Re: monitoring outgoing emails

[chaouche yacine]

 
Yes, more specifically you should grep on 'Relay' to avoid other amavis lines 
root@messagerie[10.10.10.19] ~ # grep amavis /var/log/mail.log | grep -v Relay 
| head
Apr  1 06:59:29 messagerie-prep amavis[25741]: starting. /usr/sbin/amavisd-new 
at myhost.mydomain.tld amavisd-new-2.10.1 (20141025), Unicode aware, 
LC_ALL="C", LANG="en_US.UTF-8"
Apr  1 06:59:29 messagerie-prep amavis[25748]: Net::Server: Group Not Defined.  
Defaulting to EGID '116 116'
Apr  1 06:59:29 messagerie-prep amavis[25748]: Net::Server: User Not Defined.  
Defaulting to EUID '109'
Apr  1 06:59:29 messagerie-prep amavis[25748]: Module Amavis::Conf        2.404
Apr  1 06:59:29 messagerie-prep amavis[25748]: Module Archive::Zip        1.39
Apr  1 06:59:29 messagerie-prep amavis[25748]: Module BerkeleyDB          0.54
Apr  1 06:59:29 messagerie-prep amavis[25748]: Module Compress::Raw::Zlib 2.065
Apr  1 06:59:29 messagerie-prep amavis[25748]: Module Compress::Zlib      2.064
Apr  1 06:59:29 messagerie-prep amavis[25748]: Module Crypt::OpenSSL::RSA 0.28
Apr  1 06:59:29 messagerie-prep amavis[25748]: Module DB_File             1.831
root@messagerie[10.10.10.19] ~ #





The only problem is when you have a single mail sent to many recipients, then 
the log line could be split in two, so you wouldn't have all the recipients in 
just one line
Apr  5 14:49:26 messagerie-prep amavis[15005]: (15005-12) Passed CLEAN 
{RelayedInternal}, LOCAL [127.0.0.1]:55954 <x...@mydomain.tld> -> 
<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<xxx@myd...
Apr  5 14:49:26 messagerie-prep amavis[15005]: (15005-12) 
...omain.tld>,<x...@mydomain.tld>, Queue-ID: 946FC640066, Message-ID: 
<x...@mydomain.tld>, mail_id: SdFWN26NSt8A, Hits: 0.516, size: 1783, queued_as: 
D7B1C640068, 299 ms






 



    On Thursday, April 5, 2018, 2:17:23 PM GMT+1, Poliman - Serwis 
<ser...@poliman.pl> wrote:  
 
 I wasn't able to find text "amavis" in log file. I tried production server and 
finally I see it and I know what you suggest me. It looks like:
Apr  5 15:11:56 s1 amavis[26789]: (26789-13) Passed CLEAN {RelayedOutbound}, 
LOCAL [127.0.0.1] <r...@serv1.example.com> -> <s...@domain.com>

Is it the line about which you said?

2018-04-05 14:53 GMT+02:00 chaouche yacine <yacinechaou...@yahoo.com>:

 You didn't say what's wrong the line grepping on amavis ? it should give you 
what you want : one line by sender.


    On Thursday, April 5, 2018, 1:51:28 PM GMT+1, Poliman - Serwis 
<ser...@poliman.pl> wrote:  
 
 I used this script and after comparison result generated by collate.pl and 
mail.log file I think that sending one email gives few lines (generated by 
collate.pl) which one of them include sender email address, in my case it looks 
like in "from=<r...@s1.ubuntu.com>" and one include line "from=<root>". And 
this behavior appears that many times as many emails I will send. To be honest 
I am looking some pattern I could base.

2018-04-05 14:30 GMT+02:00 chaouche yacine <yacinechaou...@yahoo.com>:

 
I was talking about collate.pl
    On Thursday, April 5, 2018, 12:04:45 PM GMT+1, Poliman - Serwis 
<ser...@poliman.pl> wrote:  
 
 Yacine, do you say about collate.pl script or "from=" part from log file? I 
suppose that abotu script. If collate.pl could group by some id, it would be 
nice, because I would have only one line from log dependent from particular 
email sent.

2018-04-05 12:31 GMT+02:00 chaouche yacine <yacinechaou...@yahoo.com>:

No it won't, it will simply group qids together so that you can trace 
individual e-mails, instead of having intermingled log lines from different 
e-mails.



 

    On Thursday, April 5, 2018, 7:10:11 AM GMT+1, Viktor Dukhovni 
<postfix-us...@dukhovni.org> wrote:  
 
 

> On Apr 5, 2018, at 2:07 AM, Poliman - Serwis <ser...@poliman.pl> wrote:
> 
> Using collate.pl script I won't have to count "from=" from mail log, this 
> script merge it, am I right?

Try it and see what you get.  You may need to make some adjustments to the 
regular expressions
depending on how your syslog formats the output, especially the date.

-- 
    Viktor.
  



-- 
Pozdrawiam / Best Regards
Piotr Bracha
  



-- 
Pozdrawiam / Best Regards
Piotr Bracha
  



-- 
Pozdrawiam / Best Regards
Piotr Bracha