[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Informazioni Log Analyzer Postfix



On Tue, 2012-12-04 at 11:35 +0100, Gilles Mocellin wrote:
> Le 27/11/2012 11:53, Zattara Stefano a écrit :
> > Buongiorno a tutta la lista,
> > vi chiedo un consiglio riguardo un log analyzer per postfix.
> > Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili in 
> > python.
> > Quello che mi interesserebbe è riuscire a ricostruitre la "vita" di 
> > una mail
> > dall'ingresso alla consegna o allo scarto per qualche motivo
> > ( ingresso->postfix->antispam->filtri->consegna )
> >
> > Qualunco ha qualche dritta da darmi in merito?
> >
> >
> > Grazie
> >
> > Stefano
> >
> Hello,
> 
> This is really a must have tool.
> The best I found is a two step procedure.
> 
> The script is postfix.transform.log that I found here (there is other 
> nice scripts) :
> http://www.arschkrebs.de/postfix/scripts/
> 
> First step, Have a hash of the conversation :
> # postfix.transform.log /var/log/mail.info | grep email@dom.tld
> 
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername postfix/smtp[14106]: 
> 7E1627E003: to=<email@dom.tld>, relay=our-MX-IP[our-MX-IP]:25, 
> delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 
> <497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail 
> for delivery)
> 
> Second step, Show all log entries with that hash :
> # postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg
> 
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:48 servername 
> postfix/smtpd[14202]: E5F187E002: client=clientserver[x.clientIP]
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:50 servername 
> postfix/cleanup[14414]: E5F187E002: 
> message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local>
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:54 servername postfix/qmgr[17373]: 
> E5F187E002: from=<sender@domain.tld>, size=19568, nrcpt=1 (queue active)
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername postfix/smtpd[9961]: 
> 7E1627E003: client=localhost[127.0.0.1]
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername 
> postfix/cleanup[14075]: 7E1627E003: 
> message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local>
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername postfix/qmgr[17373]: 
> 7E1627E003: from=<sender@domain.tld>, size=20035, nrcpt=1 (queue active)
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername postfix/lmtp[14421]: 
> E5F187E002: to=<email@domain.tld>, relay=127.0.0.1[127.0.0.1]:10024, 
> delay=9.3, delays=7.6/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok, 
> id=14533-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 
> 7E1627E003)
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername postfix/qmgr[17373]: 
> E5F187E002: removed
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername postfix/smtp[14106]: 
> 7E1627E003: to=<email@domain.tld>, relay=our-MX-IP[our-MX-IP]:25, 
> delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 
> <497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mail 
> for delivery)
> [hdKa9YSKDVopgYp8K4XHXg] Dec  4 11:12:56 servername postfix/qmgr[17373]: 
> 7E1627E003: removed
> 
> As you can see, it handles well amavisd-new intermediate delivery.
> We also have policyd-weight, but it does show it. Not so bad, because 
> mails that are refused by policyd-weight don't have many lines in the logs.
> 
> Hope it helps.
> 
> 
> 
I generally just use 'less /var/log/mail.log' for the times that I need
to dive into a log to find the 'life' of it.  I guess the 'analyzer' is
my brain.  I do this for a living, and it's always served me well.  Sure
I also have summaries, and awstats, etc.  But when it comes to tracing
where an email went and if it was blocked by spam, or rejected from our
email server or from the destination, there really isn't much better
than less.  You can even pipe less through the syntax highlighting
program to 'colorize' the logs.  Though this seems to break the follow
functionality of less.  


Reply to: