Le 17/05/2012 00:51, Masegaloeh a écrit :
> Hi, Postfix List
>
> I would like to build the script which analyze maillog and produce a
> report of every email delivery. My server currently act as relay
> server between internal mail server and Internet. My final purpose,
> when I query a sender and/or recipient, I will know if the rejection
> occurs or not.
>
> As far as I know, the rejection would triggered in smtpd and cleanup.
> When analyze rejection on smtpd, we have no problem because the
> postfix will record sender and every recipient. But when header_checks
> and body_checks kicks in via cleanup daemon, the log just shows queue
> id, sender and *last recipient*. So if the message contains multiple
> recipient, I will not able to tracking every rejected recipient.
>
> To help understanding my problem, here the demo
>
> SMTP TRANSACTION:
> #telnet mx 25
> Trying 192.168.117.135...
> Connected to mx.domain.org.
> Escape character is '^]'.
> 220 ESMTP
> MAIL FROM:<f...@server.domain.org>
> 250 2.1.0 Ok
> RCPT TO:<us...@mx.domain.org>
> 250 2.1.5 Ok
> RCPT TO:<us...@mx.domain.org>
> 250 2.1.5 Ok
> RCPT TO:<us...@mx.domain.org>
> 250 2.1.5 Ok
> DATA
> 354 End data with <CR><LF>.<CR><LF>
> x-header: momomo
> test
> data
> .
> 550 5.7.1 GET OUT
>
> MAILLOG in postfix server
> May 16 17:30:14 mx postfix/smtpd[1308]: connect from
> server.domain.org[192.168.117.143]
> May 16 17:30:40 mx postfix/smtpd[1308]: 30EBB38A:
> client=server.domain.org[192.168.117.143]
> May 16 17:31:21 mx postfix/cleanup[1312]: 30EBB38A: reject: header
> x-header: momomo from server.domain.org[192.168.117.143];
> from=<f...@server.domain.org> to=<us...@mx.domain.org> proto=SMTP:
> 5.7.1 GET OUT
> May 16 17:34:59 mx postfix/smtpd[1308]: disconnect from
> server.domain.org[192.168.117.143]
>
> So, I expected that postfix keep logging that 3 recipient (user1,
> user2, user3) was rejected, not just user3. Can I achieved that? Or
> there is a other way?
> Thanks a lot for your answer
>
you can add a "WARN" rule in smtpd restrictions to log the full infos.
you can then correlate all the stuff.
here is an example (assuming a recent postfix. otherwise, adjust to your
version)
pcre=pcre:/etc/postfix/maps/pcre
smtpd_recipient_restrictions =
...
reject_unauth_destination
...
check_reverse_client_hostname_access ${pcre}/action_log
$ cat /etc/postfix/maps/pcre/action_log.pcre:
/(.*)/ WARN Transaction logged: PTR=$1
then you would see logs like:
... postfix/smtpd[65432]: NOQUEUE: warn: RCPT from
unknown[192.0.2.25]:59012: Transaction logged:
PTR=host.example.com; from=<j...@example.com>
to=<j...@example.net> proto=ESMTP helo=<host.example.com>
(the reason I use check_reverse_client_hostname_access is in case the
hostname is "unknown" but the IP has a PTR, as in this made-up example).
then your parser should check the pid (65432 in the example) and the
client IP (192.0.2.25 in the example). then get the queueid from the log
line that contains
... postfix/smtpd[65432]: 30EBB38A:
client=unknwon[192.0.2.25]
this gives you the queuid (30EBB38A in this example).
PS. if your postfix is recent, consider using
enable_long_queue_ids = yes
