score
for ($j=0; $j <= $#Range; $j++) {
  if ( $byscore[0] < $Range[$j] ) { last; }
}

# tally the scores by range and print them out
foreach $row (@byscore) {
  if ( $row < $Tag2Score ) { $Tag2Below++; }
  else { $Tag2Above++; }
  if ( $row < $Range[$j] ) { $ScoreCount++; }
  else {
    $CurRange = $Range[$j-1] . ' - ' . $Range[$j];
    write;
    $j++;
    $ScoreCount = 1; 
  }
}

# print out the last range
$CurRange = $Range[$j-1] . ' - ' . $Range[$j];
write;

$TotalTagged = $Tag2Below + $Tag2Above;
$PercentBelow = sprintf("%2.1f", ($Tag2Below / $TotalTagged * 100));
$PercentAbove = sprintf("%2.1f", ($Tag2Above / $TotalTagged * 100));

print <<EOL;

$Tag2Score  Spam Score Threshold
$Tag2Below ($PercentBelow%)  Spam Scores less than Threshold
$Tag2Above ($PercentAbove%)  Spam Scores equal to or greater than Threshold
$TotalTagged  Total tagged
EOL

@byscore = ();


#############################################
## Print out spam senders by score
#############################################
print <<EOL;

Spam Senders By Score - Top 50
    Score      Author
    -------------------------------------------------------------------
EOL

@bysender = reverse sort ( { $$a{score} <=> $$b{score} }  @bysender );

$lines = 1;
for my $row(@bysender) {
  if ($lines > 50) {last;}
  $lines++;

  print <<EOL;
    $$row{score}        $$row{from}
EOL
}
@bysender = ();


#############################################
## Count number of messages per domain
#############################################
my @sorted_domain = sort ( { $$a{domain} cmp $$b{domain} } @bydomain ); 

$previous = 'itshouldneverequalthis';
$i = 0;
$count = 1;
@bydomain = ();
for my $row(@sorted_domain) {
    if ($$row{domain} eq $previous) {
        ($bydomain[$i-1]{domain}, $bydomain[$i-1]{count}) = ($$row{domain}, ++$count);
    } else {
        ($bydomain[$i]{domain}, $bydomain[$i]{count}) = ($$row{domain}, 1);
        $i++;
        $count = 1;
    }
    $previous = $$row{domain};
}

@bydomain = reverse sort ( { $$a{count} <=> $$b{count} } @bydomain );


#############################################
## Print out spam distribution by domain
#############################################
print <<EOL;

Spam Domains By Amount Received - Top 50
    Received      Domain 
    -------------------------------------------------------------------
EOL

$numberofdomains = 0;
for my $row(@bydomain) {
  if ($numberofdomains < 50)  # only print this many lines
  {
    print <<EOL;
    $$row{count}            $$row{domain}
EOL
  }
  $numberofdomains++;
}


#############################################
## Calculate # of spam per user
#############################################
# Sort the recipients list
my @sorted_to = sort ( { lc($$a{to}) cmp lc($$b{to}) } @byrecip );

$previous = 'itshouldneverequalthis';
@byrecip = (); 
$i = 0;
$count = 1; 

for my $row(@sorted_to) {
    if ($$row{to} eq $previous) {
        ($byrecip[$i-1]{to}, $byrecip[$i-1]{count}) = ($$row{to}, ++$count);
    } else {
        ($byrecip[$i]{to}, $byrecip[$i]{count}) = ($$row{to}, 1);
        $i++;
        $count = 1;
    }
    $previous = $$row{to};
}


#############################################
## Print out spam distribution by recipient
#############################################
print <<EOL;

SPAM Recipients By Amount Received - Top 50
    Received      User
    -------------------------------------------------------------------
EOL

@byrecip = reverse sort ( { $$a{count} <=> $$b{count}  } @byrecip );

$numberofrecipients = 0;
for my $row(@byrecip) {
  if ($numberofrecipients < 50)  # only print this many lines
  {
    print <<EOL;
    $$row{count}            $$row{to}
EOL
  }
  $numberofrecipients++;
}


#############################################
## Print out Grand Totals
#############################################
print <<EOL;

Spam Grand Totals
--------------------------------------------------------
    $messagecount spam messages blocked
    $numberofrecipients recipients received spam 
    $numberofdomains unique domains sent us spam
EOL