On Sat, May 19, 2012 at 8:45 PM, mouss <mo...@ml.netoyen.net> wrote:
> Le 17/05/2012 00:51, Masegaloeh a écrit :
>> Hi, Postfix List
>>
>> I would like to build the script which analyze maillog and produce a
>> report of every email delivery. My server currently act as relay
>> server between internal mail server and Internet. My final purpose,
>> when I query a sender and/or recipient, I will know if the rejection
>> occurs or not.
>>
>> As far as I know, the rejection would triggered in smtpd and cleanup.
>> When analyze rejection on smtpd, we have no problem because the
>> postfix will record sender and every recipient. But when header_checks
>> and body_checks kicks in via cleanup daemon, the log just shows queue
>> id, sender and *last recipient*. So if the message contains multiple
>> recipient, I will not able to tracking every rejected recipient.
>>
>> To help understanding my problem, here the demo
>>
>> SMTP TRANSACTION:
>> #telnet mx 25
>> Trying 192.168.117.135...
>> Connected to mx.domain.org.
>> Escape character is '^]'.
>> 220 ESMTP
>> MAIL FROM:<f...@server.domain.org>
>> 250 2.1.0 Ok
>> RCPT TO:<us...@mx.domain.org>
>> 250 2.1.5 Ok
>> RCPT TO:<us...@mx.domain.org>
>> 250 2.1.5 Ok
>> RCPT TO:<us...@mx.domain.org>
>> 250 2.1.5 Ok
>> DATA
>> 354 End data with <CR><LF>.<CR><LF>
>> x-header: momomo
>> test
>> data
>> .
>> 550 5.7.1 GET OUT
>>
>> MAILLOG in postfix server
>> May 16 17:30:14 mx postfix/smtpd[1308]: connect from
>> server.domain.org[192.168.117.143]
>> May 16 17:30:40 mx postfix/smtpd[1308]: 30EBB38A:
>> client=server.domain.org[192.168.117.143]
>> May 16 17:31:21 mx postfix/cleanup[1312]: 30EBB38A: reject: header
>> x-header: momomo from server.domain.org[192.168.117.143];
>> from=<f...@server.domain.org> to=<us...@mx.domain.org> proto=SMTP:
>> 5.7.1 GET OUT
>> May 16 17:34:59 mx postfix/smtpd[1308]: disconnect from
>> server.domain.org[192.168.117.143]
>>
>> So, I expected that postfix keep logging that 3 recipient (user1,
>> user2, user3) was rejected, not just user3. Can I achieved that? Or
>> there is a other way?
>> Thanks a lot for your answer
>>
>
> you can add a "WARN" rule in smtpd restrictions to log the full infos.
> you can then correlate all the stuff.
>
> here is an example (assuming a recent postfix. otherwise, adjust to your
> version)
>
> pcre=pcre:/etc/postfix/maps/pcre
>
> smtpd_recipient_restrictions =
> ...
> reject_unauth_destination
> ...
> check_reverse_client_hostname_access ${pcre}/action_log
>
>
> $ cat /etc/postfix/maps/pcre/action_log.pcre:
> /(.*)/ WARN Transaction logged: PTR=$1
>
>
> then you would see logs like:
>
> ... postfix/smtpd[65432]: NOQUEUE: warn: RCPT from
> unknown[192.0.2.25]:59012: Transaction logged:
> PTR=host.example.com; from=<j...@example.com>
> to=<j...@example.net> proto=ESMTP helo=<host.example.com>
> (the reason I use check_reverse_client_hostname_access is in case the
> hostname is "unknown" but the IP has a PTR, as in this made-up example).
>
> then your parser should check the pid (65432 in the example) and the
> client IP (192.0.2.25 in the example). then get the queueid from the log
> line that contains
>
> ... postfix/smtpd[65432]: 30EBB38A:
> client=unknwon[192.0.2.25]
>
> this gives you the queuid (30EBB38A in this example).
>
>
Wow, your suggestion works :-)
I will try to write a code implementation soon .....
> PS. if your postfix is recent, consider using
> enable_long_queue_ids = yes
>
>
I will consider that
Thanks a lot :D
