On 12/12/2017 10:56 AM, Alex wrote: > Hi, > > Following up with my own email, I'd also like to generate a list of > all accounts that have sent an email with greater than ten recipients, > but this information doesn't appear to be available in one line: > > Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: connect from > unknown[13.82.28.69] > Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: Anonymous TLS > connection established from unknown[13.82.28.69]: TLSv1.1 with cipher > ECDHE-RSA-AES256-SHA (256/256 bits) > Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: 9D14386956765: > client=unknown[13.82.28.69], sasl_method=login, sasl_username=alice > Dec 11 23:59:17 mail postfix/submission/smtpd[13636]: disconnect from > unknown[13.82.28.69] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 > quit=1 commands=8 > > Is there a more convenient way to represent this information, or is it > necessary to build something that parses multiple lines and somehow > associates the IP with data from other lines?
A policy service can log the requested information. -- Noel Jones
