procmail
[Top] [All Lists]

Re: Can I Do this?

2003-07-17 17:30:35
At 18:42 2003-07-17 -0400, Curtis Maurand wrote:

/usr/sbin/sendmail -X /tmp/mailtraffic.txt -bd -q30m

That will log all message traffic through your mailserver.  Then you can
glean that log for the messages your looking for.

I'd have cron job to go through that log fairly often as that log will get very big very fast.

If you were going to do something like this, you may as well write a program to create and process a named pipe (a _file_ which writes into a running program). That way, you wouldn't log nearly so much data - the handler for the named pipe discards anything which isn't related to the watched account, and retains only what is (and could be compressing that as well). This assumes of course that the watched account is mailing through your mail server, and mails "from" predictable addresses.

Unfortunatley (and no small part of why I wouldn't have recommended this), the PID information in the log isn't consistent - sendmail forks during the transactions, so the PIDs change DURING THE SAME MESSAGE HANDLING. Further, Since multiple SMTP events can be occurring at the same time, you can't assume that all the events from one _type_ of event to the next are for the same message, or are the complete transaction for that one message.

So, if you use that "mass logging" facility, keep this in mind.

And yea, it logs like a muther - don't dump it to a critical mount - dump it somewhere that won't cause system failures if it fills up (though, a named pipe is still the best route if you're going to mass log).

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>