Gautam's Blog

Welcome to my research blog.

[hmmm, without posting this placeholder post, I could not get "research" subcategories to be visible. I should report this to wordpress. This is a great blogging software in comparison to numerous others I had tried.]

The maillog has multiple entries for a single mail that has been received. When a mail is received, the mail is put into the queue and an entry is made in the maillog with a queue id. To check if the mail is spam, the message is removed from the queue and checked. Upon determination that it is not spam, it is put back into the queue with a different queue id. There are other parameters that determine that the mail has been verified. The mail is now delivered to the end user. There would be more entries if there are additional entries if there are multiple receivers or when an email id is forwarded. each time, the assigned queue id is different.

One of the best (and modifiable) postfix maillog parser is pflogsumm http://jimsun.linxnet.com/postfix_contrib.html. Written in Perl, it analyzes the logs and provides an incredible amount of detail.However, I had to modified the code to parse the logs to provide an output in the following format:
[status] [time] [sender] [receiver] [reason].

This can be put in crontab so that it is run at midnight to provide the analysis of the maillog for the day. In case you are having trouble with postfix logs and its configuration: visit: http://www.onlamp.com/pub/a/onlamp/2004/01/22/postfix.html