Routing the world

Routing & IT System Administration

Postfix: Extract Internal Message UID, Relayed Server and Remote Message UID from the logs

leave a comment »

If you are an email server admin many times you need to follow the path of a message. This is specially important if you have mail server in “transport mode”.

You can know the Internal Message UID making a simple grep to the logs filtering from and to email addresses. Once you have the Local UID  you want to know if the message was correctly delivered and the Remote Queue ID to assure the message has been delivered to its destination.

Here is a one liners script that gets the logs and process it to get the Local UID, the Remote Queue UID and the Relay Server that accepted the delivery of a email message. If you want to follow one email, you only have to grep the output with your Local UID and you will see the Remote Queue UID and the Relay Server.

for i in `cat /var/log/mail.log | awk '{print $6}' | grep -v 'connect\|disconnect\|warning\|discarding\|NOQUEUE\|lost' | sed 's/://' | awk '{print $0"\t"length($0)}' | awk '$2>=10 {print$1}'` ; do cat /var/log/mail.log | grep $i | grep "queued as" | awk -v VAR=$i '$19>10{print VAR"\t"$19}' | grep -v as | sed 's/)//' | grep -v "relay=127" ; cat /var/log/mail.log | grep $i | grep "accepted for delivery" | awk -v VAR=$i '$15>10{print VAR"\t"$15"\t"$8}' | grep -v as | sed 's/)//' | grep -v "relay=127" ; done

I am sure there is a more elegant and smarter way to do it, and I am sure too that there is a lot of ways to concatenate the awk commands or seds ones but this sentence works.

If you have a heavy loaded Postfix server with very large log files this command is a little bit CPU eater. Use with caution.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: