On Tue, Apr 23, 2013 at 09:45:02PM +0200, Rolf E. Sonneveld wrote: > running Postfix 2.10.0, see for output postconf -n below. > > What I want to achieve is to track and trace a message from first > connection until final delivery, _including the client IP address_ > that enqueued the message. The queue ID is very useful to correlate > a number of log records. However, what I'm not sure about is the > following. > > At first connection, I see two log entries like, for example: > > Apr 23 20:26:38 helium postfix-cust1/smtpd[9220]: connect from > D57E1702.static.ziggozakelijk.nl[213.126.23.2] > Apr 23 20:26:38 helium postfix-cust1/smtpd[9220]: 3ZwCmG272nz1L8Zd: > client=D57E1702.static.ziggozakelijk.nl[213.126.23.2] > > Now, I wonder how unique the ID [9220] (BTW, what's this ID > called?) in the logfile is: can I be sure that, when I want to > correlate the sending IP address with the queue-ID, that this ID > [9220] is always unique?
It's the Unix PID (process ID) for that smtpd instance, and no, on systems which get even a very modest amount of traffic, it is guaranteed NOT to be unique. See postconf.5.html#max_idle and continue on through max_use. The first line is the connect, and at that point there is no queue ID yet assigned. But the second line seems to provide what you need: the client name/IP and queue ID. > I suppose it's not as it's rather short. > If it's not unique, is there another way to reliably trace a > messaging including the client IP address of the system that > sent the message to this Postfix instance? Perhaps you need to look at (and customize?) existing log parsing code such as pflogsumm.pl? I don't believe it supports multiple instances as it is, but there are workarounds, up to and including patching it. :) (A simpler approach might be to isolate the logs using a different $syslog_facility per instance.) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
