Yes, more specifically you should grep on 'Relay' to avoid other amavis lines
root@messagerie[10.10.10.19] ~ # grep amavis /var/log/mail.log | grep -v Relay
| head
Apr 1 06:59:29 messagerie-prep amavis[25741]: starting. /usr/sbin/amavisd-new
at myhost.mydomain.tld amavisd-new-2.10.1 (20141025), Unicode aware,
LC_ALL="C", LANG="en_US.UTF-8"
Apr 1 06:59:29 messagerie-prep amavis[25748]: Net::Server: Group Not Defined.
Defaulting to EGID '116 116'
Apr 1 06:59:29 messagerie-prep amavis[25748]: Net::Server: User Not Defined.
Defaulting to EUID '109'
Apr 1 06:59:29 messagerie-prep amavis[25748]: Module Amavis::Conf 2.404
Apr 1 06:59:29 messagerie-prep amavis[25748]: Module Archive::Zip 1.39
Apr 1 06:59:29 messagerie-prep amavis[25748]: Module BerkeleyDB 0.54
Apr 1 06:59:29 messagerie-prep amavis[25748]: Module Compress::Raw::Zlib 2.065
Apr 1 06:59:29 messagerie-prep amavis[25748]: Module Compress::Zlib 2.064
Apr 1 06:59:29 messagerie-prep amavis[25748]: Module Crypt::OpenSSL::RSA 0.28
Apr 1 06:59:29 messagerie-prep amavis[25748]: Module DB_File 1.831
root@messagerie[10.10.10.19] ~ #
The only problem is when you have a single mail sent to many recipients, then
the log line could be split in two, so you wouldn't have all the recipients in
just one line
Apr 5 14:49:26 messagerie-prep amavis[15005]: (15005-12) Passed CLEAN
{RelayedInternal}, LOCAL [127.0.0.1]:55954 <x...@mydomain.tld> ->
<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<x...@mydomain.tld>,<xxx@myd...
Apr 5 14:49:26 messagerie-prep amavis[15005]: (15005-12)
...omain.tld>,<x...@mydomain.tld>, Queue-ID: 946FC640066, Message-ID:
<x...@mydomain.tld>, mail_id: SdFWN26NSt8A, Hits: 0.516, size: 1783, queued_as:
D7B1C640068, 299 ms
On Thursday, April 5, 2018, 2:17:23 PM GMT+1, Poliman - Serwis
<ser...@poliman.pl> wrote:
I wasn't able to find text "amavis" in log file. I tried production server and
finally I see it and I know what you suggest me. It looks like:
Apr 5 15:11:56 s1 amavis[26789]: (26789-13) Passed CLEAN {RelayedOutbound},
LOCAL [127.0.0.1] <r...@serv1.example.com> -> <s...@domain.com>
Is it the line about which you said?
2018-04-05 14:53 GMT+02:00 chaouche yacine <yacinechaou...@yahoo.com>:
You didn't say what's wrong the line grepping on amavis ? it should give you
what you want : one line by sender.
On Thursday, April 5, 2018, 1:51:28 PM GMT+1, Poliman - Serwis
<ser...@poliman.pl> wrote:
I used this script and after comparison result generated by collate.pl and
mail.log file I think that sending one email gives few lines (generated by
collate.pl) which one of them include sender email address, in my case it looks
like in "from=<r...@s1.ubuntu.com>" and one include line "from=<root>". And
this behavior appears that many times as many emails I will send. To be honest
I am looking some pattern I could base.
2018-04-05 14:30 GMT+02:00 chaouche yacine <yacinechaou...@yahoo.com>:
I was talking about collate.pl
On Thursday, April 5, 2018, 12:04:45 PM GMT+1, Poliman - Serwis
<ser...@poliman.pl> wrote:
Yacine, do you say about collate.pl script or "from=" part from log file? I
suppose that abotu script. If collate.pl could group by some id, it would be
nice, because I would have only one line from log dependent from particular
email sent.
2018-04-05 12:31 GMT+02:00 chaouche yacine <yacinechaou...@yahoo.com>:
No it won't, it will simply group qids together so that you can trace
individual e-mails, instead of having intermingled log lines from different
e-mails.
On Thursday, April 5, 2018, 7:10:11 AM GMT+1, Viktor Dukhovni
<postfix-us...@dukhovni.org> wrote:
> On Apr 5, 2018, at 2:07 AM, Poliman - Serwis <ser...@poliman.pl> wrote:
>
> Using collate.pl script I won't have to count "from=" from mail log, this
> script merge it, am I right?
Try it and see what you get. You may need to make some adjustments to the
regular expressions
depending on how your syslog formats the output, especially the date.
--
Viktor.
--
Pozdrawiam / Best Regards
Piotr Bracha
--
Pozdrawiam / Best Regards
Piotr Bracha
--
Pozdrawiam / Best Regards
Piotr Bracha
