+ break;
+
+ case "delay":
+ $local_sql_2 .= ", delay";
+ $local_sql_3 .= ", '".ereg_replace("\+", " ", $local_element[1])."'";
+ break;
+
+ case "xdelay":
+ $local_sql_2 .= ", xdelay";
+ $local_sql_3 .= ", '".ereg_replace("\+", " ", $local_element[1])."'";
+ break;
+
+ case "mailer":
+ $local_sql_2 .= ", mailer";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+
+ case "dsn":
+ $local_sql_2 .= ", dsn";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ break;
+
+ case "msgid":
+ $local_sql_2 .= ", external_messageid";
+ if (substr($local_element[1],0,1) == '<')
+ {
+ $local_sql_3 .= ", '";
+ $local_sql_3 .= substr($local_element[1],1,(strlen($local_element[1])-2));
+ $local_sql_3 .= "'";
+ }
+ else
+ {
+ $local_sql_3 .= ", '".$local_element[1]."'";
+ }
+ break;
+
+ //As of this point we only deal with Status
+ case "stat":
+ $local_sql_2 .= ", status";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+
+ $local_pos = strrpos (strtolower($local_logline_array[$i]), "stat=");
+ $local_len = strlen($local_logline_array[$i]) - $local_pos - 6;
+ $local_sql_2 .= ", status_details";
+ $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 5, $local_len) . "'";
+ break;
+
+ case "status":
+ $local_sql_2 .= ", status";
+ $local_sql_3 .= ", '".$local_element[1]."'";
+
+ $local_pos = strrpos (strtolower($local_logline_array[$i]), "status=");
+ $local_len = strlen($local_logline_array[$i]) - $local_pos - 8;
+ $local_sql_2 .= ", status_details";
+ $local_sql_3 .= ", '".substr($local_logline_array[$i], $local_pos + 7, $local_len) . "'";
+ break;
+
+ case "reject":
+ if ($local_element[1] == "550")
+ {
+ $local_sql_2 .= ", event";
+ $local_sql_3 .= ", 'SPAM'";
+ }
+ else if ($local_element[1] == "553")
+ {
+ $local_sql_2 .= ", event";
+ $local_sql_3 .= ", 'Blocked SPAM'";
+ }
+ else
+ {
+ echo "Unknown reject code in sendmail log: " . $local_element[1] .
+ ", logid = " .$dbms->db_result_row[0] . "\n";
+ }
+ break;
+
+ case "POSSIBLE":
+ echo "POSSIBLE ATTACK special report: $local_log_string\n";
+ break;
+
+ default:
+ if (substr(strtolower($local_element[0]),0,1) == "[")
+ {
+ $local_sql_2 .= ", destination_ip";
+ $local_sql_3 .= ", '". substr($local_element[1], 1, strlen($local_element[1]) - 2)."'";
+ }
+ break;