Freebsd – Need help grepping postfix log

freebsdgreploggingpostfix

I'm trying to search for an unknown string (Message ID) in a log based on a known string (recipient address), and then grep the unknown string to output the entire relevant log information. I'm able to use grep and cut to output the unknown string(s), but from there I'm stumped on passing that to grep. I've used a pipe to xargs grep and that is not producing the output I'm looking for. Here is the command I'm using to grep and cut:

grep 'to=<emailaddress' /var/log/maillog | cut -d ' ' -f 6

This produces output of all the unknown strings for messages processed by Postfix for emailaddress. When I pipe to xargs I receive "grep: : No such file or directory:

grep 'to=<emailaddress' /var/log/maillog | cut -d ' ' -f 6 | xargs grep /var/log/maillog

Thanks for your help.

Best Answer

I've been playing around a bit with my own mail logs. Try

grep 'to=<emailaddress' /var/log/maillog | cut -d ' ' -f 6 | grep -f - /var/log/maillog

The -f - will read the list of strings to search for from stdin.

Related Solutions

Freebsd 8 mail log status, what do these mean

The status value itself isn't as valuable as the data in parenthesis that directly follows it, which gives a better description of what's going on.

"Message queued for delivery" - This means the transaction between your server and the target server has yet to transpire for that particular message, this usually means something just sent the message, and your SMTP server is acknowledging it's existence

"Message Accepted" - This means the destiantion server acknowledges that the message has been received on it's end. (It doesn't indicate read)

"Bounced" - This typically means that something went wrong - either the email was rejected from the target email server because the email address didn't exist, OR it could be rejected due to being on an RBL. This also means the email will NOT be delivered, nor handled anymore by the server. AKA: The message is dead in the water.

"Deferred" - This means that something temporary has happened to cause the message to not be delivered, but the server (yours) hasn't given up and will try again later. This is also common to see when the target SMTP server uses an anti-spam technique known as 'greylisting'.

Other things, here's an example of a log line from my mail.log:

postfix/qmgr[32131]: 3858792A80: from=<foo@domain.com>, size=757, nrcpt=1 (queue active)
postfix/smtp[32135]: 3858792A80: to=<foo@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.91.27]:25], delay=8, delays=8/0.01/0.4/1.5, dsn=2.0.0, status=sent (250 2.0.0 OK
 1307169606 6si4629303qcd.120)

relay=gmail-smtp-in.l.google.com[74.125.91.27]:25] = Target SMTP server for the 'to' email address

delays=0.08/0.01/0.4/1.5 =

0.08s = time from message arrival to last active queue entry

0.01s = time from last active queue entry to connection setup

0.4s = time to negotiate connection (EHLO, etc)

1.5s = time spent transferring entire message

A good way to learn is to simply tail your mail log and send emails in various ways - watch what happens when you send to bad accounts; or to a server that uses greylisting. block the outbound port and send one.

Why is OpenDKIM not signing and verifying the emails? (CentOS 6.5, Postfix & OpenDKIM)

For verifying email, you must set mode parameter in opendkim.conf as sv (s means signing, v means verifying). By default it will verifying all emails coming from outside InternalHosts.

In your current config, you just signing the message coming from InternalHosts.

Best Answer

Related Solutions

Freebsd 8 mail log status, what do these mean

Why is OpenDKIM not signing and verifying the emails? (CentOS 6.5, Postfix & OpenDKIM)

Related Topic