Filter maillog

Jomeaide · April 1, 2014, 8:22am

Hi,

I need to take them all fields SendTo and ip address from a file maillog

First I look at all emails from containing the empty field.

# zcat /var/log/mail/maillog-20140331.server1.gz  | grep "from=<>"  | awk '{print $6}' > 1.txt

output:

Mar 30 23:31:24 servidor1 postfix/smtpd[22991]: 113936F601: client=correo.mail.es[172.1.1.9]
Mar 30 23:31:24 servidor1 postfix/cleanup[22951]: 113936F601: message-id=<DUB123-W32635AC923EA56AFE20B66CE600@phx.gbl>
Mar 30 23:31:25 servidor1 postfix/qmgr[28523]: 113936F601: from=<>, size=12445186, nrcpt=1 (queue active)
Mar 30 23:31:45 servidor1 postfix/smtp[22981]: 113936F601: to=<mail@yahoo.es>, relay=mx-eu.mail.am0.yahoodns.net[188.125.69.79]:25, delay=21, delays=1.4/0/0.16/19, dsn=2.0.0, status=sent (250 ok dirdel)
Mar 30 23:31:45 servidor1 postfix/qmgr[28523]: 113936F601: removed

I now need to make a return to the last file and based on the message ID information shows email recipient and the source IP.

This is easy if one email.

# zcat /var/log/mail/maillog-20140331.server1.gz  | grep 113936F601: | grep "to="

and

# zcat /var/log/mail/maillog-20140331.servidor1.gz  | grep 113936F601: | grep "client="

With this I would do. But do not do it in one pass for all message ID.

RavinderSingh13 · April 1, 2014, 8:26am

Hello,

Could you please let us know the input and expected output please for same. Also please use code tags for commands as per forum rules.

Thanks,
R. Singh

Jomeaide · April 1, 2014, 8:56am

Sorry, my English is not good. I think I put code tags, and ouput result.

I need to get out IDs of all messages stored in the file 1.txt, performing a search in the maillog file.

Not if I explain well. Sorry.

---------- Post updated at 02:56 PM ---------- Previous update was at 02:36 PM ----------

I've more or less well resolved.

  zgrep -wf 1.txt /var/log/mail/maillog-20140331.server1.gz > 2.txt

And then I filter the fields that interest me. Thanks for everything.