Routing the world

Routing & IT System Administration

Archive for March 2012

Postfix: Extract Internal Message UID, Relayed Server and Remote Message UID from the logs

leave a comment »

If you are an email server admin many times you need to follow the path of a message. This is specially important if you have mail server in “transport mode”.

You can know the Internal Message UID making a simple grep to the logs filtering from and to email addresses. Once you have the Local UID  you want to know if the message was correctly delivered and the Remote Queue ID to assure the message has been delivered to its destination.

Here is a one liners script that gets the logs and process it to get the Local UID, the Remote Queue UID and the Relay Server that accepted the delivery of a email message. If you want to follow one email, you only have to grep the output with your Local UID and you will see the Remote Queue UID and the Relay Server.

for i in `cat /var/log/mail.log | awk '{print $6}' | grep -v 'connect\|disconnect\|warning\|discarding\|NOQUEUE\|lost' | sed 's/://' | awk '{print $0"\t"length($0)}' | awk '$2>=10 {print$1}'` ; do cat /var/log/mail.log | grep $i | grep "queued as" | awk -v VAR=$i '$19>10{print VAR"\t"$19}' | grep -v as | sed 's/)//' | grep -v "relay=127" ; cat /var/log/mail.log | grep $i | grep "accepted for delivery" | awk -v VAR=$i '$15>10{print VAR"\t"$15"\t"$8}' | grep -v as | sed 's/)//' | grep -v "relay=127" ; done

I am sure there is a more elegant and smarter way to do it, and I am sure too that there is a lot of ways to concatenate the awk commands or seds ones but this sentence works.

If you have a heavy loaded Postfix server with very large log files this command is a little bit CPU eater. Use with caution.



Private Cloud, Public Cloud, Hybrid Cloud and Super-Hybrid Cloud

leave a comment »

There is new spanish content in the blog.

Private Cloud, Public Cloud, Hybrid Cloud and Super-Hybrid Cloud


Written by Root

March 4, 2012 at 23:21

%d bloggers like this: