Linux Certif

Toute la documentation sur la certification Linux LPI

opendkim-stats

NAME

opendkim-stats - output opendkim statistics

SYNOPSIS

opendkim-stats [options] file

DESCRIPTION

The opendkim-stats utility reads from an opendkim statistics database and dumps the data therein to standard output. It takes as its only argument the path to this database. The opendkim statistics gathering is disabled by default, but can be enabled through a Statistics entry in /etc/opendkim.conf.

See the opendkim.conf(5) man page for details.

OPTIONS

-a

Anonymize output by replacing the sending domain and IP address in each record with an MD5 hash of their actual values.

-c

Output comma-separated format. Not generally human-readable, but ideal for machine processing.

-h name

Uses name as the name of the reporting host instead of the value returned by gethostname(3). This is only used with -c (above) when creating input suitable for database import.

-i

Initialize the named database. The database is created if it doesn't already exist, and a version record is added to it. This must be done before the filter can make use of the database to record data.

-m address

Send the report to the specified address by creating a pipe to sendmail(8) and feeding it the output with appropriate arguments.

-r

When used with -m, on successful transmission of the report, this option causes the database to be reset (i.e. all data other than the version record will be deleted).

OUTPUT

opendkim-stats produces a report with a number of values associated with each MTA job ID for which signed mail has been received. The first column contains the job ID, the second contains the sending domain, the third contains the sending IP address, and the fourth is a comma-separated list of "key=value" strings. The keys and their values are as follows:

when

Timestamp of the last signed message seen from this domain (UNIX time format).

alg

Integer representation of the signing algorithm seen on this message. Only author signatures are recorded in this way.

hc

Integer representation of the header canonicalization seen on this message. Only author signatures are recorded in this way.

bc

Integer representation of the body canonicalization seen on this message. Only author signatures are recorded in this way.

total

Count of signatures on this message.

pass

Count of passing signatures on this message.

fail

Count of failing signatures on this message.

failbody

Count of failing signatures on this message where the failure could specifically be attributed to a change in the message body (i.e. the signature matched, but the "bh" tag value did not match).

ext

Count of signatures on this message where the message was extended after signing. This means the message contained one or more signature(s) with an "l=" tag, but the received message had a body length larger than that value.

keyt

Count of signatures on this message that referred to a key record that had a "t=" tag.

keyg

Count of signatures on this message that referred to a key record that had a "g=" tag.

keysyntax

Count of signatures on this message that referred to a key record that had a syntax error.

keynx

Count of signatures on this message that referred to a key record that could not be retrieved from the DNS.

sigt

Count of signatures on this message that contained a "t=" tag.

sigtfut

Count of signatures on this message that contained a "t=" tag with a timestamp in the future.

sigx

Count of signatures on this message that contained an "x=" tag.

sigl

Count of signatures on this message that contained an "l=" tag.

sigz

Count of signatures on this message that contained a "z=" tag.

adsp

If this message provoked an ADSP query that succeeded, this value will be 1. If this message did not mandate an ADSP query (because a valid author signature was present), this value will be 0. If an ADSP query was attempted but failed, this value will be 2.

adspfail

If an ADSP query was done and returned "all" but this message had no valid author domain signature, this value will be 1. Otherwise, it will be 0.

adspdisc

If an ADSP query was done and returned "discardable" but this message had no valid author domain signature, this value will be 1. Otherwise, it will be 0.

asigs

Count of valid signatures on this message for which the "d=" (signing domain) tag matched the domain in the From: header field; that is, a count of valid author signatures.

asigsfail

Count of invalid signatures on this message for which the "d=" (signing domain) tag matched the domain in the From: header field; that is, a count of invalid author signatures.

tpsigs

Count of valid signatures on this message for which the "d=" (signing domain) tag did not match the domain in the From: header field; that is, a count of valid third-party signatures.

tpsigsfail

Count of invalid signatures on this message for which the "d=" (signing domain) tag did not match the domain in the From: header field; that is, a count of invalid third-party signatures.

mlist

If at least one typical mailing list header field was present (e.g., a Precedence: header field containing "list", or the presence of a List-Id:, List-Post:, List-Unsubscribe: or Mailing-List: header field), this value will be 1; otherwise, it will be 0.

rhcnt

Count of Received: header fields on the message.

NOTES

The output of opendkim-stats is subject to change. Please be aware of this when upgrading to future releases, especially if you develop any scripts that consume the output.

The current version of the OpenDKIM statistics system is 2. Generally, opendkim-stats can read all database versions, but opendkim(8) will only generate the most recent version (and will refuse to update older databases).

SEE ALSO

opendkim(8)

VERSION

This man page covers the opendkim-stats that shipped with version 2.1.3 of OpenDKIM.

HISTORY

This original version of this man page was contributed by Mike Markley <mike@markley.org> for the Debian project.