Le 23/04/2013 21:45, Rolf E. Sonneveld a écrit : > Hi, all > > running Postfix 2.10.0, see for output postconf -n below. > > What I want to achieve is to track and trace a message from first > connection until final delivery, _including the client IP address_ > that enqueued the message. The queue ID is very useful to correlate a > number of log records. However, what I'm not sure about is the following. > > At first connection, I see two log entries like, for example: > > Apr 23 20:26:38 helium postfix-cust1/smtpd[9220]: connect from > D57E1702.static.ziggozakelijk.nl[213.126.23.2]
This log line can generally be ignored. Postfix has a "log facts asap" policy, which results in "more logs than you might want", but when you're in trouble, you'll be happy to get more logs than not enough. Summary: if you write a parser, get the log name (postfix-cust1/smtpd), the pid (9222) and the client name and/or IP. Under normal circumstance, you should see these in another log line (such as the one below). if you see that again, ignore this partiular line. else, warn. > Apr 23 20:26:38 helium postfix-cust1/smtpd[9220]: 3ZwCmG272nz1L8Zd: > client=D57E1702.static.ziggozakelijk.nl[213.126.23.2] here, you have the logname, the pid, the queuid and the clinet IP (and name. but the name may be "unknown"). > > Now, I wonder how unique the ID [9220] (BTW, what's this ID called?) > in the logfile is: the pid is the "unix process id". what is guaranteed is that there may not be two processes with the same pid at a single moment. however, after some time, it is possible that a pid may be used for another process. that said, if you parse postfix logs "sequentially", you probably don't have to care. but don't over-correlate. an smtp transaction doesn't take a week! > can I be sure that, when I want to correlate the sending IP address > with the queue-ID, that this ID [9220] is always unique? I suppose > it's not as it's rather short. If it's not unique, is there another > way to reliably trace a messaging including the client IP address of > the system that sent the message to this Postfix instance?
