[Postfixbuch-users] Suchtools für maillog

[Henning Nelihsen]

Am 01.12.2010 um 17:42 schrieb Jogie at quantentunnel.de:

>> FROM='local at domain.tld'; \
>> awk '/from=<'$FROM'>/ { QUID = $6; getline; while ($6 != QUID) \
>> { getline; if ( $6 == QUID ) { sub(/^to=</,"",$7); sub(/>,$/,"",$7); \
>> printf "%s %s %s %s -> %s\n", $1, $2, $3, "'"$FROM"'", $7 } } \
>> next }' /var/log/maillog
>> 
>> Sieht komisch aus, ist aber so :)
>> Einfach mal ausprobieren.
> 
> Vielen Dank. funktioniert prima. Wo/Wie lernt man sowas? :)
> Gruß aus Berlin,
> 
> 
> Jörg
> 


maillogconvert.pl ist auch sehr schön - wird bei awstats mitgeliefert:
http://awstats.sourceforge.net/docs/awstats_tools.html

[…]
# 1 Mail fromuser at aol.com -> touser at toserver.com, forward touser at toserver.com -> touser at mainserver.com 
Jan 01 07:27:31 apollon postfix/smtpd[1684]: connect from remt30.cluster1.charter.net[209.225.8.40] 
Jan 01 07:27:32 apollon postfix/smtpd[1684]: 2BC793B8A4: client=remt30.cluster1.charter.net[209.225.8.40] 
Jan 01 07:27:32 apollon postfix/cleanup[1687]: 2BC793B8A4: message-id=<36027278 at vneka> 
Jan 01 07:27:32 apollon postfix/qmgr[13860]: 2BC793B8A4: from=, size=2130, nrcpt=1 (queue active) 
Jan 01 07:27:32 apollon postfix/smtpd[1684]: disconnect from remt30.cluster1.charter.net[209.225.8.40] 
Jan 01 07:27:38 apollon postfix/local[1689]: 2BC793B8A4: to=, orig_to=, relay=local, delay=6, status=sent ("|/usr/bin/procmail") 
# 2 Reject: 450 
Jan 01 14:05:44 apollon postfix/smtpd[2114]: connect from baby.mainframe.nl[81.29.4.2] 
Jan 01 14:05:44 apollon postfix/smtpd[2114]: E0C9D3BD9A: client=baby.mainframe.nl[81.29.4.2] 
Jan 01 14:05:44 apollon postfix/smtpd[2114]: E0C9D3BD9A: reject: RCPT from baby.mainframe.nl[81.29.4.2]: 450 : User unknown in local recipient table; from=<> to= proto=ESMTP helo= 
Jan 01 14:10:16 juni postfix/smtpd[2568]: C34ED1432B: reject: RCPT from relay2.tp2rc.edu.tw[163.28.32.177]: 450 : User unknown in local recipient table; from=<> proto=ESMTP helo= 
# 1 From unknown 
Jan 01 15:17:05 apollon postfix/smtpd[29866]: connect from tomts12.bellnexxia.net[209.226.175.56] 
Jan 01 15:17:05 apollon postfix/smtpd[29866]: 578093B8B5: client=tomts12.bellnexxia.net[209.226.175.56] 
Jan 01 15:17:05 apollon postfix/cleanup[28931]: 578093B8B5: message-id=<20030905131913.EOVH11393.tomts12-srv.bellnexxia.net at tomts12-srv> 
Jan 01 15:17:06 apollon postfix/qmgr[965]: 578093B8B5: from=<>, size=109367, nrcpt=1 (queue active) 
Jan 01 15:17:06 apollon postfix/local[32432]: 578093B8B5: to=, orig_to=, relay=local, delay=1, status=sent ("|/usr/bin/procmail") 
Jan 01 15:17:06 apollon postfix/smtpd[29866]: disconnect from tomts12.bellnexxia.net[209.226.175.56] 

will give a file that looks like this: 

2004-01-01 07:27:38 fromuser at aol.com touser at toserver.com remt30.cluster1.charter.net localhost SMTP - 1 2130 
2004-01-01 14:05:44 <> touser2 at toserver.com baby.mainframe.nl - SMTP - 450 0 
2004-01-01 14:10:16 <> unknownuser at unknownserver.com relay2.tp2rc.edu.tw - SMTP - 450 0 
2004-01-01 15:17:06 <> touser at toserver.com tomts12.bellnexxia.net localhost SMTP - 1 109367 


-- 
Gruss, Henning