4

I have a problem with filtering log of postfix in /var/log/maillog.

I do a command cat maillog | grep bounced | grep said and filtering which mails didn't sent and reason of its like this:

Nov 10 10:48:40 host-10-190-10-26 postfix/smtp[7075]: 7AF986C13: to=, relay=gmail-smtp-in.l.google.com

[74.125.28.26]:25, delay=2.1, delays=0.04/0/1.9/0.2, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.28.26] said:

550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address

for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596

wv1si15262329pab.224 - gsmtp (in reply to RCPT TO command)) Nov 13 10:47:28 host-10-190-10-26 postfix/smtp[28250]: B0D491E80: to=, relay=gmail-smtp-in.l.google.com

[74.125.20.27]:25, delay=3, delays=0.02/0.02/2.8/0.23, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.20.27] said:

550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address

for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596

ce9si24575145pdb.68 - gsmtp (in reply to RCPT TO command)) Nov 13 10:49:41 host-10-190-10-26 postfix/smtp[28278]: 525811E80: to=, relay=www.haha.com[140.174.93.116]:25, delay=7.2,

delays=0.05/0.01/6.6/0.53, dsn=5.3.0, status=bounced (host www.haha.com[140.174.93.116] said: 553 5.3.0 ... User unknown

(in reply to RCPT TO command))

and now I need to export the following fields: to and said: into a file with 2 columm

Someone help me or give a some idea.

Jin
  • 81
  • 1
  • 1
  • 10

2 Answers2

9

something like this?

grep status=bounced /var/log/mail.log | sed -e 's/.*to=<//g' -e 's/>,.*said://g'

Update: not quite sure what you mean by "something that has columns", but i modified it so it is separated by semicolons. That should make it easy to import into any office-app (like MS Excel)

grep status=bounced /var/log/mail.log | sed -e 's/.*to=<//g' -e 's/\(.*\)>,.*said:\ /\1;/g' > bounced_mail.csv

Please mark the answer as useful if you like it.

2nd Update: off the top of my head, a fast and dirty solution (not tested in ANY way!!)

  1. paste the code above into an executable shellscript

  2. delete the line /var/log/maillog from /etc/logrotate.d/syslog

  3. create a new file /etc/logrotate.d/postfix

with the following content:

/var/log/maillog {
prerotate
    /path/to/shellscript.sh > /path/to/outputfile-$(date +%Y%m%d).txt 2> /dev/null
postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript 
}

Please beware, that you should test that thoroughly!

r_3
  • 480
  • 2
  • 6
  • OMG thank you r_3, that's exactly what I'd love to see. Can you help me export the result into a file with 2 columms, 1 for to and another for said. Thank you so much!!!!!!! – Jin Nov 21 '14 at 02:13
  • Thank you, r_c! But I have a problem now, the mail server have created mail every 7 week with format: maillog (today log) maillog-20141109 maillog-20141116 maillog-20141122 ... so I want to set a cron job to export the log of the nearest time of today one, mean that if mail server create a maillog today, I need to export the log of yesterday. – Jin Nov 24 '14 at 03:10
2

I have created a Perl script: https://github.com/brablc/postfix-tools/blob/master/pflogrep

You can use is as grep:

pflogrep infractor@example.com /var/log/maillog

Or you can feed the output to pflogsumm and get nice statistics:

pflogrep infractor@example.com /var/log/maillog | pflogsumm
brablc
  • 1,621
  • 18
  • 17