256290Re: Log analysis
- Aug 2, 2009Martina Tomisova a écrit :
>each recipient will be in its own log line when the message is delivered.
> So this single message will be send to the given number of recipients,
> right?. Well but there is no list of them in the log.
> My problem is thatgrep for the QUEUEID will show you other log lines. some of these will
> there is for example 390 recipients. This line has some queue ID, sender
> and nrcpt. And there are only for example 3 lines following with the
> same queue ID containing 3 recipients. Where are the others? It doesn't
> make sense...
include the Message-Id. The Message-Id can also be used to find other
related log lines.
> In other words:The message is in the queue. use postcat -q to see its content
> There is a line like that one:
>> Jul 23 07:26:23 server postfix/qmgr: AEE706A60B5:
> from=<sender@... <mailto:sender@...>>, size=1707076,
> nrcpt=390 (queue active)
> Then there three lines containing the queue ID AEE706A60B5 like this one:
>> Jul 23 07:26:26 server postfix/smtp: AEE706A60B5:
> to=<reciever@... <mailto:reciever@...>>, relay=none,
> delay=148458, delays=148455/0.02/3/0, dsn=4.4.1, status=deferred
> (connect to another.org <http://another.org>[184.108.40.206]:25: No route
> to host)
(including the list of recipients). I'll leave it to you to make sure
that there are no PRIVACY issues.
PS. When posting from gmail, please hit the TEXT button. Otherwise, your
logs are hard to read (see the "<mailto:..." thing above?)
> And that's all. This queue ID is then used after more then one hour and
> it starts by line containing from=.... Where is the rest of recipients?
> Is it just not listed or there are only 3 recipients? That's why I'm
> confused whether the nrcpt realy means the number of recipients for this
> single message.
> Why I do this analysis is that I need to know whether this guy sends a
> spam or not... And I have to be sure about my conclusion. :)
- << Previous post in topic Next post in topic >>