On Tue, 2012-12-04 at 11:35 +0100, Gilles Mocellin wrote: > Le 27/11/2012 11:53, Zattara Stefano a écrit : > > Buongiorno a tutta la lista, > > vi chiedo un consiglio riguardo un log analyzer per postfix. > > Ho già dato un'occhiata a pflogsum ed a varie interfaccie simili in > > python. > > Quello che mi interesserebbe è riuscire a ricostruitre la "vita" di > > una mail > > dall'ingresso alla consegna o allo scarto per qualche motivo > > ( ingresso->postfix->antispam->filtri->consegna ) > > > > Qualunco ha qualche dritta da darmi in merito? > > > > > > Grazie > > > > Stefano > > > Hello, > > This is really a must have tool. > The best I found is a two step procedure. > > The script is postfix.transform.log that I found here (there is other > nice scripts) : > http://www.arschkrebs.de/postfix/scripts/ > > First step, Have a hash of the conversation : > # postfix.transform.log /var/log/mail.info | grep [email protected] > > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]: > 7E1627E003: to=<[email protected]>, relay=our-MX-IP[our-MX-IP]:25, > delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 > <[email protected]> Queued mail > for delivery) > > Second step, Show all log entries with that hash : > # postfix.transform.log /var/log/mail.info | grep hdKa9YSKDVopgYp8K4XHXg > > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:48 servername > postfix/smtpd[14202]: E5F187E002: client=clientserver[x.clientIP] > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:50 servername > postfix/cleanup[14414]: E5F187E002: > message-id=<[email protected]> > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:54 servername postfix/qmgr[17373]: > E5F187E002: from=<[email protected]>, size=19568, nrcpt=1 (queue active) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtpd[9961]: > 7E1627E003: client=localhost[127.0.0.1] > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername > postfix/cleanup[14075]: 7E1627E003: > message-id=<[email protected]> > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: > 7E1627E003: from=<[email protected]>, size=20035, nrcpt=1 (queue active) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/lmtp[14421]: > E5F187E002: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, > delay=9.3, delays=7.6/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 Ok, > id=14533-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as > 7E1627E003) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: > E5F187E002: removed > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/smtp[14106]: > 7E1627E003: to=<[email protected]>, relay=our-MX-IP[our-MX-IP]:25, > delay=0.27, delays=0.05/0/0/0.21, dsn=2.6.0, status=sent (250 2.6.0 > <[email protected]> Queued mail > for delivery) > [hdKa9YSKDVopgYp8K4XHXg] Dec 4 11:12:56 servername postfix/qmgr[17373]: > 7E1627E003: removed > > As you can see, it handles well amavisd-new intermediate delivery. > We also have policyd-weight, but it does show it. Not so bad, because > mails that are refused by policyd-weight don't have many lines in the logs. > > Hope it helps. > > > I generally just use 'less /var/log/mail.log' for the times that I need to dive into a log to find the 'life' of it. I guess the 'analyzer' is my brain. I do this for a living, and it's always served me well. Sure I also have summaries, and awstats, etc. But when it comes to tracing where an email went and if it was blocked by spam, or rejected from our email server or from the destination, there really isn't much better than less. You can even pipe less through the syntax highlighting program to 'colorize' the logs. Though this seems to break the follow functionality of less.
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
