Log file checking
in [Postfix]
|
Prev: problem sending outside of local machine
Next: routing all mails to customized processor, without individual mail directory
From: "Mark Scholten" on 31 Jul 2010 08:15 Hello, I am looking for a solution to get the following information from postfix: - Ignore connections from 127.0.0.1 or process only connections from 127.0.0.1 (with another flag/option set) - What is done with the connection (mail accepted/mail rejected (if rejected what was the reason, for example helo check failed/greylisted/recipient doesn't exist/blacklisted)) Or if the above isn't available something that outputs the following to a file or the commandline (so I can grep at it and use wc -l): - Create a single line with information about a message (time/sender/recipient/helo/sending server/action (including error code/error information if available) I did check and didn't find it here (or I didn't look good enough) http://www.postfix.org/addon.html#logfile Is something like that available for postfix or should I create something for it? With kind regards, Mark Scholten
From: Jeroen Geilman on 31 Jul 2010 09:15 On 07/31/2010 02:15 PM, Mark Scholten wrote: > Hello, > > I am looking for a solution to get the following information from postfix: > - Ignore connections from 127.0.0.1 or process only connections from > 127.0.0.1 (with another flag/option set) > - What is done with the connection (mail accepted/mail rejected (if rejected > what was the reason, for example helo check failed/greylisted/recipient > doesn't exist/blacklisted)) > > Or if the above isn't available something that outputs the following to a > file or the commandline (so I can grep at it and use wc -l): > - Create a single line with information about a message > (time/sender/recipient/helo/sending server/action (including error > code/error information if available) > > I did check and didn't find it here (or I didn't look good enough) > http://www.postfix.org/addon.html#logfile > > Is something like that available for postfix or should I create something > for it? > I have no idea what you're talking about - do you want to make postfix DO something, or do you want to analyze log files ? In the former case, you can restrict pretty much anything. In the latter case, there are no limitations, since they're presumably your log files - go wild. J.
From: "Mark Scholten" on 31 Jul 2010 12:00 > -----Original Message----- > From: owner-postfix-users(a)postfix.org [mailto:owner-postfix- > users(a)postfix.org] On Behalf Of Jeroen Geilman > Sent: Saturday, July 31, 2010 3:16 PM > To: postfix-users(a)postfix.org > Subject: Re: Log file checking > > On 07/31/2010 02:15 PM, Mark Scholten wrote: > > Hello, > > > > I am looking for a solution to get the following information from > postfix: > > - Ignore connections from 127.0.0.1 or process only connections from > > 127.0.0.1 (with another flag/option set) > > - What is done with the connection (mail accepted/mail rejected (if > rejected > > what was the reason, for example helo check > failed/greylisted/recipient > > doesn't exist/blacklisted)) > > > > Or if the above isn't available something that outputs the following > to a > > file or the commandline (so I can grep at it and use wc -l): > > - Create a single line with information about a message > > (time/sender/recipient/helo/sending server/action (including error > > code/error information if available) > > > > I did check and didn't find it here (or I didn't look good enough) > > http://www.postfix.org/addon.html#logfile > > > > Is something like that available for postfix or should I create > something > > for it? > > > > > I have no idea what you're talking about - do you want to make postfix > DO something, or do you want to analyze log files ? > > In the former case, you can restrict pretty much anything. > > In the latter case, there are no limitations, since they're presumably > your log files - go wild. I am looking at analyzing the log files. I want to get certain information from the log files and I want to know if there is something available to limit it to a single line per email (as that is easier to process and to find the last action). Any ideas if there are ready to use scripts for this part? Regards, Mark > > J.
From: Stan Hoeppner on 31 Jul 2010 18:25 Mark Scholten put forth on 7/31/2010 11:00 AM: > Any ideas if there are ready to use scripts for this part? If you give us your exact requirement, instead of the vague "I want to get certain information", one of us might be able to hack up a simple shell script, or even a single bash line, to do what you want. Keep in mind however, that you're probably not going to get "everything" on a single line. If you do it won't be legible. In the mean time, take a look at pflogsumm, a simple log summary generator for Postfix: http://jimsun.linxnet.com/postfix_contrib.html Debian distros have a pflogsumm package, other distros may as well. -- Stan
From: "Mark Scholten" on 31 Jul 2010 19:53
> -----Original Message----- > From: owner-postfix-users(a)postfix.org [mailto:owner-postfix- > users(a)postfix.org] On Behalf Of Stan Hoeppner > Sent: Sunday, August 01, 2010 12:26 AM > To: postfix-users(a)postfix.org > Subject: Re: Log file checking > > Mark Scholten put forth on 7/31/2010 11:00 AM: > > > Any ideas if there are ready to use scripts for this part? > > If you give us your exact requirement, instead of the vague "I want to > get > certain information", one of us might be able to hack up a simple shell > script, or even a single bash line, to do what you want. Keep in mind > however, that you're probably not going to get "everything" on a single > line. > If you do it won't be legible. To be as clear as possible: I want the following information (per day or per hour, it should be possible to exclude email addresses or to only get information for certain email addresses): - Number of email attempts made by other systems - Number of messages blocked based on the HELO requirements (I have a few regexp lines with blocked HELOs (botnets/spammers)) - Number of connections greylisted (we use postgrey) - Number of attempts for an invalid recipient - Number of messages blocked based on blacklists - Number of messages blocked by content filter (not really important) - Number of messages accepted (not blocked at any stage) I now have a few commands that I use to get something like this (however based on the actual numbers I think something is wrong). Currently used commands: cat /var/log/mail.log | grep -v "double-bounce(a)spamfilter01.streamservice.nl" | grep -v 127.0.0.1 | grep "Jul 31" | grep "Helo command rejected" | wc -l cat /var/log/mail.log | grep -v "double-bounce(a)spamfilter01.streamservice.nl" | grep -v 127.0.0.1 | grep "Jul 31" | grep -v "Helo command rejected" | grep "action=greylist" | wc -l cat /var/log/mail.log | grep -v "double-bounce(a)spamfilter01.streamservice.nl" | grep -v 127.0.0.1 | grep "Jul 31" | grep -v "Helo command rejected" | grep -v "action=greylist" | grep 550 | grep -i "recipient address rejected" | wc -l cat /var/log/mail.log | grep -v "double-bounce(a)spamfilter01.streamservice.nl" | grep -v 127.0.0.1 | grep "Jul 31" | grep -v "Helo command rejected" | grep -v "action=greylist" | grep -vi "recipient address rejected" | grep 550 | grep -i "Your MTA is listed in too many DNSBLs" | wc -l cat /var/log/mail.log | grep -v "double-bounce(a)spamfilter01.streamservice.nl" | grep "Jul 31" | grep "relay=127.0.0.1\[127.0.0.1\]\:10024" | grep -v SPAM | wc -l cat /var/log/mail.log | grep -v "double-bounce(a)spamfilter01.streamservice.nl" | grep "Jul 31" | grep "relay=127.0.0.1\[127.0.0.1\]\:10024" | grep SPAM | wc -l There is probably a better/faster way to get this information I guess. These lines probably have a few mistakes in it (at least I guess they have). > > In the mean time, take a look at pflogsumm, a simple log summary > generator for > Postfix: > http://jimsun.linxnet.com/postfix_contrib.html I did check pflogsumm, however most information isn't provided by pflogsumm (same for awstats). At least not with the package debian provides. > > Debian distros have a pflogsumm package, other distros may as well. > > -- > Stan -- Mark |