Re: Informazioni Log Analyzer Postfix

To: debian-security@lists.debian.org
Subject: Re: Informazioni Log Analyzer Postfix
From: Gilles Mocellin <gilles.mocellin@nuagelibre.org>
Date: Tue, 04 Dec 2012 11:35:12 +0100
Message-id: <[🔎] 50BDD1E0.3090607@nuagelibre.org>
In-reply-to: <03557be40281bbd01898bfa4911605bf@zattara.org>
References: <03557be40281bbd01898bfa4911605bf@zattara.org>

Le 27/11/2012 11:53, Zattara Stefano a écrit :

Buongiorno a tutta la lista,
vi chiedo un consiglio riguardo un log analyzer per postfix.
Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili inpython.Quello che mi interesserebbe è riuscire a ricostruitre la "vita" diuna mail
dall'ingresso alla consegna o allo scarto per qualche motivo
( ingresso->postfix->antispam->filtri->consegna )

Qualunco ha qualche dritta da darmi in merito?


Grazie

Stefano

Hello,

This is really a must have tool.
The best I found is a two step procedure.

The script is postfix.transform.log that I found here (there is othernice scripts) :

http://www.arschkrebs.de/postfix/scripts/

First step, Have a hash of the conversation :
# postfix.transform.log /var/log/mail.info | grep email@dom.tld

[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]:7E1627E003: to=<email@dom.tld>, relay=our-MX-IP[our-MX-IP]:25,delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mailfor delivery)


Second step, Show all log entries with that hash :
# postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg

[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:48 servernamepostfix/smtpd[14202]: E5F187E002: client=clientserver[x.clientIP][hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:50 servernamepostfix/cleanup[14414]: E5F187E002:message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local>[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:54 servername postfix/qmgr[17373]:E5F187E002: from=<sender@domain.tld>, size=19568, nrcpt=1 (queue active)[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtpd[9961]:7E1627E003: client=localhost[127.0.0.1][hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servernamepostfix/cleanup[14075]: 7E1627E003:message-id=<497621310.7803.1354615169395.JavaMail._appserver@ws4.local>[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]:7E1627E003: from=<sender@domain.tld>, size=20035, nrcpt=1 (queue active)[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/lmtp[14421]:E5F187E002: to=<email@domain.tld>, relay=127.0.0.1[127.0.0.1]:10024,delay=9.3, delays=7.6/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok,id=14533-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as7E1627E003)[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]:E5F187E002: removed[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]:7E1627E003: to=<email@domain.tld>, relay=our-MX-IP[our-MX-IP]:25,delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0<497621310.7803.1354615169395.JavaMail._appserver@ws4.local> Queued mailfor delivery)[hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]:7E1627E003: removed


As you can see, it handles well amavisd-new intermediate delivery.

We also have policyd-weight, but it does show it. Not so bad, becausemails that are refused by policyd-weight don't have many lines in the logs.


Hope it helps.

Reply to:

Follow-Ups:
- Re: Informazioni Log Analyzer Postfix
  - From: Jason Fergus <leech@thefnords.org>

Prev by Date: AW: Informazioni Log Analyzer Postfix
Next by Date: Re: Informazioni Log Analyzer Postfix
Previous by thread: AW: Informazioni Log Analyzer Postfix
Next by thread: Re: Informazioni Log Analyzer Postfix
Index(es):
- Date
- Thread