Parser/Sendmail.pm: Added a parser for sendmail.

Parser/Sendmail.pm: Added a parser for sendmail.

From: qMax <qmax@mediasoft.ru>
To: yaala@verplant.org
Subject: [yaala] Sendmail log parser
Date: Tue, 23 Nov 2004 18:15:28 +0600

This is a Parser for sendmail log.

Note:
 Each message in sendmail log forms several records (lines):
 one record with 'from=' field, and one or several with 'to=' field.

 Parser joins each 'from'-part with 'to'-part by message log id.
 However, if there're several recipients, result will be several
 records for the same message: one per recipient. When message is
 first time countd, datafield 'uniq' is set to 1. This is usefull to
 calculate total count/traffic or traffic by type. But if you count
 total by recipients, using this key (as WHERE uniq=='1') will make
 yaala ignore all recipients of a message, but the first.

Config options:
 sendmail_aliases     - aliases file used to resolve (local senders) adresses
 sendmail_localdomain - local domain to remove from adresses
 sendmail_localrelay  - IP regexp to determine incoming/outgoing/local traffic, egg '192.168.1.\d+'

Data fields:

 everything found in sendmail log, with:
 timedate is splited to 'date' and 'hour', as usual, year is taken from current date.
 rrelay is relay field from 'to'-part

 uniq = set to 1 when message first time counted.

 type = "I","O","L","R" for incoming, outgoing, local and relay traffic.
        It is determined using fields 'mailer' and 'relay'.
        (Thus, only applied to actually sent/recieved messages)

Aggregations: size, count, nrcpts

TODO:
 - Properly handle multiple aliases.
 - Split non-local multiple recipients
 - resolve hosts in relay fields.