What command can I use to search sendmail logs for ALL message details involving a specific recipient.
CENTOS 5.x | Sendmail
Occasionally I need to search through sendmail delivery logs to find out what happened to a missing message. This usually involves two (or more) steps:
STEP 1: Search /var/log/maillog for the user's email address. For example grep -i "[email protected]" /var/log/maillog
That usually returns something like this:
Jan 11 07:43:34 server-example sendmail[12732]: p937blksdh3: to=<[email protected]>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=102537, relay=mta.recipientdomain.com. [12.34.56.78], dsn=5.7.1, stat=Service unavailable
STEP 2: I'll then grab the unique message name (in this case p937blksdh3) and search for that. For example: grep -i p937blksdh3 /var/log/maillog
I want to combine steps 1 and 2 into a one-liner and have it automatically perform the same search for other ids. So in a single command, I'd like to do the following:
- Search sendmail maillog for specific string.
- Identify the message-id (in the example above, this was p937blksdh3) for the email. (I'm guessing awk '{print $}' would be used?)
- Search the same log but search for the message id instead (basically grep -i p937blksdh3 /var/log/maillog in the example above)
- Output the results of step 3. Repeat this for other message ids.
You could do something similar to this.
for i in `grep -i "[email protected]" /var/log/maillog | awk '{print $5}'`; do grep -i $i /var/log/maillog; done
This will grep out the line for the user you are looking for, then select the 5th item on the line (seperated by spaces iirc). Then for each message ID in that list, will then grep for the lines containing the message ID's.
If you want to remove the : from the end of the message ID, you can do something like
for i in grep -i "[email protected]" /var/log/maillog | awk '{print $5}' | sed 's/\://
; do grep -i $i /var/log/maillog; done
Hope that helps.
This is not a direct answer to your specific problem (Harry answered that already) but just a thought to plan ahead if you need such information often. Install MIMEDefang and then have the filter_recipient routine log all the information that you need in the format that suits you best.