Loading ...
Sorry, an error occurred while loading the content.

Add a log line in postfix logs

Expand Messages
  • Abhijeet Rastogi
    Hi all, How flexible is postfix-2.8.7 to add one more log line in logs. My requirement is to have a line which will contain queueid , form , to & subject
    Message 1 of 7 , Apr 23, 2013
    • 0 Attachment
      Hi all,

      How flexible is postfix-2.8.7 to add one more log line in logs.

      My requirement is to have a line which will contain "queueid", "form",
      "to" & "subject" header in the same log line.

      If I add in header_checks a line like:

      /^to:/ WARN

      I get what I want but it also adds other stuff like "proto", "helo"
      etc which I don't want. I want logs to be as clean as possible. Is
      there a way I can accomplish this?

      --
      Regards,
      Abhijeet Rastogi (shadyabhi)
      http://blog.abhijeetr.com
    • Reindl Harald
      ... the problem is that the specific lines are from different processes and stages of the mail-flow
      Message 2 of 7 , Apr 23, 2013
      • 0 Attachment
        Am 23.04.2013 16:40, schrieb Abhijeet Rastogi:
        > How flexible is postfix-2.8.7 to add one more log line in logs.
        >
        > My requirement is to have a line which will contain "queueid", "form",
        > "to" & "subject" header in the same log line

        the problem is that the specific lines are from different processes
        and stages of the mail-flow
      • /dev/rob0
        ... How does that line get you the Subject: header? It does not. You might use this: /^Subject:/ WARN And that would show everything you listed above, albeit
        Message 3 of 7 , Apr 23, 2013
        • 0 Attachment
          On Tue, Apr 23, 2013 at 08:10:19PM +0530, Abhijeet Rastogi wrote:
          > How flexible is postfix-2.8.7 to add one more log line in logs.
          >
          > My requirement is to have a line which will contain "queueid",
          > "form", "to" & "subject" header in the same log line.
          >
          > If I add in header_checks a line like:
          >
          > /^to:/ WARN
          >
          > I get what I want but it also adds other stuff like "proto",

          How does that line get you the Subject: header? It does not. You
          might use this:

          /^Subject:/ WARN

          And that would show everything you listed above, albeit not the
          To/From headers: this would show the envelope sender and one of
          [possibly numerous] envelope recipients. If the desire is to log
          message content (that is, multiple headers), note from this link,
          Postfix cannot do this natively:

          http://www.postfix.org/BUILTIN_FILTER_README.html#limitations

          > "helo" etc which I don't want. I want logs to be as clean as
          > possible. Is there a way I can accomplish this?

          What information is logged is not configurable. Write a script to
          clean up the logs before you look at them. :)
          --
          http://rob0.nodns4.us/ -- system administration and consulting
          Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
        • Abhijeet Rastogi
          Hi, Thanks all for your reply. I mistyped /^to:/ (actually it was Subject only) because I was testing with ways to display from and to (my original
          Message 4 of 7 , Apr 23, 2013
          • 0 Attachment
            Hi,

            Thanks all for your reply. I mistyped "/^to:/" (actually it was
            Subject only) because I was testing with ways to display "from" and
            "to" (my original intent) in logs and WARN was not getting executed
            when email had no Subject.

            Regarding the argument that they all come from different parts of
            postfix, I'm already getting all these in one line if I use
            appropriate regex in check_headers. I was just hoping if I could
            remove the noise.

            So, the best way to display "from", "to" and "queueid" in the same
            line is, I guess using "/^to:/" in check_headers. Because there won't
            be a message which won't contain "to" header. But, I'm not comfortable
            with doing that because then I'll have duplicate information in one
            line. ("to" header's value will come two times)

            On Tue, Apr 23, 2013 at 9:10 PM, /dev/rob0 <rob0@...> wrote:
            > On Tue, Apr 23, 2013 at 08:10:19PM +0530, Abhijeet Rastogi wrote:
            >> How flexible is postfix-2.8.7 to add one more log line in logs.
            >>
            >> My requirement is to have a line which will contain "queueid",
            >> "form", "to" & "subject" header in the same log line.
            >>
            >> If I add in header_checks a line like:
            >>
            >> /^to:/ WARN
            >>
            >> I get what I want but it also adds other stuff like "proto",
            >
            > How does that line get you the Subject: header? It does not. You
            > might use this:
            >
            > /^Subject:/ WARN
            >
            > And that would show everything you listed above, albeit not the
            > To/From headers: this would show the envelope sender and one of
            > [possibly numerous] envelope recipients. If the desire is to log
            > message content (that is, multiple headers), note from this link,
            > Postfix cannot do this natively:
            >
            > http://www.postfix.org/BUILTIN_FILTER_README.html#limitations
            >
            >> "helo" etc which I don't want. I want logs to be as clean as
            >> possible. Is there a way I can accomplish this?
            >
            > What information is logged is not configurable. Write a script to
            > clean up the logs before you look at them. :)
            > --
            > http://rob0.nodns4.us/ -- system administration and consulting
            > Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:



            --
            Regards,
            Abhijeet Rastogi (shadyabhi)
            http://blog.abhijeetr.com
          • Abhijeet Rastogi
            I missed one thing. I can t even use to: as it s not a required header. So, I thought of using Received; header. That ll work most of the times but then
            Message 5 of 7 , Apr 23, 2013
            • 0 Attachment
              I missed one thing. I can't even use "to:" as it's not a required
              header. So, I thought of using "Received;" header. That'll work most
              of the times but then there is another issue now.

              Doc says that:

              Each message header or message body line is compared
              against a list of patterns. When a match is found the
              corresponding action is executed, and the matching process
              is repeated for the next message header or message body
              line.

              So, if I add this regex at the top, there will be a case where further
              header checks will be missed. If I add it at the bottom, there is a
              possibility that it'll never be matched.

              So, what exactly is the solution now? My sole requirement is getting
              "queueid", "from" and "to" in the same log line. Getting other headers
              is just a secondary thing.


              On Tue, Apr 23, 2013 at 10:24 PM, Abhijeet Rastogi
              <abhijeet.1989@...> wrote:
              > Hi,
              >
              > Thanks all for your reply. I mistyped "/^to:/" (actually it was
              > Subject only) because I was testing with ways to display "from" and
              > "to" (my original intent) in logs and WARN was not getting executed
              > when email had no Subject.
              >
              > Regarding the argument that they all come from different parts of
              > postfix, I'm already getting all these in one line if I use
              > appropriate regex in check_headers. I was just hoping if I could
              > remove the noise.
              >
              > So, the best way to display "from", "to" and "queueid" in the same
              > line is, I guess using "/^to:/" in check_headers. Because there won't
              > be a message which won't contain "to" header. But, I'm not comfortable
              > with doing that because then I'll have duplicate information in one
              > line. ("to" header's value will come two times)
              >
              > On Tue, Apr 23, 2013 at 9:10 PM, /dev/rob0 <rob0@...> wrote:
              >> On Tue, Apr 23, 2013 at 08:10:19PM +0530, Abhijeet Rastogi wrote:
              >>> How flexible is postfix-2.8.7 to add one more log line in logs.
              >>>
              >>> My requirement is to have a line which will contain "queueid",
              >>> "form", "to" & "subject" header in the same log line.
              >>>
              >>> If I add in header_checks a line like:
              >>>
              >>> /^to:/ WARN
              >>>
              >>> I get what I want but it also adds other stuff like "proto",
              >>
              >> How does that line get you the Subject: header? It does not. You
              >> might use this:
              >>
              >> /^Subject:/ WARN
              >>
              >> And that would show everything you listed above, albeit not the
              >> To/From headers: this would show the envelope sender and one of
              >> [possibly numerous] envelope recipients. If the desire is to log
              >> message content (that is, multiple headers), note from this link,
              >> Postfix cannot do this natively:
              >>
              >> http://www.postfix.org/BUILTIN_FILTER_README.html#limitations
              >>
              >>> "helo" etc which I don't want. I want logs to be as clean as
              >>> possible. Is there a way I can accomplish this?
              >>
              >> What information is logged is not configurable. Write a script to
              >> clean up the logs before you look at them. :)
              >> --
              >> http://rob0.nodns4.us/ -- system administration and consulting
              >> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
              >
              >
              >
              > --
              > Regards,
              > Abhijeet Rastogi (shadyabhi)
              > http://blog.abhijeetr.com



              --
              Regards,
              Abhijeet Rastogi (shadyabhi)
              http://blog.abhijeetr.com
            • Wietse Venema
              ... The docs also say that header_checks are not a content management tool. Their purpose is to stop a burst of virus/worm/backscatter mail with
              Message 6 of 7 , Apr 23, 2013
              • 0 Attachment
                Abhijeet Rastogi:
                > I missed one thing. I can't even use "to:" as it's not a required
                > header. So, I thought of using "Received;" header. That'll work most
                > of the times but then there is another issue now.
                >
                > Doc says that:
                >
                > Each message header or message body line is compared
                > against a list of patterns. When a match is found the
                > corresponding action is executed, and the matching process
                > is repeated for the next message header or message body
                > line.
                >
                > So, if I add this regex at the top, there will be a case where further
                > header checks will be missed. If I add it at the bottom, there is a
                > possibility that it'll never be matched.
                >
                > So, what exactly is the solution now? My sole requirement is getting
                > "queueid", "from" and "to" in the same log line. Getting other headers
                > is just a secondary thing.

                The docs also say that header_checks are not a content management
                tool. Their purpose is to stop a burst of virus/worm/backscatter
                mail with easy-to-recognize signatures.

                If you need access to random message content, look for a Milter,
                or for an SMTP-based A/V filter that can log such information for
                you.

                Wietse
              • DTNX Postmaster
                ... Parse the logs, or write/use an external program that integrates with Postfix as a policy daemon, and writes to the logs what you need. For details, see;
                Message 7 of 7 , Apr 23, 2013
                • 0 Attachment
                  On Apr 23, 2013, at 19:23, Abhijeet Rastogi <abhijeet.1989@...> wrote:

                  > So, what exactly is the solution now? My sole requirement is getting
                  > "queueid", "from" and "to" in the same log line. Getting other headers
                  > is just a secondary thing.

                  Parse the logs, or write/use an external program that integrates with
                  Postfix as a policy daemon, and writes to the logs what you need.

                  For details, see;

                  http://www.postfix.org/SMTPD_POLICY_README.html

                  Note that this will get you the data from the envelope, which may not
                  be the same as the actual headers. If you need the headers, you'll need
                  to turn to content inspection;

                  http://www.postfix.org/CONTENT_INSPECTION_README.html

                  Or possibly a combination of both.

                  HTH,
                  Jona
                Your message has been successfully submitted and would be delivered to recipients shortly.