Re: Informazioni Log Analyzer Postfix
Le 27/11/2012 11:53, Zattara Stefano a écrit :
Buongiorno a tutta la lista,
vi chiedo un consiglio riguardo un log analyzer per postfix.
Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili in
python.
Quello che mi interesserebbe è riuscire a ricostruitre la "vita" di
una mail
dall'ingresso alla consegna o allo scarto per qualche motivo
( ingresso->postfix->antispam->filtri->consegna )
Qualunco ha qualche dritta da darmi in merito?
Grazie
Stefano
Hello,
This is really a must have tool.
The best I found is a two step procedure.
The script is postfix.transform.log that I found here (there is other
nice scripts) :
http://www.arschkrebs.de/postfix/scripts/
First step, Have a hash of the conversation :
# postfix.transform.log /var/log/mail.info | grep email@dom.tld
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]:
7E1627E003: to=<email@dom.tld>, relay=our-MX-IP[our-MX-IP]:25,
delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0
<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail
for delivery)
Second step, Show all log entries with that hash :
# postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:48 servername
postfix/smtpd[14202]: E5F187E002: client=clientserver[x.clientIP]
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:50 servername
postfix/cleanup[14414]: E5F187E002:
message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local>
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:54 servername postfix/qmgr[17373]:
E5F187E002: from=<sender@domain.tld>, size=19568, nrcpt=1 (queue active)
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtpd[9961]:
7E1627E003: client=localhost[127.0.0.1]
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername
postfix/cleanup[14075]: 7E1627E003:
message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local>
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]:
7E1627E003: from=<sender@domain.tld>, size=20035, nrcpt=1 (queue active)
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/lmtp[14421]:
E5F187E002: to=<email@domain.tld>, relay=127.0.0.1[127.0.0.1]:10024,
delay=9.3, delays=7.6/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok,
id=14533-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
7E1627E003)
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]:
E5F187E002: removed
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]:
7E1627E003: to=<email@domain.tld>, relay=our-MX-IP[our-MX-IP]:25,
delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0
<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail
for delivery)
[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]:
7E1627E003: removed
As you can see, it handles well amavisd-new intermediate delivery.
We also have policyd-weight, but it does show it. Not so bad, because
mails that are refused by policyd-weight don't have many lines in the logs.
Hope it helps.
Reply to: