Re: Logging - Connect Order

Sun, 30 May 2021 09:05:23 -0700 

On 2021-05-30 at 09:32:03 UTC-0400 (Sun, 30 May 2021 15:32:03 +0200)
Matus UHLAR - fantomas <[email protected]>
is rumored to have said:


On 05-29-2021 1:16 pm, Shawn Heisey wrote:

Adding to the reply from Wietse, which I have to agree with:


On 29.05.21 16:40, [email protected] wrote:
I was just assuming that a connection happens first before postfix could know if the PTR resolves or not. Otherwise how does postfix know a client hostname needs to be checked if it has never connected? 

maybe you could try using postscreen:
http://www.postfix.org/POSTSCREEN_README.html
which will start processing incoming connection before resolving DNS record, 
it's great for stopping spam/bots too.
So following that logic, connection happens, log connection, resolve PTR, log the warning. I did not know that postfix can first know if someone has a valid PTR before they connect. (And still don't understand how)
Now for my purposes in parsing logs, it would have been more convenient for my mouse trap to rely on a new event ALWAYS starting with a connect message since those always happen where as a warning is only sometime. 

more than one mail can be delivered on single connection.
Since it can't be convenient, i have to look for a warning or connect for a new event then treat the connect message different based if there was a previous warning or not.
I think guys here mentioned a script that parsed and reorders matching log 
lines,
unfortunately I forgot its name...


It's named collate.pl, included in the Postfix source distribution:

        sc1:bill$ cat postfix-3.6.0/auxiliary/collate/README
        This script, by Viktor Dukhovni, untangles a Postfix logfile and
        groups the records one "session" at a time based on queue ID and
        process ID information.

        Records from different sessions are separated by an empty line.
        Such text is easy to process with $/="" in perl, or RS="" in awk.

        Usage:
            perl collate.pl file...

        It reads standard input when no file is specified.


--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Reply via email to