Aleksandar Lazic wrote:
.
push (@{$related->{$uniq_key}->{'TO'}},$1.'@'.$2);
.
.
Of course if there is a better way for the correleation I'am open for
suggestion ;-)
The thing is that unless you have only one long-running qpsmtpd process,
you can't "see" the records from other instances.
Especially, say, with qpsmtpd-async with more than one child. In that
environment, you could have several thousand simultaneously open
sessions spread amongst dozens of separate qpsmtpd processes. They
can't see the other processes' memory spaces.
You'd have to push/pull the data to a centralized process. Eg: separate
daemon.
Ick. Mostly ;-)
Having a plugin fire a UDP packet to a daemon which collects, analyses
them, and stuffs 'em where qpsmtpd can get data back from (eg: a file)
would work.
My target is to have a 'hash' with:
Remote-IP
From
Rcpt(s)
Deliverd|Denyed
Session-time
Maybe I will need a 'collector' plugin which writes all data at the end
of the session.
Maybe I should clone the logging/syslog?
I'am not sure, due the fact that I haven't use sendmail for long time,
but sendmail had al this information in one line I think ;-)
In modern sendmail you need to grab three records to get a full record
of an email. Sendmail logs are a PITA.
But with a hacked log_terse plugin in qpsmtpd you will get one
easy-to-parse record with everything you want. My qpsmtpd
implementation only emits a single line to the logs per email (plus
occasional processing errors).
This is what mine collects (this is the PostgreSQL table definition) -
it's spat out in the logs with tab separation:
[tabs, newlines, and other non-printables within fields are translated
to hex escapes before log_terse prints 'em]
CREATE TABLE logs (
logtime TIMESTAMP,
server TEXT,
sessionid TEXT,
trantype TEXT,
remote_ip ip4,
remote_host TEXT,
hello_host TEXT,
mailfrom TEXT,
subject TEXT,
disposal TEXT,
reason TEXT,
rcpttocount INTEGER,
rcpttolist TEXT,
partition INTEGER,
size INTEGER,
transfer TEXT,
tls TEXT,
asn TEXT,
asninfo TEXT
);
