Hi all. Im triyng to have some fun building a maillog analizer. My starting point is to locate the emails actually sent via the /var/log/mail
It is correct to look for the expression 'removed$' (that is, the word 'removed' at the end of the line)? That would returns lines like: postfix/qmgr[21861]: 49CAF2A5F12: removed Those would be the files leaving the queue, rigth? After that, having the queue filename, i can do some grep and track the email circuit. Im i guessin right? (i know im reinventing the wheel, this is just for fun) Thanks! Gerardo
