On 10/19/2010 09:20 PM, Dom Latter wrote:
[as subject]
On 19/10/10 19:42, Jeroen Geilman wrote:
How does it deal with address rewriting and alias expansion, which is
the routing core of postfix ?
Badly? It's a site-specific script hacked up quickly for my own
purposes.
"timestamp - client IP [hostname] - orig_envelope_from >
orig_envelope_to - Queue ID - final_envelope_from > final_envelope_to -
transport:nexthop - server IP [hostname] - delays"
Here's roughly what I'm doing at the moment:
On the first incoming connection, store the time, ESMTP ID, and
client IP / hostname.
On the first postfix/cleanup, store the message ID.
On the second postfix/cleanup, use the message ID to find the
record, dump the original ESMTP ID and store the new one.
From the amavis record, get from, to, hits, size.
From the outgoing postfix/smtp that matches the ESMTP ID,
get sent status and outgoing relay.
For what I'm doing at the moment I could probably just use
those last two records; but I think I'm also interested in
getting a record of emails that never get as far as amavis.
Can you share the script ?
That's the idea, although it's embarrassingly "beta" at the moment.
I am definitely interested, I wasn't baiting you.
This is a decidedly untrivial task, given the flexibility of logging.
We are currently evaluating Splunk to process logs, but I haven't gotten
very far with it yet.
--
J.
