At 18:42 2003-07-17 -0400, Curtis Maurand wrote:
/usr/sbin/sendmail -X /tmp/mailtraffic.txt -bd -q30m
That will log all message traffic through your mailserver. Then you can
glean that log for the messages your looking for.
I'd have cron job to go through that log fairly often as that log will get
very big very fast.
If you were going to do something like this, you may as well write a
program to create and process a named pipe (a _file_ which writes into a
running program). That way, you wouldn't log nearly so much data - the
handler for the named pipe discards anything which isn't related to the
watched account, and retains only what is (and could be compressing that as
well). This assumes of course that the watched account is mailing through
your mail server, and mails "from" predictable addresses.
Unfortunatley (and no small part of why I wouldn't have recommended this),
the PID information in the log isn't consistent - sendmail forks during the
transactions, so the PIDs change DURING THE SAME MESSAGE
HANDLING. Further, Since multiple SMTP events can be occurring at the same
time, you can't assume that all the events from one _type_ of event to the
next are for the same message, or are the complete transaction for that one
So, if you use that "mass logging" facility, keep this in mind.
And yea, it logs like a muther - don't dump it to a critical mount - dump
it somewhere that won't cause system failures if it fills up (though, a
named pipe is still the best route if you're going to mass log).
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
procmail mailing list