[pfx] Re: Precision of time in Postfix log files

[Wietse Venema via Postfix-users]

Peter Uetrecht via Postfix-users:
> Hello list,
> 
> is the precision of time in Postfix log files (version 3.8.4) configurable
> (microseconds or milliseconds)?

Postfix does not generate the timestamp for logfiles written by
syslogd or equivalent. That is done by the syslog(3) system library
function.

To group related records together, see the collate script in the
Postfix source tarball in the auxiliary/collate directory.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Precision of time in Postfix log files

[Peter Uetrecht via Postfix-users]

Hello list,

is the precision of time in Postfix log files (version 3.8.4) configurable
(microseconds or milliseconds)?

Thanks in advance
Peter
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Re: Strange thing in Postfix log?

[Viktor Dukhovni]

On Mon, Aug 22, 2022 at 11:42:38PM +0200, Jaroslaw Rafa wrote:
> Hello,
> this just appeared in my Postfix log:
> 
> Aug 22 23:35:50 rafa postfix/smtpd[28891]: connect from unknown[unknown]
> Aug 22 23:35:50 rafa postfix/smtpd[28891]: lost connection after CONNECT from 
> unknown[unknown]
> Aug 22 23:35:50 rafa postfix/smtpd[28891]: disconnect from unknown[unknown]
> 
> I don't understand the "unknown[unknown]" part. The square brackets should
> normally contain the IP address of the connecting client. Why is "unknown"
> there? How is it possible that Postfix did not recognize the connecting IP?

The connection was reset before Postfix finished accepting it.  The
kernel did not report the peer address, because the peer was already
gone.  Perhaps an nmap scan, or a *very* impatient client.

-- 
Viktor.

Strange thing in Postfix log?

[Jaroslaw Rafa]

Hello,
this just appeared in my Postfix log:

Aug 22 23:35:50 rafa postfix/smtpd[28891]: connect from unknown[unknown]
Aug 22 23:35:50 rafa postfix/smtpd[28891]: lost connection after CONNECT from 
unknown[unknown]
Aug 22 23:35:50 rafa postfix/smtpd[28891]: disconnect from unknown[unknown]

I don't understand the "unknown[unknown]" part. The square brackets should
normally contain the IP address of the connecting client. Why is "unknown"
there? How is it possible that Postfix did not recognize the connecting IP?
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Display relevant message-id for all postfix log lines

[Bill Cole]

On 7 Apr 2021, at 10:25, sandeep pawar wrote:


Hi,

I am using multiple postfix mta instance for internal relaying 
purpose. I
am sending postfix logs to ELK and was wondering if it would be 
possible to
display message-id in each log line. This could help in various kind 
of

searches.


As Rob McGee noted, the message-id is a part of message data and can't 
be known by Postfix until the message data has been transferred, i.e. 
the end of the DATA stage. It also may not exist in a message when 
received, as it is not a mandatory header.


Postfix also uses (and logs) a "queue ID" which is distinct from the 
message-id and can be created for a transaction before DATA, because it 
is unique to a message that is or will be in the Postfix queue. By 
default, Postfix does not create a queue ID until it has one valid 
recipient, logging some events with 'NOQUEUE' where appropriate. To make 
Postfix create that ID at the MAIL FROM stage, you can set 
smtpd_delay_open_until_valid_rcpt to 'no'. You can use that ID 
(typically 10 hex digits) to correlate log lines associated with one 
SMTP transaction.


Note that by default the queue ID is unique enough in practice but is 
not absolutely guaranteed to be unique over extended periods. I have 
seen one case of an ID repeating in the same day on a very busy Postfix 
machine.  If you want absolutely unique queue IDs you can set 
enable_long_queue_ids to 'yes' and get a longer ID (typically 16 
alphanumeric characters) which can never be repeated. With that you also 
get monotonically increasing queue IDs.


However, Postfix will always log some lines without any easy means of 
correlation to a message. Any event before a MAIL FROM command has been 
accepted or after a RSET has occurred is logically distinct from any 
particular message, because multiple messages can be sent on one 
connection. Any correlation of log lines for Postfix must recognize the 
hierarchical nature of how SMTP is handled by Postfix and of how SMTP 
works. Each smtpd process can handle multiple connections, each 
connection can contain multiple SMTP transactions, and each SMTP 
transaction can have multiple recipient addresses.



Is there any configuration which can be tweaked to for custom logging.


Nothing beyond the documented *_loglevel parameters related to TLS 
logging which are documented in the postconf(5) man page. You can get 
spectacularly verbose logs with '-v' options to Postfix components, but 
that is usually not worth the noise and the formt of individual log 
lines is fixed.


One way to get single log lines with everything interesting about a 
message is to run a milter that can do that. For example: I use 
MIMEDefang, which can execute arbitrary Perl at each stage of the milter 
protocol and also has built-in logging utilities. On my personal system, 
I log a single huge line at the end of each transaction with all of the 
transaction parameters, the SpamAssassin score, and even the Subject.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: Display relevant message-id for all postfix log lines

[Rob McGee]

On 2021-04-07 09:25, sandeep pawar wrote:

I am using multiple postfix mta instance for internal relaying
purpose. I am sending postfix logs to ELK and was wondering if it
would be possible to display message-id in each log line. This
could help in various kind of searches.


Note that the message body does not exist until the SMTP DATA
command has completed.  (Yes, headers are included here.)  So
anything logged before DATA cannot know the Message-Id: header.


Is there any configuration which can be tweaked to for custom
logging.


Not that I know of, and the above limitation is unavoidable in
Postfix.  Your workaround would be some script to post-process
your logs.
--
  http://rob0.nodns4.us/

Display relevant message-id for all postfix log lines

[sandeep pawar]

Hi,

I am using multiple postfix mta instance for internal relaying purpose. I
am sending postfix logs to ELK and was wondering if it would be possible to
display message-id in each log line. This could help in various kind of
searches.

Is there any configuration which can be tweaked to for custom logging.

Thanks
Sandy

Re: Postfix log

[Enrico Morelli]

On Fri, 9 Aug 2019 12:11:35 +0200
Matus UHLAR - fantomas  wrote:

> On 09.08.19 11:56, Enrico Morelli wrote:
> >I'll try to put
> >
> >   postrotate
> > /usr/lib/rsyslog/rsyslog-rotate
> >   endscript
> >
> >in my postfix logrotate script to see if it works.  
> 
> don't. Simply look what's in /etc/logrotate.d/*syslog*
> it should contain /var/log/mail. files
> 

Yes, I know. But I've to maintain the log for a long time, so I created
a logrotate script that worked with the previous version of
Debian/Postfix. Now I encounter the problem described in this post.

-- 
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Re: Postfix log

[Matus UHLAR - fantomas]

On 09.08.19 11:56, Enrico Morelli wrote:

I'll try to put

  postrotate
/usr/lib/rsyslog/rsyslog-rotate
  endscript

in my postfix logrotate script to see if it works.


don't. Simply look what's in /etc/logrotate.d/*syslog*
it should contain /var/log/mail. files

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.

Re: Postfix log

[Matus UHLAR - fantomas]

On 09.08.19 09:32, Enrico Morelli wrote:

I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12
to 3.4.5. I'm checking log with multitail in real time and with the new
postfix version, I've a strange behavior. When the logs rotate, postfix
continues to write in the old file renamed mail.log.1 instead of the
new mail.log. I've to restart postfix to solve the problem.

I created a postfix file in logrotate.d, as the following, that worked
before the update:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log {
weekly
missingok
notifempty
delaycompress
compress
 create 640 root adm
rotate 3650
size 10M
}

Any suggestion?


those files are written by syslog server, and should be rotated in syslog,
not postfix logrotate config file. It's the one that causes syslog to reopen
log files when they are rotated.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges.

Re: Postfix log

[Enrico Morelli]

On Fri, 9 Aug 2019 11:17:26 +0200
Alexander Wirt  wrote:

> On Fri, 09 Aug 2019, Benny Pedersen wrote:
> 
> Hi,
> 
> > > Thanks, postscript is not part of the Debian package. I'll try to
> > > put: service postfix restart  
> > 
> > this is not working, postfix send logs to syslogd, so restarting
> > postfix is not what to do, restart the syslogd will work
> > 
> > please create a bug on debian so it can be resolved, its default
> > logrotate problem that does not restart syslogd  
> The default syslogd (rsyslogd) in debian does that:
> 
> /var/log/mail.info
> /var/log/mail.warn
> /var/log/mail.err
> /var/log/mail.log
> /var/log/daemon.log
> /var/log/kern.log
> /var/log/auth.log
> /var/log/user.log
> /var/log/lpr.log
> /var/log/cron.log
> /var/log/debug
> /var/log/messages
> {
> rotate 4
> weekly
> missingok
> notifempty
> compress
> delaycompress
> sharedscripts
> postrotate
> /usr/lib/rsyslog/rsyslog-rotate
> endscript
> }
> 
> cat /usr/lib/rsyslog/rsyslog-rotate
> #!/bin/sh
> 
> if [ -d /run/systemd/system ]; then
> systemctl kill -s HUP rsyslog.service
> else
> invoke-rc.d rsyslog rotate > /dev/null
> fi
> 
> 

I'll try to put 

   postrotate
 /usr/lib/rsyslog/rsyslog-rotate
   endscript

in my postfix logrotate script to see if it works.

-- 
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Re: Postfix log

[Alexander Wirt]

On Fri, 09 Aug 2019, Benny Pedersen wrote:

Hi,

> > Thanks, postscript is not part of the Debian package. I'll try to put:
> > service postfix restart
> 
> this is not working, postfix send logs to syslogd, so restarting postfix is
> not what to do, restart the syslogd will work
> 
> please create a bug on debian so it can be resolved, its default logrotate
> problem that does not restart syslogd
The default syslogd (rsyslogd) in debian does that:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}

cat /usr/lib/rsyslog/rsyslog-rotate
#!/bin/sh

if [ -d /run/systemd/system ]; then
systemctl kill -s HUP rsyslog.service
else
invoke-rc.d rsyslog rotate > /dev/null
fi

Re: Postfix log

[Benny Pedersen]

Enrico Morelli skrev den 2019-08-09 10:45:


Thanks, postscript is not part of the Debian package. I'll try to put:
service postfix restart


this is not working, postfix send logs to syslogd, so restarting postfix 
is not what to do, restart the syslogd will work


please create a bug on debian so it can be resolved, its default 
logrotate problem that does not restart syslogd

Re: Postfix log

[Enrico Morelli]

On Fri, 9 Aug 2019 08:18:21 +
Matthew Lowy  wrote:

> Hi Enrico,
> 
> I can't speak for why postscript behaviour has changed, but this is a
> known issue for other applications that hold a file open across time
> instead of opening it to write / closing it after write. Logrotate
> allows you to put in a postrotate / endscript sequence that can be
> used to make the application do whatever is necessary to make it
> re-open it's log file (or anything else...)  Any lines between the
> line containing 'postrotate' and the line containing 'endscript' will
> be run after the rotate job has rotated the files. So in between you
> can stop / start postfix or restart postfix or any other action that
> can cause it to re-process it's log file.
> 
> For example...
> postrotate
> service postscript restart
> endscript
> 
> someone else might know if postscript will handle kill -HUP (kill -1)
> correctly (I'm running an older version of postscript that doesn't
> exhibit this behaviour, it handles the log being switched under it
> just fine) or you could try it out.
> 

Thanks, postscript is not part of the Debian package. I'll try to put:
service postfix restart


> ML
> 
> -Original Message-
> From: owner-postfix-us...@postfix.org
>  On Behalf Of Enrico Morelli Sent:
> 09 August 2019 08:33 To: postfix-users@postfix.org
> Subject: Postfix log
> 
> Dear,
> 
> I upgraded Debian from version 9 to 10 and consequently postfix
> 3.1.12 to 3.4.5. I'm checking log with multitail in real time and
> with the new postfix version, I've a strange behavior. When the logs
> rotate, postfix continues to write in the old file renamed mail.log.1
> instead of the new mail.log. I've to restart postfix to solve the
> problem.
> 
> I created a postfix file in logrotate.d, as the following, that
> worked before the update:
> 
> /var/log/mail.info
> /var/log/mail.warn
> /var/log/mail.err
> /var/log/mail.log {
>   weekly
>   missingok
>   notifempty
>   delaycompress
>   compress
>   create 640 root adm
>   rotate 3650
>   size 10M
> }
> 
> Any suggestion?
> 
> --
> ---
>   Enrico Morelli
>   System Administrator | Programmer | Web Developer
> 
>   CERM - Polo Scientifico
>   via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
> 



-- 
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

RE: Postfix log

[Matthew Lowy]

Hi Enrico,

I can't speak for why postscript behaviour has changed, but this is a known 
issue for other applications that hold a file open across time instead of 
opening it to write / closing it after write. Logrotate allows you to put in a 
postrotate / endscript sequence that can be used to make the application do 
whatever is necessary to make it re-open it's log file (or anything else...)  
Any lines between the line containing 'postrotate' and the line containing 
'endscript' will be run after the rotate job has rotated the files. So in 
between you can stop / start postfix or restart postfix or any other action 
that can cause it to re-process it's log file.

For example...
postrotate
service postscript restart
endscript

someone else might know if postscript will handle kill -HUP (kill -1) correctly 
(I'm running an older version of postscript that doesn't exhibit this 
behaviour, it handles the log being switched under it just fine) or you could 
try it out.

ML

-Original Message-
From: owner-postfix-us...@postfix.org  On 
Behalf Of Enrico Morelli
Sent: 09 August 2019 08:33
To: postfix-users@postfix.org
Subject: Postfix log

Dear,

I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12 to 
3.4.5. I'm checking log with multitail in real time and with the new postfix 
version, I've a strange behavior. When the logs rotate, postfix continues to 
write in the old file renamed mail.log.1 instead of the new mail.log. I've to 
restart postfix to solve the problem.

I created a postfix file in logrotate.d, as the following, that worked before 
the update:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log {
weekly
missingok
notifempty
delaycompress
compress
  create 640 root adm
rotate 3650
size 10M
}

Any suggestion?

--
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Postfix log

[Enrico Morelli]

Dear,

I upgraded Debian from version 9 to 10 and consequently postfix 3.1.12
to 3.4.5. I'm checking log with multitail in real time and with the new
postfix version, I've a strange behavior. When the logs rotate, postfix
continues to write in the old file renamed mail.log.1 instead of the
new mail.log. I've to restart postfix to solve the problem.

I created a postfix file in logrotate.d, as the following, that worked
before the update:

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log {
weekly
missingok
notifempty
delaycompress
compress
  create 640 root adm
rotate 3650
size 10M
}

Any suggestion?

-- 
---
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY

Re: Duplicate spamd lines in Postfix log file

[Bill Cole]

On 30 Jun 2019, at 9:36, dpjanda wrote:

It sure is is, and that's why I posted the original question here. As 
it
could, perhaps, be an error on my part how I call it from POSTFIX, so 
I

thought I would ask the question here, first.


The us...@spamassassin.apache.org list would be a far better place for 
it, as this is entirely about spamd, a component of SpamAssasssin.


Having written some of the code involved in spamd switching to specific 
users, I believe that what you're seeing is normal, at least for some 
configurations. As I am not currently working with any system that uses 
spamd with per-user configurations, I am hesitant to make a definitive 
assertion.


I am almost certain that you can get a more definitive answer on the 
right mailing list.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: Duplicate spamd lines in Postfix log file

[dpjanda]

Thanks Matus

In main.cf

virtual_transport=spamass-dovecot

In master.cf

spamass-dovecot unix - n   n   -   -   pipe
  flags=DRhu user=vmail:vmail argv=/usr/bin/spamc -u spamd -e
/usr/lib/dovecot/deliver -d ${recipient}

I hope this helps.

Regards



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Re: Duplicate spamd lines in Postfix log file

[Matus UHLAR - fantomas]

On 30.06.19 06:36, dpjanda wrote:

It sure is is, and that's why I posted the original question here. As it
could, perhaps, be an error on my part how I call it from POSTFIX, so I
thought I would ask the question here, first.


you have not attached any information about how you call spamd from postfix.
However, only process 2142 seems to be related to the mail you are
receiving.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod

Re: Duplicate spamd lines in Postfix log file

[dpjanda]

It sure is is, and that's why I posted the original question here. As it
could, perhaps, be an error on my part how I call it from POSTFIX, so I
thought I would ask the question here, first.



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Re: Duplicate spamd lines in Postfix log file

[Wietse Venema]

dpjanda:
> Thanks.
> 
> Yes, I should have clarified that my log file is from multiple sources.
> Sorry about that.
> 
> Is it normal to have more than one spamd process per message?

This is the POSTFIX mailing list.

Re: Duplicate spamd lines in Postfix log file

[dpjanda]

Thanks.

Yes, I should have clarified that my log file is from multiple sources.
Sorry about that.

Is it normal to have more than one spamd process per message?

Regards



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Re: Duplicate spamd lines in Postfix log file

[Wietse Venema]

dpjanda:
> Jun 29 09:20:10 email spamd[1101]: util: setuid: ruid=5001 euid=5001
> rgid=5001 5001 5001 egid=5001 5001 5001
> Jun 29 09:20:15 email spamd[1102]: util: setuid: ruid=5001 euid=5001
> rgid=5001 5001 5001 egid=5001 5001 5001

First, these lines are logged by different spamd processes.

Second, this is not a Postfix logfile. It's a file that contains
logging from multiple programs.

Wietser

Duplicate spamd lines in Postfix log file

[dpjanda]

Greetings

I hope someone can help with what is not a problem as such, but a query. In
every Spamassassin (spamd) exchange there appears to be two lines that are
*almost* identicle.

Jun 29 09:20:09 email spamd[2142]: spamd: connection from ::1 [::1]:57558 to
port 783, fd 5
Jun 29 09:20:09 email spamd[2142]: spamd: processing message
<20190627140139?thesys...@tastecard.co.uk> for spamd:5001
Jun 29 09:20:10 email spamd[1101]: util: setuid: ruid=5001 euid=5001
rgid=5001 5001 5001 egid=5001 5001 5001
Jun 29 09:20:15 email spamd[1102]: util: setuid: ruid=5001 euid=5001
rgid=5001 5001 5001 egid=5001 5001 5001
Jun 29 09:20:18 email spamd[2142]: spamd: identified spam (3.0/3.0) for
spamd:5001 in 8.4 seconds, 16236 bytes.
Jun 29 09:20:18 email spamd[2142]: spamd: result: Y 3 - blah blah blah
Jun 29 09:20:18 email spamd[1550]: prefork: child states: II

It's the util: setuid lines. As stated, all is well, but can someone tell me
why this is the case, and if there is an actual problem?

Many thanks

dpjanda



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html

Looking for an 'easy' postfix log file analysis tool

[Admin Beckspaced]

Hello there ;)

I'm looking for a simple, clean & easy logfile analysis tool for postfix 
logs.


I'm runing postfix 3.2 on an opensuse box

I found a listing here: http://www.postfix.org/addon.html#logfile

already had a look at mailgraph as it looked promising with the 
graphical charts.

but while trying to setup it had a problem parsing the postfix log entries.

Error: the entry is not in syslog format

as far as I remember the box running postfix is using the rsyslog daemon

then also had a look at AWStats but here the maillogvonverter.pl perl 
script wasn't able to parse the postfix log entries
perhaps there's  some incompatibility with postfix 3.2 version and the 
perl script?

just couldn't bring it to run ...

I do run the pflogsumm script, which gives me at least some info about 
what postfix is doing.

but i would like something displaying  daily / monthly / yearly stats

anyone can recommend a simple, clean & easy logfile analysis tool for 
postfix logs?


thanks & greetings
Becki

Re: postfix log in mysql

[joao reis]

I save correlated logs from postfix (and milter daemons) in mongodb.

https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-destinations-mongodb.html
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-pattern-databases.html

In one registry I can get all information about delivery that I need and 
nothing more:


{
"_id" : ObjectId("5991fbb0c2544d511c3a5290"),
"TO" : "xxx...@domain.com",
"SUBJECT" : 
"KEdSVVBPIE1QRSkgQXJxdWl2byBkZSBSZW1lc3NhIGRvIGRpYTogMTAvMDgvMjAxNw==",

"STATUS_AT" : ISODate("2017-08-14T19:36:16.000Z"),
"STATUS" : "sent",
"SIZE" : 2918,
"SERVER" : "submitter31.zyx.net",
"SASLAUTH" : "a...@o62.xyz.net",
"RETURNPATH" : "sup...@xyz.com",
"RELAY_IP" : "168.0.0.0",
"RELAY_HOST" : "relay..com.br",
"REASON" : "(250 OK id=1dhLEB-03037zm-MD)",
"QUEUEID_CUST" : "None",
"QUEUEID" : "024D781B27AC",
"FROM" : "sup...@xyz.com",
"DSN" : "2.0.0",
"DELAY" : "8.6",
"CLIENTIP" : "177.7.7.7",
"BEGIN_AT" : ISODate("2017-08-14T19:36:08.000Z")
}

much cleaner and simpler than logstash, either rsyslog and syslog-ng 
clients connect to the log server without any other external software 
and it is working very well.


Joao Reis.


On 08/29/2017 05:51 AM, Kev wrote:

You might want to look into something like the Logstash 
(https://www.elastic.co/products/logstash).

looks promising! thanks you!

On Mon, 28 Aug 2017 10:11:14 -0600
James Reynolds  wrote:


You might want to look into something like the Logstash 
(https://www.elastic.co/products/logstash).

James


On Aug 27, 2017, at 9:51 PM, Kev  wrote:

Hi postfixers,

We have spam filter servers for our down, 5 of them to be exact. we use
amavisd, bitdefender & clamav for spam and virus filter.

we have a self help portal done in php/mysql for users to manage
whitelist/blacklist etc, now i want to allow users to check there email
logs to they can find if any wanted email is blocked,

so the question is, how can i log postfix to a mysql db where i can write
an interface for users to search for email and see what did the
blocking, such as rbl, amavis etc ?

ive seen some solutions to use syslog in to mysql but i was thinking
something much simpler where i will still have logs in place even if
mysql fails.

rgds

Re[2]: postfix log in mysql

[Kev]

> You might want to look into something like the Logstash 
> (https://www.elastic.co/products/logstash).  

looks promising! thanks you!

On Mon, 28 Aug 2017 10:11:14 -0600
James Reynolds  wrote:

> You might want to look into something like the Logstash 
> (https://www.elastic.co/products/logstash).  
> 
> James
> 
> > On Aug 27, 2017, at 9:51 PM, Kev  wrote:
> > 
> > Hi postfixers,
> > 
> > We have spam filter servers for our down, 5 of them to be exact. we use
> > amavisd, bitdefender & clamav for spam and virus filter. 
> > 
> > we have a self help portal done in php/mysql for users to manage
> > whitelist/blacklist etc, now i want to allow users to check there email
> > logs to they can find if any wanted email is blocked,
> > 
> > so the question is, how can i log postfix to a mysql db where i can write
> > an interface for users to search for email and see what did the
> > blocking, such as rbl, amavis etc ? 
> > 
> > ive seen some solutions to use syslog in to mysql but i was thinking
> > something much simpler where i will still have logs in place even if
> > mysql fails.
> > 
> > rgds
> > 
> > 

Re: postfix log in mysql

[James Reynolds]

You might want to look into something like the Logstash 
(https://www.elastic.co/products/logstash).  

James

> On Aug 27, 2017, at 9:51 PM, Kev  wrote:
> 
> Hi postfixers,
> 
> We have spam filter servers for our down, 5 of them to be exact. we use
> amavisd, bitdefender & clamav for spam and virus filter. 
> 
> we have a self help portal done in php/mysql for users to manage
> whitelist/blacklist etc, now i want to allow users to check there email
> logs to they can find if any wanted email is blocked,
> 
> so the question is, how can i log postfix to a mysql db where i can write
> an interface for users to search for email and see what did the
> blocking, such as rbl, amavis etc ? 
> 
> ive seen some solutions to use syslog in to mysql but i was thinking
> something much simpler where i will still have logs in place even if
> mysql fails.
> 
> rgds
> 
> 

Re: postfix log in mysql

[Christian Kivalo]

Am 28. August 2017 05:51:10 MESZ schrieb Kev :
>Hi postfixers,
>
>We have spam filter servers for our down, 5 of them to be exact. we use
>amavisd, bitdefender & clamav for spam and virus filter. 
>
>we have a self help portal done in php/mysql for users to manage
>whitelist/blacklist etc, now i want to allow users to check there email
>logs to they can find if any wanted email is blocked,
>
>so the question is, how can i log postfix to a mysql db where i can
>write
>an interface for users to search for email and see what did the
>blocking, such as rbl, amavis etc ? 
>
>ive seen some solutions to use syslog in to mysql but i was thinking
>something much simpler where i will still have logs in place even if
>mysql fails.
Most syslog daemons can write to more than one output stream so besides 
absorbing your logs with mysql additionally you could keep logging to file and 
have your logs as normal. 
>rgds

-- 
Christian Kivalo

postfix log in mysql

[Kev]

Hi postfixers,

We have spam filter servers for our down, 5 of them to be exact. we use
amavisd, bitdefender & clamav for spam and virus filter. 

we have a self help portal done in php/mysql for users to manage
whitelist/blacklist etc, now i want to allow users to check there email
logs to they can find if any wanted email is blocked,

so the question is, how can i log postfix to a mysql db where i can write
an interface for users to search for email and see what did the
blocking, such as rbl, amavis etc ? 

ive seen some solutions to use syslog in to mysql but i was thinking
something much simpler where i will still have logs in place even if
mysql fails.

rgds

Re: How do you add LOGLEVEL labels to Postfix log output?

[Bill Shirley]

Is there some specific text that rsyslog can key off of?  I use this for
Shorewall and dhcpd (right after the  RULES  line):
if $msg contains 'Shorewall' then {
  action(type="omfile" file="/var/log/shorewall.log")
  if ($syslogfacility == 0 and $syslogseverity >= 6) then stop  # info
}

if $programname == 'dhcpd' then {
  action(type="omfile" file="/var/log/dhcpd.log")
#  if $syslogseverity >= 4 then stop# warning
#  if $syslogseverity >= 5 then stop# notice
  if $syslogseverity >= 6 then stop # info
  if $msg contains 'incoming update is less critical than outgoing update' then 
stop
}
The first rule logs all Shorewall messages to /var/log/shorewall.log.  Any
message more severe than 'info' is allowed to pass on to the other rules
which for me, will also log in /var/log/messages.

The second rule is similar.

I don't know what a Postfix debug message looks like.  But something like:
if $programname == 'postfix' and $msg contains 'debug' then {
  action(type="omfile" file="/var/log/postfix-debug.log")
  stop
}
might work for you.

Bill


On 8/19/2017 11:31 PM, yodel...@yepmail.net wrote:

Hello,

On Sat, Aug 19, 2017, at 06:58 PM, Viktor Dukhovni wrote:

That said, both regular and debug logging in Postfix are logged
at the "info" level, Postfix does not use the syslog "debug" log
level.  Therefore, built-in syslog log filtering cannot isolate
just the debug messages from Postfix

Okay so the answer sounds lika a "no".  Thanks for letting me know.  I'll have 
to figure something else out.


but as Noel points out, you really should not have Postfix debug logging 
enabled on a
routine basis.

It's there for a reason isn't it?  I use it when there's a problem and I need 
more information.  It's great having that level of detail.  It's helped me 
solve a bunch of problems for specific domains without drowning in a flood of 
useless detail for all domains.  When then problem's solved I turn it off for 
that domain and move on.  I honestly don't see what the problem is using 
debugging facility that's provided when it provides the info you need to solve 
the problem.  Personally I see that as a great, helpful feature.

Re: How do you add LOGLEVEL labels to Postfix log output?

[yodeller]

Hello,

On Sat, Aug 19, 2017, at 06:58 PM, Viktor Dukhovni wrote:
> That said, both regular and debug logging in Postfix are logged
> at the "info" level, Postfix does not use the syslog "debug" log
> level.  Therefore, built-in syslog log filtering cannot isolate
> just the debug messages from Postfix

Okay so the answer sounds lika a "no".  Thanks for letting me know.  I'll have 
to figure something else out.

> but as Noel points out, you really should not have Postfix debug logging 
> enabled on a
> routine basis.

It's there for a reason isn't it?  I use it when there's a problem and I need 
more information.  It's great having that level of detail.  It's helped me 
solve a bunch of problems for specific domains without drowning in a flood of 
useless detail for all domains.  When then problem's solved I turn it off for 
that domain and move on.  I honestly don't see what the problem is using 
debugging facility that's provided when it provides the info you need to solve 
the problem.  Personally I see that as a great, helpful feature.

Re: How do you add LOGLEVEL labels to Postfix log output?

[Viktor Dukhovni]

> On Aug 19, 2017, at 11:31 PM, yodel...@yepmail.net wrote:
> 
>> but as Noel points out, you really should not have Postfix debug logging 
>> enabled on a
>> routine basis.
> 
> It's there for a reason isn't it?  I use it when there's a problem and I need 
> more information.  It's great having that level of detail.  It's helped me 
> solve a bunch of problems for specific domains without drowning in a flood of 
> useless detail for all domains. When then problem's solved I turn it off for 
> that domain and move on.  I honestly don't see what the problem is using 
> debugging facility that's provided when it provides the info you need to 
> solve the problem.  Personally I see that as a great, helpful feature.

Indeed it is useful as needed from time to time.  If you don't
have debug logging turned on all the time, you're fine.  The
debug logs do end up intermixed with regular Postfix "info"
logging when enabled.  There's not much you can do about that.

-- 
Viktor.

Re: How do you add LOGLEVEL labels to Postfix log output?

[Viktor Dukhovni]

> On Aug 19, 2017, at 9:07 PM, Wietse Venema  wrote:
> 
>> Sorry, not configurable other than patching the source.
> 
> The logging level is specified via the syslog protocol. Every
> syslog-compatible server (syslogd, etc.) will allow you to configure
> handling that depends on the logging level.

That said, both regular and debug logging in Postfix are logged
at the "info" level, Postfix does not use the syslog "debug" log
level.  Therefore, built-in syslog log filtering cannot isolate
just the debug messages from Postfix, but as Noel points out,
you really should not have Postfix debug logging enabled on a
routine basis.

-- 
Viktor.

Re: How do you add LOGLEVEL labels to Postfix log output?

[Wietse Venema]

Noel Jones:
> On 8/19/2017 3:53 PM, yodel...@yepmail.net wrote:
> > Hello,
> > 
> > I use Postfix's per-domain debug logging a lot.
> 
> 
> Why?  The general opinion here is everything important is already in
> the normal logs, and the debug logs usually just make it hard to
> find the real problem among the noise.  Is there some specific event
> that maybe needs to be included in the normal logs?
> 
> > I want to redirect the debug-level log info into it's own file.
> > 
> > There's no label in my postfix logs of what loglevel each line is being 
> > generated at.
> 
> Sorry, not configurable other than patching the source.

The logging level is specified via the syslog protocol. Every
syslog-compatible server (syslogd, etc.) will allow you to configure
handling that depends on the logging level.

Wietse

Re: How do you add LOGLEVEL labels to Postfix log output?

[Noel Jones]

On 8/19/2017 3:53 PM, yodel...@yepmail.net wrote:
> Hello,
> 
> I use Postfix's per-domain debug logging a lot.


Why?  The general opinion here is everything important is already in
the normal logs, and the debug logs usually just make it hard to
find the real problem among the noise.  Is there some specific event
that maybe needs to be included in the normal logs?

> I want to redirect the debug-level log info into it's own file.
> 
> There's no label in my postfix logs of what loglevel each line is being 
> generated at.

Sorry, not configurable other than patching the source.



  -- Noel Jones

How do you add LOGLEVEL labels to Postfix log output?

[yodeller]

Hello,

I use Postfix's per-domain debug logging a lot.

My configuration's got

parent_domain_matches_subdomains = debug_peer_list
debug_peer_list = pcre:/etc/postfix/debug_peer_list.pcre
debug_peer_level = 1
debugger_command =
  PATH=/bin:/usr/bin:/usr/local/bin:
  ddd /usr/libexec/postfix/${process_name} ${process_id} & sleep 5

For the domains in the peer list all the debug level logging still goes into 
the systemd journal and I pull out postfix-specific entries with rsyslog into 
my main postfix log, /var/log/postfix/postfix.log

It's all good!

But it's getting noisy in there.

I want to redirect the debug-level log info into it's own file.

There's no label in my postfix logs of what loglevel each line is being 
generated at.

Is there a way to customize the log format to add a loglevel label to the logs? 
 How & where would you configure that?

Thanks alot.

Re: Make postfix log to show how sender rewriting happens

[Burn Zero]

Thank you so much for the info and it works now. :)

On Fri, Dec 23, 2016 at 7:59 PM, /dev/rob0  wrote:

> > On Tue, Dec 20, 2016 at 7:35 PM, Viktor Dukhovni
> >  wrote:
> > >
> > > > On Dec 20, 2016, at 12:53 AM, Burn Zero 
> > > > wrote:
> > > >
> > > > As you can see the orig_to parameter shows the original id to
> > > > which the email was sent and the to= parameter explains the
> > > > rewritten email id. I can clearly see the email rewriting
> > > > happened. Similarly, I want to get the log entries for sender
> > > > rewrite.
> > >
> > > You can cause the envelope sender to be logged via the INFO
> > > action of access(5):
> > >
> > > main.cf:
> > > smtpd_end_of_data_restrictions =
> > > check_sender_access static:INFO
> > >
> On Fri, Dec 23, 2016 at 04:36:56PM +0530, Burn Zero wrote:
> > Thank you. But when I use
> >
> > smtpd_end_of_data_restrictions =
> > check_sender_access static:INFO
> >
> > I get,
> >
> > postfix/smtpd[13668]: warning: unknown smtpd restriction: "INFO
> > postfix/smtpd[13668]: 12E9F6420F: reject: END-OF-MESSAGE from
> > host[x.x.x.x]: 451 4.3.5 Server configuration error;
> > from= to= proto=SMTP
>
> The INFO action was added to access(5) in Postfix 3.0.  Older
> versions have the functionally-identical "WARN" action.
>
> The presence of a manual page reference should be a hint for you to
> check that manual.  Your own local "man 5 access" has no mention of
> the "INFO" action, but compare that to the online one,
> http://www.postfix.org/access.5.html
>
> BTW you might want to consider looking up this one in your own
> postconf(5) manual, and if you have it, set this:
>
> main.cf:
> enable_long_queue_ids = yes
> --
>   http://rob0.nodns4.us/
>   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
>

Re: Make postfix log to show how sender rewriting happens

[Burn Zero]

Thank you viktor. It works fantastically now.

On Tue, Dec 20, 2016 at 7:35 PM, Viktor Dukhovni  wrote:

>
> > On Dec 20, 2016, at 12:53 AM, Burn Zero  wrote:
> >
> >   As you can see the orig_to parameter shows the original id to which
> the email was sent and the to= parameter explains the rewritten email id. I
> can clearly see the email rewriting happened. Similarly, I want to get the
> log entries for sender rewrite.
>
> You can cause the envelope sender to be logged via the INFO action
> of access(5):
>
> main.cf:
> smtpd_end_of_data_restrictions =
> check_sender_access static:INFO
>
> This will record the original envelope sender before rewriting happens
> downstream in cleanup(8).  You can also prepend the original envelope
> sender as a message header.
>
> main.cf:
> pcre = pcre:${config_directory}/
> smtpd_end_of_data_restrictions =
> check_sender_access static:INFO,
> check_sender_access ${pcre}:prepend-sender.pcre
>
> prepend-sender.pcre:
> /^(<.*>)$/  PREPEND X-Envelope-From: $1
> /(.*)/  PREPEND X-Envelope-From: <$1>
>
> --
> Viktor.
>
>

Re: Make postfix log to show how sender rewriting happens

[/dev/rob0]

> On Tue, Dec 20, 2016 at 7:35 PM, Viktor Dukhovni 
>  wrote:
> >
> > > On Dec 20, 2016, at 12:53 AM, Burn Zero  
> > > wrote:
> > >
> > > As you can see the orig_to parameter shows the original id to 
> > > which the email was sent and the to= parameter explains the 
> > > rewritten email id. I can clearly see the email rewriting 
> > > happened. Similarly, I want to get the log entries for sender 
> > > rewrite.
> >
> > You can cause the envelope sender to be logged via the INFO 
> > action of access(5):
> >
> > main.cf:
> > smtpd_end_of_data_restrictions =
> > check_sender_access static:INFO
> >
On Fri, Dec 23, 2016 at 04:36:56PM +0530, Burn Zero wrote:
> Thank you. But when I use
> 
> smtpd_end_of_data_restrictions =
> check_sender_access static:INFO
> 
> I get,
> 
> postfix/smtpd[13668]: warning: unknown smtpd restriction: "INFO 
> postfix/smtpd[13668]: 12E9F6420F: reject: END-OF-MESSAGE from 
> host[x.x.x.x]: 451 4.3.5 Server configuration error; 
> from= to= proto=SMTP

The INFO action was added to access(5) in Postfix 3.0.  Older 
versions have the functionally-identical "WARN" action.

The presence of a manual page reference should be a hint for you to 
check that manual.  Your own local "man 5 access" has no mention of 
the "INFO" action, but compare that to the online one,
http://www.postfix.org/access.5.html

BTW you might want to consider looking up this one in your own 
postconf(5) manual, and if you have it, set this:

main.cf:
enable_long_queue_ids = yes
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: Make postfix log to show how sender rewriting happens

[Burn Zero]

Thank you. But when I use

smtpd_end_of_data_restrictions =
check_sender_access static:INFO

I get,

postfix/smtpd[13668]: warning: unknown smtpd restriction: "INFO
postfix/smtpd[13668]: 12E9F6420F: reject: END-OF-MESSAGE from
host[x.x.x.x]: 451 4.3.5 Server configuration error; from=
to= proto=SMTP



On Tue, Dec 20, 2016 at 7:35 PM, Viktor Dukhovni  wrote:

>
> > On Dec 20, 2016, at 12:53 AM, Burn Zero  wrote:
> >
> >   As you can see the orig_to parameter shows the original id to which
> the email was sent and the to= parameter explains the rewritten email id. I
> can clearly see the email rewriting happened. Similarly, I want to get the
> log entries for sender rewrite.
>
> You can cause the envelope sender to be logged via the INFO action
> of access(5):
>
> main.cf:
> smtpd_end_of_data_restrictions =
> check_sender_access static:INFO
>
> This will record the original envelope sender before rewriting happens
> downstream in cleanup(8).  You can also prepend the original envelope
> sender as a message header.
>
> main.cf:
> pcre = pcre:${config_directory}/
> smtpd_end_of_data_restrictions =
> check_sender_access static:INFO,
> check_sender_access ${pcre}:prepend-sender.pcre
>
> prepend-sender.pcre:
> /^(<.*>)$/  PREPEND X-Envelope-From: $1
> /(.*)/  PREPEND X-Envelope-From: <$1>
>
> --
> Viktor.
>
>

Re: Make postfix log to show how sender rewriting happens

[Viktor Dukhovni]

> On Dec 20, 2016, at 12:53 AM, Burn Zero  wrote:
> 
>   As you can see the orig_to parameter shows the original id to which the 
> email was sent and the to= parameter explains the rewritten email id. I can 
> clearly see the email rewriting happened. Similarly, I want to get the log 
> entries for sender rewrite.

You can cause the envelope sender to be logged via the INFO action
of access(5):

main.cf:
smtpd_end_of_data_restrictions =
check_sender_access static:INFO

This will record the original envelope sender before rewriting happens
downstream in cleanup(8).  You can also prepend the original envelope
sender as a message header.

main.cf:
pcre = pcre:${config_directory}/
smtpd_end_of_data_restrictions =
check_sender_access static:INFO,
check_sender_access ${pcre}:prepend-sender.pcre

prepend-sender.pcre:
/^(<.*>)$/  PREPEND X-Envelope-From: $1
/(.*)/  PREPEND X-Envelope-From: <$1>

-- 
Viktor.

Re: Make postfix log to show how sender rewriting happens

[Wietse Venema]

Burn Zero:
> I guess you didn't get my question. Pardon me if it wasn't clear.

Yes it was.

The pointers that I gave will show you the result of all Postfix
address rewriting, without actually sending email. If you want more
functionality, you are welcome to contribute the code, or to use a
different mail system.

Wietse

Re: Make postfix log to show how sender rewriting happens

[Burn Zero]

I guess you didn't get my question. Pardon me if it wasn't clear.

I use postfix rewrite feature to rewrite sender and recipient address. When
I receive email from outside, my recipient rewrite is done using
recipient_canonical file. I also check the same in log,

Sep 12 17:23:32 rewritehost postfix/smtp[1223]: 28A6701362:
to=, *orig_to*=,
relay=relay.host[xxx.xxx.xxx.xxx]:25, delay=56, delays=51/0/4.5/0,
dsn=2.0.0, status=sent (250 Message accepted for delivery)

  As you can see the *orig_to *parameter shows the original id to which the
email was sent and the *to= *parameter explains the rewritten email id. I
can clearly see the email rewriting happened. Similarly, I want to get the
log entries for sender rewrite.

I know we can enable verbose mode in cleanup daemon to view such logs, but
its verbose ( generates  100's of line) and I don't want to enable it. I
don't want mail delivery reports, but regular logging how sender rewrite
happens like the one I showed for recipient rewrite.

On Mon, Dec 19, 2016 at 5:04 PM, Wietse Venema  wrote:

> Documentation:
> http://www.postfix.org/ADDRESS_REWRITING_README.html#debugging
>
> Command:
> $ sendmail -f sender -bv recipient
>
> Wietse
>

Re: Make postfix log to show how sender rewriting happens

[Wietse Venema]

Documentation:
http://www.postfix.org/ADDRESS_REWRITING_README.html#debugging

Command:
$ sendmail -f sender -bv recipient

Wietse

Make postfix log to show how sender rewriting happens

[Burn Zero]

Hi,

I'm using postfix SMTP server and I'm rewriting sender and recipient
addresses. From the postfix logs, I can see the recipient address rewriting
logs,

Sep 12 17:23:32 rewritehost postfix/smtp[1223]: 28A6701362:
to=, *orig_to*=,
relay=relay.host[xxx.xxx.xxx.xxx]:25, delay=56, delays=51/0/4.5/0,
dsn=2.0.0, status=sent (250 Message accepted for delivery)

Here, I sent an email to em...@domain2.com, but then it is getting a
rewrite by postfix and then email is sent to em...@domain.com ( basically I
understand recipient rewrite happened)

Similarly, I need to enable the logs for sender rewrite. I made the
following change in /etc/postfix/master.cf file


cleanup   unix  n   -   -   -   0   cleanup -v

and it showed long verbose logs how cleanup daemon does the sender
recipient rewrite.But I do not want to enable verbose mode.

Thanks.

Re: smtp_bind_address and postfix log format

[Noel Jones]

On 4/16/2015 6:32 AM, a jalela wrote:
> Hello
> 
> We have setup postfix using smtp_bind_address with 100 ips having
> below configuration
> 
> #
> 
> #ip=10.11.17.13 host=multi328.postfix.example.com
> 
> 
> 10.11.17.13:25   inet  n   -   n
>   -  500   smtpd
> -o content_filter=dksign:[127.0.0.1]:10027
> -o myhostname=multi328.postfix.example.com
> 
> -o syslog_name=multi328
> 
> multi328 unix  -   -   n   - 500  smtp
> -o smtp_bind_address=10.11.17.13
> -o smtp_helo_name=multi328.postfix.example.com
> 
> -o syslog_name=multi328
> -o transport_maps=hash:/etc/postfix/rlt/transport328
> #
> 

You may be better served by using multiple postfix instances.  See:
http://www.postfix.org/MULTI_INSTANCE_README.html


> 
> below given questions are  regards to smtp_bind_address with 100 Ips
> 
> 
> (1)  how can we set different  queue for each  virtual
> smtp_bind_address ?

Each postfix instance has one queue. However, different transports
are scheduled independently, so congestion in one transport won't
affect other transports (until the queue is overfilled).

> 
> (2)  we don't need to use DKIM/DKIMPROXY or OPENDKIM or any other
> milter for signing mails .is there any other way to sign mail
> without using milter in postfix ?

Postfix DKIM support is through documented interfaces; either a
milter or a proxy.


> 
> (3)  postfix can open maximum 1000 out  connection  how can i
> distribute 10 connection to each virtual postfix mta ?

Get a load balancer.

> 
> (4)  we are using system having specs with 32 GB RAM, 24 core
> processor,  SSD with 6GBPS sata port  and centos6 64bit for mta
> (postfix). ulimit -n 102400 and ulimit -u 10240  but postfix can not
> use complete  resources "default_process_limit = 5000" is added in
> main.cf .
> 
>  let me know what changes require for utilizing complete resources
> and which help in make system faster and better for mail

Analyze the system to see where the bottleneck is.

> 
> (5)  don't want to use  sender_transport or random-transport.pl
>   with smtp_bind_address. how  can we
> distributes mails based on helo or ehlo

Not implemented.

> 
> (6)  how can i add header tag "X-postfix-BounceCategory: reason"
>  for NDR mails.

Not implemented.

> 
> (7)  mail stats tool for each virtual postfix mta and multiple
> server,  kindly suggest us
> 
> (8)  Is there any puppet module present for  smtp_bind_address ?
> 
> (9)  how  can we set smtp_header_checks based on mail sender address ?

If you use a sender dependent transport, you can define the
smtp_header_checks in that transport.

> 
> (10) Can we print specific header parameters like (from
> ,subject,client-ID,sender,To) in single line format  into log file
> (maillog)?

Logging is not configurable.

> 
> (11) Please tell me which other parameters we can use with
> smtp_bind_address

If you're asking what other parameters you can set in a master.cf
smtp transport, see:
http://www.postfix.org/smtp.8.html

> 
> (12) how to change maillog format .like below single line log
> 
> Apr  8 07:14:58 multi1 multi328/smtp[27657]:
> 3lMNL92vNJz1r2cR:warning: header Subject: welcome to postfix from
> client1.application.com
> [10.10.10.10];
> from= >,
> to=mailto:a...@aol.com>>, proto=SMTP,
> relay=mailin-01.mx.aol.com
> [64.12.91.195]:25, delay=1.6,
> delays=0.18/0.03/0.25/1.1, dsn=2.0.0, status=sent (250 2.0.0 Ok:
> queued as 0140C7093)

This information is logged by different postfix processes.  You'll
need an external log processing tool to combine the existing
information.


You may be better served by using multiple postfix instances.  See:
http://www.postfix.org/MULTI_INSTANCE_README.html



  -- Noel Jones

smtp_bind_address and postfix log format

[a jalela]

Hello

We have setup postfix using smtp_bind_address with 100 ips having below
configuration

#

#ip=10.11.17.13 host=multi328.postfix.example.com

10.11.17.13:25  inet  n   -   n   -  500   smtpd
-o content_filter=dksign:[127.0.0.1]:10027
-o myhostname=multi328.postfix.example.com
-o syslog_name=multi328

multi328 unix  -   -   n   - 500  smtp
-o smtp_bind_address=10.11.17.13
-o smtp_helo_name=multi328.postfix.example.com
-o syslog_name=multi328
-o transport_maps=hash:/etc/postfix/rlt/transport328
#


below given questions are  regards to smtp_bind_address with 100 Ips


(1)  how can we set different  queue for each  virtual smtp_bind_address ?

(2)  we don't need to use DKIM/DKIMPROXY or OPENDKIM or any other milter
for signing mails .is there any other way to sign mail without using milter
in postfix ?

(3)  postfix can open maximum 1000 out  connection  how can i distribute 10
connection to each virtual postfix mta ?

(4)  we are using system having specs with 32 GB RAM, 24 core processor,
 SSD with 6GBPS sata port  and centos6 64bit for mta (postfix). ulimit -n
102400 and ulimit -u 10240  but postfix can not use complete  resources
"default_process_limit = 5000" is added in main.cf.

 let me know what changes require for utilizing complete resources and
which help in make system faster and better for mail

(5)  don't want to use  sender_transport or random-transport.pl  with
smtp_bind_address. how  can we distributes mails based on helo or ehlo

(6)  how can i add header tag "X-postfix-BounceCategory: reason"  for NDR
mails.

(7)  mail stats tool for each virtual postfix mta and multiple server,
 kindly suggest us

(8)  Is there any puppet module present for  smtp_bind_address ?

(9)  how  can we set smtp_header_checks based on mail sender address ?

(10) Can we print specific header parameters like (from
,subject,client-ID,sender,To) in single line format  into log file
(maillog)?

(11) Please tell me which other parameters we can use with
smtp_bind_address

(12) how to change maillog format .like below single line log

Apr  8 07:14:58 multi1 multi328/smtp[27657]: 3lMNL92vNJz1r2cR:warning:
header Subject: welcome to postfix from client1.application.com[10.10.10.10];
from=, to=,
proto=SMTP, relay=mailin-01.mx.aol.com[64.12.91.195]:25, delay=1.6,
delays=0.18/0.03/0.25/1.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
0140C7093)

Thank You
Anil Jalela

Postfix log analyzer tool V0.9.17 released

[Nicolas HAHN]

Hello all,

I've released *Version 0.9.17 of the ELSE* (E-mail Log Search Engine) as 
a tar.gz archive on Sourceforge there: 
https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/


There is also a *virtual machine for demonstration purpose* if you want 
to test this thing as well as the *GreyLSE* (Postfix Policy Server for 
greylisting and more). Details there: 
http://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/DEMO_VM/download


If you're interested you can also take a look at the WIKI pages there: 
http://sourceforge.net/p/x-itools/wiki/
You can also drop me an e-email on the project mailing lists 
(x-itools-de...@lists.sourceforge.net and 
x-itools-us...@lists.sourceforge.net)

*
Please note that all releases of this software are considered R&D. Use 
it at your own risks.*


Regards,
Nicolas

<>

New Postfix log analyzer tool V0.9.16 released (PostgreSQL DB 9.2.x based)

[Nicolas HAHN]

Dear Community,

VERSION 0.9.16 OF THE ELSE (E-mail Log Search Engine) has just been
released as a tar.gz archive.
As usual, take a look at the README file for the revision history.

The archive is there:
https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/

The OFFICIAL X-ITOOLS ELSE 0.9.16 USER'S HOWTO has been also released in
its first draft and is available in the Wiki:
http://sourceforge.net/p/x-itools/wiki/Documentation%20for%20Users/

PLEASE NOTE THAT ALL RELEASES OF THIS SOFTWARE ARE CONSIDERED  R&D. USE IT
AT YOUR OWN RISKS.

Kind regards,
Nicolas

New Postfix log analyzer tool V0.9.15 released (PostgreSQL DB 9.2.x based)

[Nicolas HAHN]

Dear Community,

*Version 0.9.15* of the ELSE (E-mail Log Search Engine) has been released.
This version is now able to parse Postfix versions >=2.9 logs having 
long queue IDs.


README including versionning info as well as archive are available there:
https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/

*Please note that all releases of this software are considered R&D. Use 
it at your own risks.*


Kind regards,
Nicolas
<>

Re: Understanding postfix log

[Victor d'Agostino]

Thanks for the help

Victor


2013/5/15 Wietse Venema 

> Martin Sch?tte:
> > > What does "conn_use", "delays=a/b/c/d" and "dsn"means
> >
> > http://www.postfix.org/CONNECTION_CACHE_README.html#safety
> >
> > http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit
> >
> > http://www.postfix.org/DSN_README.html
>
> See RFC 3463 for the meaning of the numbers in dsn= logging.
> http://tools.ietf.org/html/rfc3463
>
> (the "dsn" in dsn=x.y.z is misnamed, but sendmail compatible :-).
>
> Wietse
>

Re: Understanding postfix log

[Wietse Venema]

Martin Sch?tte:
> > What does "conn_use", "delays=a/b/c/d" and "dsn"means
> 
> http://www.postfix.org/CONNECTION_CACHE_README.html#safety
> 
> http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit
> 
> http://www.postfix.org/DSN_README.html

See RFC 3463 for the meaning of the numbers in dsn= logging.
http://tools.ietf.org/html/rfc3463

(the "dsn" in dsn=x.y.z is misnamed, but sendmail compatible :-).

Wietse

Re: Understanding postfix log

[Martin Schütte]

> What does "conn_use", "delays=a/b/c/d" and "dsn"means

http://www.postfix.org/CONNECTION_CACHE_README.html#safety

http://www.postfix.org/postconf.5.html#delay_logging_resolution_limit

http://www.postfix.org/DSN_README.html

-- 
Martin

Understanding postfix log

[Victor d'Agostino]

Hello,

Can someone explains to me  (or give a link) in this log

May 15 10:58:13 LXLYOPFD11 postfix/smtp[12232]: B7B1B4800DC: to=<
x...@gmail.com>, relay=10.220.8.20[10.220.8.20]:25, conn_use=7, delay=1991,
delays=0.06/1990/0/0.66, dsn=2.0.0, status=sent (250 2.0.0 OK 1368608293
fe7si6820218wib.77 - gsmtp)

What does "conn_use", "delays=a/b/c/d" and "dsn"means

Thanks in advance !

Victor

Re: New Postfix log analyzer tool V0.9.13 released (PostgreSQL DB 9.2.x based)

[Birta Levente]

On 23/04/2013 23:29, Nicolas HAHN wrote:

Dear Community,

*Version 0.9.13* of the tool has been released.

My tool is able to parse Postfix Logs (version < 2.8 for now), generates
statistics, propose you a great EXTJS 4.1.3 Web 2.0 interface, offers
powerfull search features and so on...

It is also able to parse Microsoft Exchange Server Logs (when used as a
MUA, haven't tested when also used as a MTA) and correlate with Postfix
logs.

README including versionning info as well as archive are available there:

https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/

I plan to adapt it for Postfix versions > 2.8 logs in the comming days,
and I hope except the QID, the format of the logs is the same :-)

I'm available if you wish to answer questions and provide
information/support as I need to create and provide complete set of
documentations.

Kind regards,
Nicolas


This message was sent using IMP, the Internet Messaging Program.



I wish to try it, but I use 2.10 with long queue ID

Just wait until support it.

Levi





smime.p7s
Description: S/MIME Cryptographic Signature

New Postfix log analyzer tool V0.9.13 released (PostgreSQL DB 9.2.x based)

[Nicolas HAHN]

Dear Community,

VERSION 0.9.13 of the tool has been released.

My tool is able to parse Postfix Logs (version < 2.8 for now), generates 
statistics, propose you a great EXTJS 4.1.3 Web 2.0 interface, offers powerfull 
search features and so on...

It is also able to parse Microsoft Exchange Server Logs (when used as a MUA, 
haven't tested when also used as a MTA) and correlate with Postfix logs.

README including versionning info as well as archive are available there:

https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/

I plan to adapt it for Postfix versions > 2.8 logs in the comming days, and I 
hope except the QID, the format of the logs is the same :-)

I'm available if you wish to answer questions and provide information/support 
as I need to create and provide complete set of documentations.

Kind regards,
Nicolas


This message was sent using IMP, the Internet Messaging Program.

New Postfix log analyzer tool V0.9.11 released (PostgreSQL DB 9.2.x based)

[Nicolas HAHN]

Dear Community,

I just released *version 0.9.11* of the tool.

This version is the *first one to include Microsoft Exchange Server Logs 
parsing capabilities*.


README including versionning info as well as archive are available there:

https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/

Now will start to commit version 0.9.12 :)

Kind regards,
Nicolas
<>

Re: New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[Nicolas HAHN]

Le 13/04/2013 15:17, /dev/rob0 a écrit :
I think the point is that none of the software you mention are 
Linux-specific. Postfix, PostgreSQL, rsyslog, "apache" (Apache httpd), 
and php all work and are commonly seen on other Unix and Unix-like 
systems. It doesn't sound likely that you have done something to 
restrict this to Linux-only. 


You are totally right. In theory it is not restricted.
My point is that I'm coding, testing, and using the tool ONLY on a bunch 
of RHEL 6.x servers.
So in practice, I never used the tool on another OS (even another LINUX 
distrib), and this means it's not validated for other OS than RHEL 6.


But again, if people in the community want to deploy it, test it, 
install it, debug it, validate it on other platforms, then that will be 
a win-win deal for sure :)


There are so much to be done...

Kind regards,
Nicolas
<>

Re: New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[Larry Stone]

On Apr 13, 2013, at 8:17 AM, /dev/rob0  wrote:

> 
> I think the point is that none of the software you mention are 
> Linux-specific. Postfix, PostgreSQL, rsyslog, "apache" (Apache 
> httpd), and php all work and are commonly seen on other Unix and 
> Unix-like systems. It doesn't sound likely that you have done 
> something to restrict this to Linux-only.

My first thought was he thinks Linux and Unix are just different words for the 
same thing. Or he knows Linux and has never heard of Unix.

Wouldn't be the first. I've run into people (although less technical) who have 
heard of Linux since it's been a "cool" buzz-word but have no idea what Unix is.

-- 
Larry Stone
lston...@stonejongleux.com
http://www.stonejongleux.com/

Re: New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[/dev/rob0]

[ Top-posting fixed ]
> Le 13/04/2013 11:31, LuKreme a écrit :
> >On Apr 11, 2013, at 7:29, Nicolas HAHN  wrote:
> >>a Linux server
> >It requires Linux? Why would it require Linux?

On Sat, Apr 13, 2013 at 11:38:07AM +0200, Nicolas HAHN wrote:
> Mmhhh... What can I say???
> 
> If somebody can make the full product working on another
> platform, then I would be happy to propose the corresponding
> archive on Sourceforge available files project page...
> 
> But for now the best answer is simply "it's like that". ;)

I think the point is that none of the software you mention are 
Linux-specific. Postfix, PostgreSQL, rsyslog, "apache" (Apache 
httpd), and php all work and are commonly seen on other Unix and 
Unix-like systems. It doesn't sound likely that you have done 
something to restrict this to Linux-only.
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[Nicolas HAHN]

Mmhhh... What can I say???

If somebody can make the full product working on another platform, then 
I would be happy to propose the corresponding archive on Sourceforge 
available files project page...


But for now the best answer is simply "it's like that". ;)


Le 13/04/2013 11:31, LuKreme a écrit :

On Apr 11, 2013, at 7:29, Nicolas HAHN  wrote:

a Linux server

It requires Linux? Why would it require Linux?



<>

Re: New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[LuKreme]

On Apr 11, 2013, at 7:29, Nicolas HAHN  wrote:
> a Linux server

It requires Linux? Why would it require Linux?

-- 
you'd think you could trust a horde of hungarian barbarians

Re: New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[Abhijeet Rastogi]

Any screenshots would be highly appreciated. I'm currently using
Elasticsearch to store all my logs and Kibana for search. I was wondering
how this tool will help more.


On Thu, Apr 11, 2013 at 6:59 PM, Nicolas HAHN  wrote:

>  Dear Postfix Community,
>
> I'm writing for the first time there but working in the area of SMTP
> messaging since a long time. With Postfix, that I really love.
>
> The goal of my e-mail today is just to let you know that I'm working since
> some time on my open source GPLv3 project dedicated to *real time*postfix log 
> analysis, but not only log analysis.
>
> This project need several components to work fine, primarily a Linux
> server running Apache, Php, Rsyslog, postgreSQL 9.2, SNMPD, ... A lot of
> things are described in the INSTALL file.
>
> If you are interested by such project, you can find it on Sourceforge
> there:
> https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/
>
>
> The archive I just uploaded this morning deal with Postfix version >=2.8.x
> logs.
>
> This tool is used in the United Nations datacenters, for Messaging
> Services, where I'm currently working as a messaging architect consultant.
> Depending of the processing power of the server, it is able to work with a
> mail flow of 1 million e-mails a day in real time. The version deployed in
> the UN also process Exchange servers logs in real time. The version I've
> packaged on sourceforge is a little bit in late (I need time to commit all
> my code) and is able to process Postfix logs only as of today.
> Some (and me too :-)) say it is much more powerfull than what Postini from
> Google is offering, especially if we consider it is working in real time.
>
> Version available on sourceforge in the tar.gz archive is 0.9.10.
> Version starting to process Exchange Servers logs is 0.9.11. It is
> comming...
>
> Also, I kept my tool "secret" since 2004 despite the fact I decided to
> make it under GPL, using it for my own needs as a small provider myself. I
> decided to publish it on sourceforge in 2011, when UN shown a big interest
> in it, and then I restarted the development. It means the Wiki is empty,
> the doc is enclosed in my brain, ... and all of this needs to be publicly
> available. that will take time...
>
> So, if you're interested, I can answer questions and provide help. It can
> be quite complex to install because of the dependencies needed.
> This project also need, as you may know, volunteers and talents, people to
> debug, ... I'm not the most talented coder of the world of course :) PHP
> code I produce as a PHP newbie for example, could be greatly enhanced,
> secured, and so on. I'm learning PHP the same time I'm coding this tool and
> it's not easy as I'm an old school C/C++ coder.
>
> In brief, a continuous effort is needed as usual.
>
> *NOTE: I've removed the attached screenshot because e-mail size is
> limited to  4 characters.*
>
> Thanks for your attention
>
> Best regards,
> Nicolas
>



-- 
Regards,
Abhijeet Rastogi (shadyabhi)
http://blog.abhijeetr.com

New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[Nicolas HAHN]

Dear Postfix Community,

I'm writing for the first time there but working in the area of SMTP 
messaging since a long time. With Postfix, that I really love.


The goal of my e-mail today is just to let you know that I'm working 
since some time on my open source GPLv3 project dedicated to _*real 
time*_ postfix log analysis, but not only log analysis.


This project need several components to work fine, primarily a Linux 
server running Apache, Php, Rsyslog, postgreSQL 9.2, SNMPD, ... A lot of 
things are described in the INSTALL file.


If you are interested by such project, you can find it on Sourceforge 
there: 
https://sourceforge.net/projects/x-itools/files/X-Itools%20releases/E-mail%20Log%20Search%20Engine/


The archive I just uploaded this morning deal with Postfix version 
>=2.8.x logs.


This tool is used in the United Nations datacenters, for Messaging 
Services, where I'm currently working as a messaging architect 
consultant. Depending of the processing power of the server, it is able 
to work with a mail flow of 1 million e-mails a day in real time. The 
version deployed in the UN also process Exchange servers logs in real 
time. The version I've packaged on sourceforge is a little bit in late 
(I need time to commit all my code) and is able to process Postfix logs 
only as of today.
Some (and me too :-)) say it is much more powerfull than what Postini 
from Google is offering, especially if we consider it is working in real 
time.


Version available on sourceforge in the tar.gz archive is 0.9.10.
Version starting to process Exchange Servers logs is 0.9.11. It is 
comming...


Also, I kept my tool "secret" since 2004 despite the fact I decided to 
make it under GPL, using it for my own needs as a small provider myself. 
I decided to publish it on sourceforge in 2011, when UN shown a big 
interest in it, and then I restarted the development. It means the Wiki 
is empty, the doc is enclosed in my brain, ... and all of this needs to 
be publicly available. that will take time...


So, if you're interested, I can answer questions and provide help. It 
can be quite complex to install because of the dependencies needed.
This project also need, as you may know, volunteers and talents, people 
to debug, ... I'm not the most talented coder of the world of course :) 
PHP code I produce as a PHP newbie for example, could be greatly 
enhanced, secured, and so on. I'm learning PHP the same time I'm coding 
this tool and it's not easy as I'm an old school C/C++ coder.


In brief, a continuous effort is needed as usual.

/NOTE: I've removed the attached screenshot because e-mail size is 
limited to  4 characters./


Thanks for your attention

Best regards,
Nicolas
<>

[Bug fix in previous email] New Postfix log analyzer tool, statistics, grapher, ... PostgreSQL DB 9.2.x based

[Nicolas HAHN]

Dear Postfix Community,

Instead of reading in my previous email:

"The archive I just uploaded this morning deal with Postfix version 
>=2.8.x logs."


Please read:

"The archive I just uploaded this morning deal with Postfix version 
_*<=2.8.x*_ logs."


This is a misstyping from me ;)
<>

Re: Postfix log file question

[Ralf Hildebrandt]

* Henry Stryker :

> Very good, and thanks for the quick answer.  I was able to learn from
> /usr/include/sys/syslog.h that this maps to a facility/priority code.
> 
> 2 = mail
> 6 = informational

Ah, interesting. Wouldn't have been able to guess this :)

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: Postfix log file question

[Henry Stryker]

On 5/22/12 6:31 AM, Ralf Hildebrandt wrote:
>> What does the "<2.6>" signify in every Postfix log line entry?
> 
> Dunno. That's probably a function of your syslog daemon

Very good, and thanks for the quick answer.  I was able to learn from
/usr/include/sys/syslog.h that this maps to a facility/priority code.

2 = mail
6 = informational

Re: Postfix log file question

[Chris Robinson]

On 22/05/2012 15:29, Henry Stryker wrote:

This is certainly not of critical importance, but my curiosity makes me
wonder:

May 20 12:28:40<2.6>  hyperion postfix/smtpd[22436]:


What does the "<2.6>" signify in every Postfix log line entry?

I am running postfix-current on FreeBSD 8.3
mail_version = 2.10-20120423

!DSPAM:4fbb94d5193091048919757!



I'd guess it's the Linux version no, since that's where the server name 
normally goes. Try uname -a.


Chris Robinson

Re: Postfix log file question

[Ralf Hildebrandt]

* Henry Stryker :
> 
> This is certainly not of critical importance, but my curiosity makes me
> wonder:
> 
> May 20 12:28:40 <2.6> hyperion postfix/smtpd[22436]:
> 
> 
> What does the "<2.6>" signify in every Postfix log line entry?

Dunno. That's probably a function of your syslog daemon

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Postfix log file question

[Henry Stryker]

This is certainly not of critical importance, but my curiosity makes me
wonder:

May 20 12:28:40 <2.6> hyperion postfix/smtpd[22436]:


What does the "<2.6>" signify in every Postfix log line entry?

I am running postfix-current on FreeBSD 8.3
mail_version = 2.10-20120423

Re: Flexible formatting of Postfix log entries?

[Wietse Venema]

kar...@mailcan.com:
The number of record types that Postfix logs ROUTINELY per email
transaction is limited. If takes only a handful of regular expressions
to parse those, and this has in fact already been done many times.

You can make logfile parsing more robust by turning on "non-repeating"
queue IDs. Instead of a short string like 447FC600E1 which contains
only the queue file inode number and the microsecond portion of the
time of day, non-repeating queue IDs are slightly longer strings
like 3Vf7bv5VFzzk2RP that contain the inode number and total amount
of time in microseconds since 1970.

Wietse

Re: Flexible formatting of Postfix log entries?

[karf96]

On Sat, Apr 28, 2012, at 12:19 PM, Noel Jones wrote:
> While it would be possible to patch postfix to write logs
> differently, the better choice is to investigate some of the
> existing log parsers, such as pflogsumm or postfix-logwatch, and
> possibly customize them.

I'll take a look at both of those.

>  Note that once you modify postfix logging
> none of the off-the-shelf tools will work anymore, which is a good
> reason to modify existing tools rather than modifying the logging.
> http://www.postfix.org/addon.html#logfile

It will require more in-depth digging on my part but those tools appear
to do after the fact log processing.  Your argument for not patching
what Postfix does is a good one and  echoes my gut anyway.

> It is also possible to log to an sql database for flexible custom
> reports.  This is done in the syslog daemon (such as rsyslog) rather
> than in postfix.

I'd considered that as well as looking at Splunk.  Moving human-readable
text logs into a DB grabs me as overkill and smacks too much of Redhat's
"Let's change the way logs work", which I personally find distasteful,
but worth some additional thought.

> For watching the logs in realtime, look at multitail.  It can filter
> and colorize the display to highlight the parts important to you.

I use multitail on occassion.  Color/highlight is one option.  My
specific goal is just to improve my own ability to live-tail a
functional log, and more efficiently ID problems.  Right now I spend
most of my energy trying to visually parse the logs -- which 5 log
entries go together, what are the Message IDs/PIDs/etc.  Columns work
for me, colors don't.  I'll take a look at those log analysis/parser
tools again.

--
Thanks,
Karen

Re: Flexible formatting of Postfix log entries?

[Noel Jones]

On 4/28/2012 10:30 AM, kar...@mailcan.com wrote:
> 
> I've been writing scripts for my loganalysis chores.  A typical log
> entry for a mail transaction looks like,
> 
...
> 
> Personally, I find that difficult to parse at a glance.  Although it's
> certainly a matter of personal taste, I prefer a bit more columnar
> structre.  Something like (using monospaced fonts),
> 


While it would be possible to patch postfix to write logs
differently, the better choice is to investigate some of the
existing log parsers, such as pflogsumm or postfix-logwatch, and
possibly customize them.  Note that once you modify postfix logging
none of the off-the-shelf tools will work anymore, which is a good
reason to modify existing tools rather than modifying the logging.
http://www.postfix.org/addon.html#logfile

It is also possible to log to an sql database for flexible custom
reports.  This is done in the syslog daemon (such as rsyslog) rather
than in postfix.

For watching the logs in realtime, look at multitail.  It can filter
and colorize the display to highlight the parts important to you.



  -- Noel Jones

Re: Flexible formatting of Postfix log entries?

[karf96]

On Sat, Apr 28, 2012, at 11:35 AM, John Peach wrote:
> > Since it's Postfix doing the writing to the logs in the 1st place, is it 
> > possible to config Postfix to (free)format those
> 
> It's not postfix - it's syslog.

If you look in Postfix's source code

./src/util/msg_syslog.c

...
static int syslog_facility;

/* msg_syslog_print - log info to syslog daemon */

static void msg_syslog_print(int level, const char
*text)
{
static int log_level[] = {
LOG_INFO, LOG_WARNING, LOG_ERR, LOG_CRIT, LOG_CRIT,
};
static char *severity_name[] = {
"info", "warning", "error", "fatal", "panic",
};

if (level < 0 || level >= (int) (sizeof(log_level) /
sizeof(log_level[0])))
msg_panic("msg_syslog_print: invalid severity level:
%d", level);

if (level == MSG_INFO) {
--> syslog(syslog_facility | log_level[level], "%.*s",
   (int) MSG_SYSLOG_RECLEN, text);
} else {
--> syslog(syslog_facility | log_level[level], "%s:
%.*s",
   severity_name[level], (int)
   MSG_SYSLOG_RECLEN, text);
}
}
...

that looks to me like Postfix sending pre-assembled string(s) info to
the sys-logger with a format specified.

I can change those strings in Postfix code, recompile, and the output
format that appears in the syslog  changes.

Your comment suggests to me that I can instead change that format "in"
syslog.

If that's the case, can you provide an example of how to use syslog
directly to alter that format?

--
Thanks,
Karen

Re: Flexible formatting of Postfix log entries?

[John Peach]

On Sat, 28 Apr 2012 08:30:54 -0700
kar...@mailcan.com wrote:

> 
> I've been writing scripts for my loganalysis chores.  A typical log
> entry for a mail transaction looks like,
[snip]

> Since it's Postfix doing the writing to the logs in the 1st place, is it 
> possible to config Postfix to (free)format those

It's not postfix - it's syslog.

[snip]

-- 
John

Flexible formatting of Postfix log entries?

[karf96]

I've been writing scripts for my loganalysis chores.  A typical log
entry for a mail transaction looks like,

Apr 28 07:01:28 liam postfix/smtpd[17751]: connect from
out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/smtpd[17751]: 447FC600E1:
client=out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/qmgr[899]: 447FC600E1:
from=, size=3219, nrcpt=1 (queue
active)
Apr 28 07:01:29 liam postfix/smtpd[17751]: disconnect from
out.somewhere.com[99.99.99.99]
Apr 28 07:01:33 liam postfix/qmgr[899]: 286E0601B5:
from=, size=3904, nrcpt=1 (queue
active)
Apr 28 07:01:33 liam postfix/smtp[17758]: 447FC600E1:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=5,
delays=0.79/0.02/0.02/4.2, dsn=2.0.0, status=sent (250 2.0.0
from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 286E0601B5)
Apr 28 07:01:33 liam postfix/lmtp[17767]:  286E0601B5:
to=,
relay=mail.mydomain.com[192.168.1.100]:7025, delay=0.57,
delays=0.38/0.02/0/0.17, dsn=2.1.5, status=sent (250 2.1.5
Delivery OK)


Personally, I find that difficult to parse at a glance.  Although it's
certainly a matter of personal taste, I prefer a bit more columnar
structre.  Something like (using monospaced fonts),

Apr 28 07:01:28 liam postfix/smtpd[17751]: connect
from out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/smtpd[17751]: 447FC600E1:
client=out.somewhere.com[99.99.99.99]
Apr 28 07:01:29 liam postfix/qmgr[899]:447FC600E1:
from=,   
size=3219, nrcpt=1 (queue active)
Apr 28 07:01:29 liam postfix/smtpd[17751]:
disconnect from out.somewhere.com[99.99.99.99]
Apr 28 07:01:33 liam postfix/qmgr[899]:286E0601B5:
from=,   
size=3904, nrcpt=1 (queue active)
Apr 28 07:01:33 liam postfix/smtp[17758]:  447FC600E1:
to=, orig_to=,
relay=127.0.0.1[127.0.0.1]:10024, delay=5,
delays=0.79/0.02/0.02/4.2, dsn=2.0.0,

  status=sent

  (250

  2.0.0

  from

  MTA([127.0.0.1]:10025):

  250

  2.0.0

  Ok:

  queued

  as

  286E0601B5)
Apr 28 07:01:33 liam postfix/lmtp[17767]:  286E0601B5: 
to=, 
relay=mail.mydomain.com[192.168.1.100]:7025, delay=0.57, 
delays=0.38/0.02/0/0.17,

  dsn=2.1.5,

  status=sent

  (250

  2.1.5

  Delivery

  OK)

for a start.

I can write scripts to parse & format the logs after the fact.  Doing so for 
live log tailing is a little more challenging,
but still can be done.

Since it's Postfix doing the writing to the logs in the 1st place, is it 
possible to config Postfix to (free)format those
log entries?  I suppose I can find the code in Postfix and patch, but that 
seems unwise.  Ideally, a configuration --
somewhere.  If not, do a

Re: postfix log

[Noel Jones]

On 3/22/2012 2:12 PM, K bharathan wrote:
> hi
> appreciate if somebody could help interpret the following log:
> 
> Mar 22 21:07:25 relay0 postfix/smtpd[61707]: disconnect from
> unknown[69.167.155.81]
> Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: start
> interval Mar 22 21:03:29
> Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: domain
> lookup hits=20 miss=20 success=50%
> Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: address
> lookup hits=0 miss=20 success=0%
> 
> why it is saying 'success=50%' !
> 
> am running a local resolver (unbound)
> 
> -bharathan
> 
> 

This has nothing to do with DNS.

Please see
http://www.postfix.org/CONNECTION_CACHE_README.html
http://www.postfix.org/scache.8.html



  -- Noel Jones

postfix log

[K bharathan]

hi
appreciate if somebody could help interpret the following log:

Mar 22 21:07:25 relay0 postfix/smtpd[61707]: disconnect from
unknown[69.167.155.81]
Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: start interval
Mar 22 21:03:29
Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: domain lookup
hits=20 miss=20 success=50%
Mar 22 21:07:36 relay0 postfix/scache[61795]: statistics: address lookup
hits=0 miss=20 success=0%

why it is saying 'success=50%' !

am running a local resolver (unbound)

-bharathan

Re: email tracking from postfix log file

[Noel Jones]

(perpetuating the useless use of cat and the hopelessly muddled top
posting)

cat /var/log/maillog | egrep -i 'from=<.*@yahoo\.com>.*to='


  -- Noel Jones

On 2/11/2012 1:42 AM, kshitij mali wrote:
> hi Ralf ,
> 
> Thanks for help me .
> 
> with the below expression its is showing me the logs for both
> "from=< " and "to=<" logs what i wanted was only
> match the expression from each like only
> from=mailto:anythingh...@gmail.com>> lines
> 
> i know this will be tricky i m to trying to solve this expression if
> u can then pls help.
> 
> Regards,
> Kshitij Mali
> 
> On Fri, Feb 10, 2012 at 12:58 PM, Ralf Hildebrandt
> mailto:ralf.hildebra...@charite.de>>
> wrote:
> 
> * kshitij mali  >:
> > Hi ,
> >
> > how to trace email from particular domain i want to trace all
> log from
> > yahoo.com 
> >
> > cat /var/log/maillog | egrep -i 'from=<*@yahoo.com
> '
> 
> cat /var/log/maillog | egrep -i 'from=<.*@yahoo\.com>'
> 
> --
> Ralf Hildebrandt
>  Geschäftsbereich IT | Abteilung Netzwerk
>  Charité - Universitätsmedizin Berlin
>  Campus Benjamin Franklin
>  Hindenburgdamm 30 | D-12203 Berlin
>  Tel. +49 30 450 570 155  |
> Fax: +49 30 450 570 962 
>  ralf.hildebra...@charite.de
>  | http://www.charite.de
> 
> 

Re: email tracking from postfix log file

[kshitij mali]

hi Ralf ,

Thanks for help me .

with the below expression its is showing me the logs for both "from=< " and
"to=<" logs what i wanted was only
match the expression from each like only from= lines

i know this will be tricky i m to trying to solve this expression if u can
then pls help.

Regards,
Kshitij Mali

On Fri, Feb 10, 2012 at 12:58 PM, Ralf Hildebrandt <
ralf.hildebra...@charite.de> wrote:

> * kshitij mali :
> > Hi ,
> >
> > how to trace email from particular domain i want to trace all log from
> > yahoo.com
> >
> > cat /var/log/maillog | egrep -i 'from=<*@yahoo.com'
>
> cat /var/log/maillog | egrep -i 'from=<.*@yahoo\.com>'
>
> --
> Ralf Hildebrandt
>  Geschäftsbereich IT | Abteilung Netzwerk
>  Charité - Universitätsmedizin Berlin
>  Campus Benjamin Franklin
>  Hindenburgdamm 30 | D-12203 Berlin
>  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>  ralf.hildebra...@charite.de | http://www.charite.de
>
>

Re: email tracking from postfix log file

[Ralf Hildebrandt]

* Tom Kinghorn :
> On 10/02/2012 09:28, Ralf Hildebrandt wrote:
> >* kshitij mali:
> >cat /var/log/maillog | egrep -i 'from=<.*@yahoo\.com>'
> >
> Why waste processing cycles, just use egrep instead of using cat first.
> 
> egrep -i 'from=<.*@yahoo\.com>' /var/log/maillog

Yeah, but I wanted to make my change easy to spot.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: email tracking from postfix log file

[Tom Kinghorn]

On 10/02/2012 09:28, Ralf Hildebrandt wrote:

* kshitij mali:
cat /var/log/maillog | egrep -i 'from=<.*@yahoo\.com>'


Why waste processing cycles, just use egrep instead of using cat first.

egrep -i 'from=<.*@yahoo\.com>' /var/log/maillog

Re: email tracking from postfix log file

[Ralf Hildebrandt]

* kshitij mali :
> Hi ,
> 
> how to trace email from particular domain i want to trace all log from
> yahoo.com
> 
> cat /var/log/maillog | egrep -i 'from=<*@yahoo.com'

cat /var/log/maillog | egrep -i 'from=<.*@yahoo\.com>'

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: email tracking from postfix log file

[kshitij mali]

Hi ,

how to trace email from particular domain i want to trace all log from
yahoo.com

cat /var/log/maillog | egrep -i 'from=<*@yahoo.com'

the above commad is not working properly pls some help me with regular
expression


Regards
kshitij

On Wed, Jun 1, 2011 at 6:07 PM, Duane Hill  wrote:

> Wednesday, June 1, 2011, 3:33:41 AM, Ralf wrote:
>
> > * kshitij mali :
> >> Thank u ralf
> >>
> >> Can u please give me link for learn regular experssion
>
> > The best book is:
> > http://oreilly.com/catalog/9780596002893
> > (IMHO of course)
>
> I also use:
>
>  http://www.regular-expressions.info/
>
> --
>  Duane
>
>

Re: postfix log

[Leslie León Sinclair]

You can do a python script to parse/split in different lines or 
parameters /var/log/[mail.log | maillog] and insert records into MySQL 
database.


Best regards,
Leslie.

--
/***
*Leslie León Sinclair
*Administrador de Redes
*Facultad de Ingenieria Electrica, CUJAE.
*Calle 114 #11901 e/ Ciclovía y Rotonda
*Marianao 19390, Ciudad de la Habana, Cuba
*Tel: (53 7) 266-3321
*Miembro de GUTL ->   
http://www.ecured.cu/index.php/Grupo_de_Usuarios_de_Tecnolog%C3%ADas_Libres_GUTL
*Another happy Slackware&   Debian GNU/Linux user
*Proud GNU/Linux User #445535 ->   http://counter.li.org/
*Katana yanai, otoko nanda.
/


Participe en Universidad 2012, del 13 al 17 de febrero de 2012.
Habana, Cuba: http://www.congresouniversidad.cu
Consulte la enciclopedia colaborativa cubana. http://www.ecured.cu

Participe en el Segundo Congreso Medio Ambiente Construido y 
Desarrollo Sustentable (MACDES 2011) del 6 al 9 de diciembre de 2011, 
Hotel Nacional, Habana, Cuba: http://macdes.cujae.edu.cu

Re: postfix log

[jeffrey j donovan]

On Nov 18, 2011, at 8:45 AM, Amira Othman wrote:

> Hi all
> Is it possible to have postfix log to be written in database instead of file? 
> If it’s not possible could I copy some information out of log file and then 
> insert them in database?
>  
> regards

you can cat awk grep sed /var/log/filename to file.db
technically the log file is already in a db format of $1,$2,$3

-j

Re: postfix log

[Wietse Venema]

Brian Evans - Postfix List:
> >
> > Hi all
> >
> > Is it possible to have postfix log to be written in database instead
> > of file? If it?s not possible could I copy some information out of log
> > file and then insert them in database?
> 
> As reported to you twice in the past week, Postfix logs to your syslog
> daemon.
> It will basically only send the facility, level and message.
> It does not choose what to do with it.
> 
> Some syslog daemons, such as syslog-ng, can log to a database.
> This is beyond the scope of this list and you should really find support
> for your syslog daemon or, perhaps, your OS vendor.

http://www.rsyslog.com/doc/rsyslog_high_database_rate.html
http://en.gentoo-wiki.com/wiki/Syslog-ng_directly_to_MySQL

And so on. I'd like to hear of setups where the DBMS does not
use more system resources than Postfix itself.

Wietse

Re: postfix log

[Brian Evans - Postfix List]

On 11/18/2011 8:45 AM, Amira Othman wrote:
>
> Hi all
>
> Is it possible to have postfix log to be written in database instead
> of file? If it’s not possible could I copy some information out of log
> file and then insert them in database?
>
>

As reported to you twice in the past week, Postfix logs to your syslog
daemon.
It will basically only send the facility, level and message.
It does not choose what to do with it.

Some syslog daemons, such as syslog-ng, can log to a database.
This is beyond the scope of this list and you should really find support
for your syslog daemon or, perhaps, your OS vendor.

Brian

postfix log

[Amira Othman]

Hi all

Is it possible to have postfix log to be written in database instead of
file? If it's not possible could I copy some information out of log file and
then insert them in database? 

 

regards

Re: statistics tool for postfix log files

[Simon Deziel]

On 10/28/2011 02:23 PM, James Seymour wrote:
> On Fri, 28 Oct 2011 13:17:12 +0200
> wei...@dfbnet.org wrote:
> 
>> Hi all,
> [snip]
>>
>> I read about mailgraph and pflogsumm but these stats are not
>> as  detailed as i try to have.
> 
> You want *more* detail than Pflogsumm gives?  Wow.  Most people have
> been pestering me to *reduce* it.
> 
> On Fri, 28 Oct 2011 13:01:48 -0500
> Stan Hoeppner  wrote:
> 
>> You may want to try logwatch as
>> well since it's still actively developed/supported, whereas pflogsumm
>> is not, IIRC.
>>
> 
> It hasn't actually *needed* active development for a while, as far as I
> know.  I address bug reports as they come up.  I do have a new version
> that's been waiting for me to push it out for a while.  So, depending
> upon how you define "actively": You may or may not be correct ;)
> 
> Somebody recently asked if I wanted a patch to support postscreen, but
> I've been too busy/distracted to even reply to him, yet.

First of all, thank you for this great piece of software that is very
useful. If you ever consider to add postscreen support one day, that
would be even better. I'm sure that would please many folks, me first :)

Simon

Re: statistics tool for postfix log files

[James Seymour]

On Fri, 28 Oct 2011 13:17:12 +0200
wei...@dfbnet.org wrote:

> Hi all,
[snip]
> 
> I read about mailgraph and pflogsumm but these stats are not
> as  detailed as i try to have.

You want *more* detail than Pflogsumm gives?  Wow.  Most people have
been pestering me to *reduce* it.

On Fri, 28 Oct 2011 13:01:48 -0500
Stan Hoeppner  wrote:

> You may want to try logwatch as
> well since it's still actively developed/supported, whereas pflogsumm
> is not, IIRC.
> 

It hasn't actually *needed* active development for a while, as far as I
know.  I address bug reports as they come up.  I do have a new version
that's been waiting for me to push it out for a while.  So, depending
upon how you define "actively": You may or may not be correct ;)

Somebody recently asked if I wanted a patch to support postscreen, but
I've been too busy/distracted to even reply to him, yet.

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at .

Re: statistics tool for postfix log files

[Stan Hoeppner]

On 10/28/2011 6:17 AM, wei...@dfbnet.org wrote:
> Hi all,
> 
> I try to create statistics for my postfix mailserver for reporting
> puposes. I have different virtual domains on in and do mail routing
> for customers.
> 
> I want to see which servers connect to deliver, how many mails
> are send to which reciepients / domains, how many are send from these
> users / domains.
> 
> Are there any tools out there?
> 
> I read about mailgraph and pflogsumm but these stats are not
> as  detailed as i try to have.

At maximum detail level pflogsumm will show every smtp transaction in
non trivial detail.  I'd guess you aren't using maximum detail level.
That, or you actually mean something other than "detailed" above.

Is information that you need missing from the reports?  Or is it simply
not in the format you desire?  You may want to try logwatch as well
since it's still actively developed/supported, whereas pflogsumm is not,
IIRC.

-- 
Stan

Re: statistics tool for postfix log files

[Leslie León Sinclair]

PFlogsumm could help you, there is a nice tutorial in [1], combined with 
and mailgraph, I think is a very good option.


HTH,
Leslie.


[1] 
http://www.howtoforge.com/postfix-monitoring-with-mailgraph-and-pflogsumm-on-debian-lenny


--
/***
*Leslie León Sinclair
*Administrador de Redes
*Facultad de Ingenieria Electrica, CUJAE.
*Calle 114 #11901 e/ Ciclovía y Rotonda
*Marianao 19390, Ciudad de la Habana, Cuba
*Tel: (53 7) 266-3321
*Miembro de GUTL ->  
http://www.ecured.cu/index.php/Grupo_de_Usuarios_de_Tecnolog%C3%ADas_Libres_GUTL
*Another happy Slackware&  Debian GNU/Linux user
*Proud GNU/Linux User #445535 ->  http://counter.li.org/
*Katana yanai, otoko nanda.
/




Participe en Universidad 2012, del 13 al 17 de febrero de 2012.
Habana, Cuba: http://www.congresouniversidad.cu
Consulte la enciclopedia colaborativa cubana. http://www.ecured.cu

Participe en el Segundo Congreso Medio Ambiente Construido y 
Desarrollo Sustentable (MACDES 2011) del 6 al 9 de diciembre de 2011, 
Hotel Nacional, Habana, Cuba: http://macdes.cujae.edu.cu

statistics tool for postfix log files

[weigel]

Hi all,

I try to create statistics for my postfix mailserver for reporting
puposes. I have different virtual domains on in and do mail routing
for customers.

I want to see which servers connect to deliver, how many mails
are send to which reciepients / domains, how many are send from these
users / domains.

Are there any tools out there?

I read about mailgraph and pflogsumm but these stats are not
as  detailed as i try to have.

Regards Helmut


-- 
DFB-Medien GmbH & Co. KG
Otto-Fleck-Schneise 6
60528 Frankfurt

fon: +49 (69) 6788-319
fax: +49 (69) 6788-343
pcfax: +49 (511) 760770 76 - 319
email: helmut.wei...@dfbnet.de
Homepage: www.dfb-medien.de


Hermann-Neuberger-Haus | Otto-Fleck-Schneise 6 | 60528 Frankfurt |
DFB-Medien GmbH & Co. KG | Geschäftsführung: DFB-Medien Verwaltungs-GmbH,
deren Geschäftsführer: Kurt Gärtner, Tilman Walk |Vorsitzender des
Aufsichtsrates: Dr. Theo Zwanziger | HRA 30550 | Registergericht:
Frankfurt

Re: email tracking from postfix log file

[Duane Hill]

Wednesday, June 1, 2011, 3:33:41 AM, Ralf wrote:

> * kshitij mali :
>> Thank u ralf
>> 
>> Can u please give me link for learn regular experssion

> The best book is:
> http://oreilly.com/catalog/9780596002893
> (IMHO of course)

I also use:

  http://www.regular-expressions.info/

-- 
 Duane

Re: email tracking from postfix log file

[postfix]

As perl contains the most complete regular expression implementation, 
you may as well go into the perl tutorial for regular expressions:


http://perldoc.perl.org/index-tutorials.html

suomi

On 2011-06-01 10:31, kshitij mali wrote:

Thank u ralf
Can u please give me link for learn regular experssion
all alway get complex reqirement to track the postfix log more oftenly
which will help
me .
for example 1. how many email got dilver from one intenal user for
certain domain in last 5 hrs
   2. how many email got deliver from one user to
external domains for last 3 week
 etc
Regards,
Kshitij

On Wed, Jun 1, 2011 at 1:27 PM, Ralf Hildebrandt
mailto:ralf.hildebra...@charite.de>> wrote:

* kshitij mali mailto:foreplay...@gmail.com>>:
 > I want to list email send to the domain gmail.com
<http://gmail.com/> how to achive it
 >
 >
 > cat /var/log/maillog | grep -i cleanup | egrep 'to=<*@gmail.com
<http://gmail.com/>'
 >
 > where * = all user of gmail.com <http://gmail.com/> domain i think
 >
 > is the above reular expression is correct ?

No.

egrep 'postfix/cleanup.*to=<.*@gmail.com <http://gmail.com/>>'
/var/log/maillog

--
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebra...@charite.de <mailto:ralf.hildebra...@charite.de> |
http://www.charite.de <http://www.charite.de/>

Re: email tracking from postfix log file

[Ralf Hildebrandt]

* kshitij mali :
> Thank u ralf
> 
> Can u please give me link for learn regular experssion

The best book is:
http://oreilly.com/catalog/9780596002893
(IMHO of course)

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

Re: email tracking from postfix log file

[kshitij mali]

Thank u ralf

Can u please give me link for learn regular experssion
all alway get complex reqirement to track the postfix log more oftenly which
will help
me .

for example 1. how many email got dilver from one intenal user for certain
domain in last 5 hrs
  2. how many email got deliver from one user to external
domains for last 3 week
etc


Regards,
Kshitij

On Wed, Jun 1, 2011 at 1:27 PM, Ralf Hildebrandt <
ralf.hildebra...@charite.de> wrote:

> * kshitij mali :
> > I want to list email send to the domain gmail.com how to achive it
> >
> >
> > cat /var/log/maillog | grep -i cleanup | egrep 'to=<*@gmail.com'
> >
> > where * = all user of gmail.com domain i think
> >
> > is the above reular expression is correct ?
>
> No.
>
> egrep 'postfix/cleanup.*to=<.*@gmail.com>' /var/log/maillog
>
> --
> Ralf Hildebrandt
>  Geschäftsbereich IT | Abteilung Netzwerk
>  Charité - Universitätsmedizin Berlin
>  Campus Benjamin Franklin
>  Hindenburgdamm 30 | D-12203 Berlin
>  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
>  ralf.hildebra...@charite.de | http://www.charite.de
>
>

Re: email tracking from postfix log file

[Ralf Hildebrandt]

* kshitij mali :
> I want to list email send to the domain gmail.com how to achive it
> 
> 
> cat /var/log/maillog | grep -i cleanup | egrep 'to=<*@gmail.com'
> 
> where * = all user of gmail.com domain i think
> 
> is the above reular expression is correct ?

No.

egrep 'postfix/cleanup.*to=<.*@gmail.com>' /var/log/maillog

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de