Loading ...
Sorry, an error occurred while loading the content.

256290Re: Log analysis

Expand Messages
  • mouss
    Aug 2, 2009
      Martina Tomisova a écrit :
      > So this single message will be send to the given number of recipients,
      > right?. Well but there is no list of them in the log.

      each recipient will be in its own log line when the message is delivered.

      > My problem is that
      > there is for example 390 recipients. This line has some queue ID, sender
      > and nrcpt. And there are only for example 3 lines following with the
      > same queue ID containing 3 recipients. Where are the others? It doesn't
      > make sense...

      grep for the QUEUEID will show you other log lines. some of these will
      include the Message-Id. The Message-Id can also be used to find other
      related log lines.

      > In other words:
      > There is a line like that one:
      >> Jul 23 07:26:23 server postfix/qmgr[2580]: AEE706A60B5:
      > from=<sender@... <mailto:sender@...>>, size=1707076,
      > nrcpt=390 (queue active)
      > Then there three lines containing the queue ID AEE706A60B5 like this one:
      >> Jul 23 07:26:26 server postfix/smtp[30943]: AEE706A60B5:
      > to=<reciever@... <mailto:reciever@...>>, relay=none,
      > delay=148458, delays=148455/0.02/3/0, dsn=4.4.1, status=deferred
      > (connect to another.org <http://another.org>[]:25: No route
      > to host)

      The message is in the queue. use postcat -q to see its content
      (including the list of recipients). I'll leave it to you to make sure
      that there are no PRIVACY issues.

      PS. When posting from gmail, please hit the TEXT button. Otherwise, your
      logs are hard to read (see the "<mailto:..." thing above?)

      > And that's all. This queue ID is then used after more then one hour and
      > it starts by line containing from=.... Where is the rest of recipients?
      > Is it just not listed or there are only 3 recipients? That's why I'm
      > confused whether the nrcpt realy means the number of recipients for this
      > single message.
      > Why I do this analysis is that I need to know whether this guy sends a
      > spam or not... And I have to be sure about my conclusion. :)
    • Show all 6 messages in this topic