NAME
opendkim-stats - output opendkim statistics
SYNOPSIS
opendkim-stats [options] file
DESCRIPTION
The opendkim-stats utility reads from an opendkim statistics database
and dumps the data therein to standard output. It takes as its only
argument the path to this database. The opendkim statistics gathering
is disabled by default, but can be enabled through a Statistics entry
in /etc/opendkim.conf.
See the opendkim.conf(5) man page for details.
OPTIONS
-a Anonymize output by replacing the sending domain and IP address
in each record with an MD5 hash of their actual values.
-c Output comma-separated format. Not generally human-readable,
but ideal for machine processing.
-h name
Uses name as the name of the reporting host instead of the value
returned by gethostname(3). This is only used with -c (above)
when creating input suitable for database import.
-i Initialize the named database. The database is created if it
doesn't already exist, and a version record is added to it.
This must be done before the filter can make use of the database
to record data.
-m address
Send the report to the specified address by creating a pipe to
sendmail(8) and feeding it the output with appropriate
arguments.
-r When used with -m, on successful transmission of the report,
this option causes the database to be reset (i.e. all data other
than the version record will be deleted).
OUTPUT
opendkim-stats produces a report with a number of values associated
with each MTA job ID for which signed mail has been received. The
first column contains the job ID, the second contains the sending
domain, the third contains the sending IP address, and the fourth is a
comma-separated list of "key=value" strings. The keys and their values
are as follows:
when Timestamp of the last signed message seen from this domain (UNIX
time format).
alg Integer representation of the signing algorithm seen on this
message. Only author signatures are recorded in this way.
hc Integer representation of the header canonicalization seen on
this message. Only author signatures are recorded in this way.
bc Integer representation of the body canonicalization seen on this
message. Only author signatures are recorded in this way.
total Count of signatures on this message.
pass Count of passing signatures on this message.
fail Count of failing signatures on this message.
failbody
Count of failing signatures on this message where the failure
could specifically be attributed to a change in the message body
(i.e. the signature matched, but the "bh" tag value did not
match).
ext Count of signatures on this message where the message was
extended after signing. This means the message contained one or
more signature(s) with an "l=" tag, but the received message had
a body length larger than that value.
keyt Count of signatures on this message that referred to a key
record that had a "t=" tag.
keyg Count of signatures on this message that referred to a key
record that had a "g=" tag.
keysyntax
Count of signatures on this message that referred to a key
record that had a syntax error.
keynx Count of signatures on this message that referred to a key
record that could not be retrieved from the DNS.
sigt Count of signatures on this message that contained a "t=" tag.
sigtfut
Count of signatures on this message that contained a "t=" tag
with a timestamp in the future.
sigx Count of signatures on this message that contained an "x=" tag.
sigl Count of signatures on this message that contained an "l=" tag.
sigz Count of signatures on this message that contained a "z=" tag.
adsp If this message provoked an ADSP query that succeeded, this
value will be 1. If this message did not mandate an ADSP query
(because a valid author signature was present), this value will
be 0. If an ADSP query was attempted but failed, this value
will be 2.
adspfail
If an ADSP query was done and returned "all" but this message
had no valid author domain signature, this value will be 1.
Otherwise, it will be 0.
adspdisc
If an ADSP query was done and returned "discardable" but this
message had no valid author domain signature, this value will be
1. Otherwise, it will be 0.
asigs Count of valid signatures on this message for which the "d="
(signing domain) tag matched the domain in the From: header
field; that is, a count of valid author signatures.
asigsfail
Count of invalid signatures on this message for which the "d="
(signing domain) tag matched the domain in the From: header
field; that is, a count of invalid author signatures.
tpsigs Count of valid signatures on this message for which the "d="
(signing domain) tag did not match the domain in the From:
header field; that is, a count of valid third-party signatures.
tpsigsfail
Count of invalid signatures on this message for which the "d="
(signing domain) tag did not match the domain in the From:
header field; that is, a count of invalid third-party
signatures.
mlist If at least one typical mailing list header field was present
(e.g., a Precedence: header field containing "list", or the
presence of a List-Id:, List-Post:, List-Unsubscribe: or
Mailing-List: header field), this value will be 1; otherwise, it
will be 0.
rhcnt Count of Received: header fields on the message.
NOTES
The output of opendkim-stats is subject to change. Please be aware of
this when upgrading to future releases, especially if you develop any
scripts that consume the output.
The current version of the OpenDKIM statistics system is 2. Generally,
opendkim-stats can read all database versions, but opendkim(8) will
only generate the most recent version (and will refuse to update older
databases).
SEE ALSO
opendkim(8)
VERSION
This man page covers the opendkim-stats that shipped with version 2.1.3
of OpenDKIM.
HISTORY
This original version of this man page was contributed by Mike Markley
<mike@markley.org> for the Debian project.
The OpenDKIM Project