I have a problem with filtering log of postfix in /var/log/maillog.
I do a command cat maillog | grep bounced | grep said and filtering which mails didn't sent and reason of its like this:
Nov 10 10:48:40 host-10-190-10-26 postfix/smtp[7075]: 7AF986C13: to=, relay=gmail-smtp-in.l.google.com
[74.125.28.26]:25, delay=2.1, delays=0.04/0/1.9/0.2, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.28.26] said:
550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address
for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596
wv1si15262329pab.224 - gsmtp (in reply to RCPT TO command)) Nov 13 10:47:28 host-10-190-10-26 postfix/smtp[28250]: B0D491E80: to=, relay=gmail-smtp-in.l.google.com
[74.125.20.27]:25, delay=3, delays=0.02/0.02/2.8/0.23, dsn=5.1.1, status=bounced (host gmail-smtp-in.l.google.com[74.125.20.27] said:
550-5.1.1 The email account that you tried to reach does not exist. Please try 550-5.1.1 double-checking the recipient's email address
for typos or 550-5.1.1 unnecessary spaces. Learn more at 550 5.1.1 http://support.google.com/mail/bin/answer.py?answer=6596
ce9si24575145pdb.68 - gsmtp (in reply to RCPT TO command)) Nov 13 10:49:41 host-10-190-10-26 postfix/smtp[28278]: 525811E80: to=, relay=www.haha.com[140.174.93.116]:25, delay=7.2,
delays=0.05/0.01/6.6/0.53, dsn=5.3.0, status=bounced (host www.haha.com[140.174.93.116] said: 553 5.3.0 ... User unknown
(in reply to RCPT TO command))
and now I need to export the following fields: to and said: into a file with 2 columm
Someone help me or give a some idea.
something like this?
grep status=bounced /var/log/mail.log | sed -e 's/.*to=<//g' -e 's/>,.*said://g'
Update: not quite sure what you mean by "something that has columns", but i modified it so it is separated by semicolons. That should make it easy to import into any office-app (like MS Excel)
grep status=bounced /var/log/mail.log | sed -e 's/.*to=<//g' -e 's/\(.*\)>,.*said:\ /\1;/g' > bounced_mail.csv
Please mark the answer as useful if you like it.
2nd Update: off the top of my head, a fast and dirty solution (not tested in ANY way!!)
paste the code above into an executable shellscript
delete the line /var/log/maillog from /etc/logrotate.d/syslog
create a new file /etc/logrotate.d/postfix
with the following content:
/var/log/maillog {
prerotate
/path/to/shellscript.sh > /path/to/outputfile-$(date +%Y%m%d).txt 2> /dev/null
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
Please beware, that you should test that thoroughly!