monitoring outgoing emails

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
39 messages Options
12
Reply | Threaded
Open this post in threaded view
|

monitoring outgoing emails

Poliman - Serwis
Hi people. Do you know is there any tool/plugin for monitoring outgoing emails from server with postfix? Maybe postfix has this feature?

--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Wietse Venema
Poliman - Serwis:
> Hi people. Do you know is there any tool/plugin for monitoring outgoing
> emails from server with postfix? Maybe postfix has this feature?

Postfix logs all transactions. I suggest that you look for tools
that analyze Postfix logs.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Matus UHLAR - fantomas
>Poliman - Serwis:
>> Hi people. Do you know is there any tool/plugin for monitoring outgoing
>> emails from server with postfix? Maybe postfix has this feature?

On 28.03.18 09:57, Wietse Venema wrote:
>Postfix logs all transactions. I suggest that you look for tools
>that analyze Postfix logs.

pflogsumm, for example. available in most OS/distribution repositories and
at: http://jimsun.linxnet.com/postfix_contrib.html

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
Thank you, I will check it. I am looking for information which linux user sends email and how many, for example, per hour, day. That would be perfect plugin.

2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
Poliman - Serwis:
Hi people. Do you know is there any tool/plugin for monitoring outgoing
emails from server with postfix? Maybe postfix has this feature?

On 28.03.18 09:57, Wietse Venema wrote:
Postfix logs all transactions. I suggest that you look for tools
that analyze Postfix logs.

pflogsumm, for example. available in most OS/distribution repositories and
at: http://jimsun.linxnet.com/postfix_contrib.html

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

chaouche yacine
I use this line :

tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '(Process_Control|notifications.systemes|PODCAST-|Admin-ch|PUB_CONTROL|@mydomain.tld|[hidden email]' | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\).*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"


This will strip out automatic notifications and give me output like this :

Mar 28 16:25:24  LOCAL [127.0.0.1]:47600 <[hidden email]> -> <[hidden email]>,<[hidden email]>, Hits: -0.999

One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c | sort -n)  pipe machine.





On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Thank you, I will check it. I am looking for information which linux user sends email and how many, for example, per hour, day. That would be perfect plugin.

2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
Poliman - Serwis:
Hi people. Do you know is there any tool/plugin for monitoring outgoing
emails from server with postfix? Maybe postfix has this feature?

On 28.03.18 09:57, Wietse Venema wrote:
Postfix logs all transactions. I suggest that you look for tools
that analyze Postfix logs.

pflogsumm, for example. available in most OS/distribution repositories and
at: http://jimsun.linxnet.com/post fix_contrib.html

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !



--
Pozdrawiam / Best Regards
Piotr Bracha

Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also try changed mydomain.tld to something real)
root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '(Process_Control|notifications.systemes|PODCAST-|Admin-ch|PUB_CONTROL|@mydomain.tld|[hidden email]' | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\).*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
grep: Unmatched ( or \(


I use:
ps -eo user|sort|uniq -c|sort -n
ps -aux | grep {user}
but these commands don't give me what I need in this case.  

2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
I use this line :

tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '(Process_Control|notifications.systemes|PODCAST-|Admin-ch|PUB_CONTROL|@mydomain.tld|rpub@mydomain.tld' | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\).*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"


This will strip out automatic notifications and give me output like this :

Mar 28 16:25:24  LOCAL [127.0.0.1]:47600 <[hidden email]> -> <[hidden email]>,<r.[hidden email]>, Hits: -0.999

One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c | sort -n)  pipe machine.





On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Thank you, I will check it. I am looking for information which linux user sends email and how many, for example, per hour, day. That would be perfect plugin.

2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
Poliman - Serwis:
Hi people. Do you know is there any tool/plugin for monitoring outgoing
emails from server with postfix? Maybe postfix has this feature?

On 28.03.18 09:57, Wietse Venema wrote:
Postfix logs all transactions. I suggest that you look for tools
that analyze Postfix logs.

pflogsumm, for example. available in most OS/distribution repositories and
at: http://jimsun.linxnet.com/post fix_contrib.html

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !



--
Pozdrawiam / Best Regards
Piotr Bracha




--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Olivier Nicole-2
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control|notifications.systemes|PODCAST-|Admin-ch|PUB_CONTROL|@mydomain.tld|[hidden email]'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\).*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control|notifications.systemes|PODCAST-|Admin-ch|PUB_CONTROL|@mydomain.tld|[hidden email]'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\).*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<[hidden email]>, Hits: -0.999
>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
Probably you have right. What should be in part:
@mydomain.tld|rpub@mydomain.tld'
is it some mail to send notifications after pipe?

2018-03-29 7:47 GMT+02:00 Olivier <[hidden email]>:
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control|notifications.systemes|PODCAST-|Admin-ch|PUB_CONTROL|@mydomain.tld|rpub@mydomain.tld'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\).*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control|notifications.systemes|PODCAST-|Admin-ch|PUB_CONTROL|@mydomain.tld|rpub@mydomain.tld'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\).*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<r.[hidden email]>, Hits: -0.999
>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

chaouche yacine
Sorry there was a mistake in the line I gave you, maybe I have edited it before pasting.

Here's a brief explanation along with a "light" version ( you can customize ) :

grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/

     1. grep Relay /var/log/mail.log |
     2. sed  
     3. 's/messagerie-prep amavis.*},//;
     4. s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;
     5. s/Hits:\([^,]\+\).*/Hits:\1/
     6. grep --color=always "$REGX_EMAIL ->"


1. Finding the needle in the haystack.
2. instead of extracting text, we're going to suppress unwanted text.
3. let's get rid of the part that sits between the date and the sender
4. let's get rid of the part that sits between the last recipient and the spam score (Hits)
5. let's get rid of what's after the spam score
6. Finally, we can colorize our output with grep --color=always. The REGEX_EMAIL is : '<[^@<>]*@[^@<>]*\.[^@<>]*>'. This will make the e-mail addresses stand out for a better reading experience.




On Thursday, March 29, 2018, 6:52:17 AM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Probably you have right. What should be in part:
@mydomain.tld|rpub@mydomain. tld'
is it some mail to send notifications after pipe?

2018-03-29 7:47 GMT+02:00 Olivier <[hidden email]>:
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<r. [hidden email]>, Hits: -0.999
>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
I am testing pflogsumm-1.1.3 but I don't understand how is it possible that in "Senders by message count" are email accounts which don't exist on my server.

2018-03-29 12:57 GMT+02:00 chaouche yacine <[hidden email]>:
Sorry there was a mistake in the line I gave you, maybe I have edited it before pasting.

Here's a brief explanation along with a "light" version ( you can customize ) :

grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/

     1. grep Relay /var/log/mail.log |
     2. sed  
     3. 's/messagerie-prep amavis.*},//;
     4. s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;
     5. s/Hits:\([^,]\+\).*/Hits:\1/
     6. grep --color=always "$REGX_EMAIL ->"


1. Finding the needle in the haystack.
2. instead of extracting text, we're going to suppress unwanted text.
3. let's get rid of the part that sits between the date and the sender
4. let's get rid of the part that sits between the last recipient and the spam score (Hits)
5. let's get rid of what's after the spam score
6. Finally, we can colorize our output with grep --color=always. The REGEX_EMAIL is : '<[^@<>]*@[^@<>]*\.[^@<>]*>'. This will make the e-mail addresses stand out for a better reading experience.




On Thursday, March 29, 2018, 6:52:17 AM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Probably you have right. What should be in part:
@mydomain.tld|rpub@mydomain. tld'
is it some mail to send notifications after pipe?

2018-03-29 7:47 GMT+02:00 Olivier <[hidden email]>:
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<r. [hidden email]>, Hits: -0.999

>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

chaouche yacine
In reply to this post by chaouche yacine
6/ You should probably define REGEX_EMAIL as '<[^@<>]*@[^@<>]*\.[^@<>]*>', I have that in my .bashrc b/c I need it in so many scripts, but you can always use the regex as is if you don't want to define it as a variable, so you'd have :


grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/ | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'$



3/ This is host specific. My own hostname is 'messagerie-prep', you should change that to whatever your hostname is.

Yassine.

On Thursday, March 29, 2018, 1:17:03 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Thank you for explanation but in my case:
root@s1:~# grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/ | grep --color=always $REGX_EMAIL
>
> ^C
root@s1:~# echo $REGX_EMAIL

root@s1:~#

Should I have some additional file or should I add some parameter?


2018-03-29 12:57 GMT+02:00 chaouche yacine <[hidden email]>:
Sorry there was a mistake in the line I gave you, maybe I have edited it before pasting.

Here's a brief explanation along with a "light" version ( you can customize ) :

grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/

     1. grep Relay /var/log/mail.log |
     2. sed  
     3. 's/messagerie-prep amavis.*},//;
     4. s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;
     5. s/Hits:\([^,]\+\).*/Hits:\1/
     6. grep --color=always "$REGX_EMAIL ->"


1. Finding the needle in the haystack.
2. instead of extracting text, we're going to suppress unwanted text.
3. let's get rid of the part that sits between the date and the sender
4. let's get rid of the part that sits between the last recipient and the spam score (Hits)
5. let's get rid of what's after the spam score
6. Finally, we can colorize our output with grep --color=always. The REGEX_EMAIL is : '<[^@<>]*@[^@<>]*\.[^@<>]*>'. This will make the e-mail addresses stand out for a better reading experience.




On Thursday, March 29, 2018, 6:52:17 AM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Probably you have right. What should be in part:
@mydomain.tld|rpub@mydomain. tld'
is it some mail to send notifications after pipe?

2018-03-29 7:47 GMT+02:00 Olivier <[hidden email]>:
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<r. [hidden email]>, Hits: -0.999

>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
I used root@s1:~# grep Relay /var/log/mail.log | sed 's/s1 amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/ | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'$
and nothing happens but under above command I have sign > and next to it is console cursor.

My hostname is "s1".

2018-03-29 14:31 GMT+02:00 chaouche yacine <[hidden email]>:
6/ You should probably define REGEX_EMAIL as '<[^@<>]*@[^@<>]*\.[^@<>]*>', I have that in my .bashrc b/c I need it in so many scripts, but you can always use the regex as is if you don't want to define it as a variable, so you'd have :


grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/ | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'$



3/ This is host specific. My own hostname is 'messagerie-prep', you should change that to whatever your hostname is.

Yassine.

On Thursday, March 29, 2018, 1:17:03 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Thank you for explanation but in my case:
root@s1:~# grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/ | grep --color=always $REGX_EMAIL
>
> ^C
root@s1:~# echo $REGX_EMAIL

root@s1:~#

Should I have some additional file or should I add some parameter?


2018-03-29 12:57 GMT+02:00 chaouche yacine <[hidden email]>:
Sorry there was a mistake in the line I gave you, maybe I have edited it before pasting.

Here's a brief explanation along with a "light" version ( you can customize ) :

grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/


     1. grep Relay /var/log/mail.log |
     2. sed  
     3. 's/messagerie-prep amavis.*},//;
     4. s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;
     5. s/Hits:\([^,]\+\).*/Hits:\1/
     6. grep --color=always "$REGX_EMAIL ->"


1. Finding the needle in the haystack.
2. instead of extracting text, we're going to suppress unwanted text.
3. let's get rid of the part that sits between the date and the sender
4. let's get rid of the part that sits between the last recipient and the spam score (Hits)
5. let's get rid of what's after the spam score
6. Finally, we can colorize our output with grep --color=always. The REGEX_EMAIL is : '<[^@<>]*@[^@<>]*\.[^@<>]*>'. This will make the e-mail addresses stand out for a better reading experience.




On Thursday, March 29, 2018, 6:52:17 AM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Probably you have right. What should be in part:
@mydomain.tld|rpub@mydomain. tld'
is it some mail to send notifications after pipe?

2018-03-29 7:47 GMT+02:00 Olivier <[hidden email]>:
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<r. [hidden email]>, Hits: -0.999

>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

chaouche yacine
Sorry another typo, try :

grep Relay /var/log/mail.log | sed 's/s1 amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/' | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'

Yassine.




On Thursday, March 29, 2018, 1:39:17 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


I used root@s1:~# grep Relay /var/log/mail.log | sed 's/s1 amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/ | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'$
and nothing happens but under above command I have sign > and next to it is console cursor.

My hostname is "s1".

2018-03-29 14:31 GMT+02:00 chaouche yacine <[hidden email]>:
6/ You should probably define REGEX_EMAIL as '<[^@<>]*@[^@<>]*\.[^@<>]*>', I have that in my .bashrc b/c I need it in so many scripts, but you can always use the regex as is if you don't want to define it as a variable, so you'd have :


grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/ | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'$



3/ This is host specific. My own hostname is 'messagerie-prep', you should change that to whatever your hostname is.

Yassine.

On Thursday, March 29, 2018, 1:17:03 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Thank you for explanation but in my case:
root@s1:~# grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/ | grep --color=always $REGX_EMAIL
>
> ^C
root@s1:~# echo $REGX_EMAIL

root@s1:~#

Should I have some additional file or should I add some parameter?


2018-03-29 12:57 GMT+02:00 chaouche yacine <[hidden email]>:
Sorry there was a mistake in the line I gave you, maybe I have edited it before pasting.

Here's a brief explanation along with a "light" version ( you can customize ) :

grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/


     1. grep Relay /var/log/mail.log |
     2. sed  
     3. 's/messagerie-prep amavis.*},//;
     4. s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;
     5. s/Hits:\([^,]\+\).*/Hits:\1/
     6. grep --color=always "$REGX_EMAIL ->"


1. Finding the needle in the haystack.
2. instead of extracting text, we're going to suppress unwanted text.
3. let's get rid of the part that sits between the date and the sender
4. let's get rid of the part that sits between the last recipient and the spam score (Hits)
5. let's get rid of what's after the spam score
6. Finally, we can colorize our output with grep --color=always. The REGEX_EMAIL is : '<[^@<>]*@[^@<>]*\.[^@<>]*>'. This will make the e-mail addresses stand out for a better reading experience.




On Thursday, March 29, 2018, 6:52:17 AM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Probably you have right. What should be in part:
@mydomain.tld|rpub@mydomain. tld'
is it some mail to send notifications after pipe?

2018-03-29 7:47 GMT+02:00 Olivier <[hidden email]>:
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<r. [hidden email]>, Hits: -0.999

>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
This one works well. One question based on one from generated lines:
Mar 26 11:47:41  ORIGINATING LOCAL [127.0.0.1]:38920 <[hidden email]> -> <[hidden email]>,<[hidden email]>, Hits: 0.742

Mar 26 11:47:41 --> this is date and hour when mail from [hidden email] was sent to [hidden email] and [hidden email], am I right?
What are "Hits: 0.742" ?

2018-03-29 15:24 GMT+02:00 chaouche yacine <[hidden email]>:
Sorry another typo, try :

grep Relay /var/log/mail.log | sed 's/s1 amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/' | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'

Yassine.




On Thursday, March 29, 2018, 1:39:17 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


I used root@s1:~# grep Relay /var/log/mail.log | sed 's/s1 amavis.*},//;s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).*/Hits:\1/ | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'$
and nothing happens but under above command I have sign > and next to it is console cursor.

My hostname is "s1".

2018-03-29 14:31 GMT+02:00 chaouche yacine <[hidden email]>:
6/ You should probably define REGEX_EMAIL as '<[^@<>]*@[^@<>]*\.[^@<>]*>', I have that in my .bashrc b/c I need it in so many scripts, but you can always use the regex as is if you don't want to define it as a variable, so you'd have :


grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/ | grep --color=always '<[^@<>]*@[^@<>]*\.[^@<>]*>'$



3/ This is host specific. My own hostname is 'messagerie-prep', you should change that to whatever your hostname is.

Yassine.

On Thursday, March 29, 2018, 1:17:03 PM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Thank you for explanation but in my case:
root@s1:~# grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/ | grep --color=always $REGX_EMAIL
>
> ^C
root@s1:~# echo $REGX_EMAIL

root@s1:~#

Should I have some additional file or should I add some parameter?


2018-03-29 12:57 GMT+02:00 chaouche yacine <[hidden email]>:
Sorry there was a mistake in the line I gave you, maybe I have edited it before pasting.

Here's a brief explanation along with a "light" version ( you can customize ) :

grep Relay /var/log/mail.log | sed 's/messagerie-prep amavis.*},//;s/\(Queue-ID\| Message-ID\).*, Hits/Hits/;s/Hits:\([^,]\+\).* /Hits:\1/


     1. grep Relay /var/log/mail.log |
     2. sed  
     3. 's/messagerie-prep amavis.*},//;
     4. s/\(Queue-ID\|Message-ID\).*, Hits/Hits/;
     5. s/Hits:\([^,]\+\).*/Hits:\1/
     6. grep --color=always "$REGX_EMAIL ->"


1. Finding the needle in the haystack.
2. instead of extracting text, we're going to suppress unwanted text.
3. let's get rid of the part that sits between the date and the sender
4. let's get rid of the part that sits between the last recipient and the spam score (Hits)
5. let's get rid of what's after the spam score
6. Finally, we can colorize our output with grep --color=always. The REGEX_EMAIL is : '<[^@<>]*@[^@<>]*\.[^@<>]*>'. This will make the e-mail addresses stand out for a better reading experience.




On Thursday, March 29, 2018, 6:52:17 AM GMT+1, Poliman - Serwis <[hidden email]> wrote:


Probably you have right. What should be in part:
@mydomain.tld|rpub@mydomain. tld'
is it some mail to send notifications after pipe?

2018-03-29 7:47 GMT+02:00 Olivier <[hidden email]>:
Poliman - Serwis <[hidden email]> writes:

I think it should read:

...|egrep --line-buffered -v '(...)'|sed...

with a closing parenthesis before the closing quote

Olivier

> [1:text/plain Show]
>
>
> [2:text/html Hide Save:noname (20kB)]
>
> Wow, huge piece of linux commands. Currently too hard to modify for me. ;) Now it returns (I also
> try changed mydomain.tld to something real)
> root@serwer1:~# tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
> (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
> | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\(Queue-ID\|Message-ID\).*,
> HITS/Hits/'|grep "$REGX_EMAIL ->"
> grep: Unmatched ( or \(
>
> I use:
> ps -eo user|sort|uniq -c|sort -n
> ps -aux | grep {user} but these commands don't give me what I need in this case.
>
> 2018-03-28 17:31 GMT+02:00 chaouche yacine <[hidden email]>:
>
>  I use this line :
>
>  tail -f /var/log/mail.log | egrep --line-buffered 'Relay' | egrep --line-buffered -v '
>  (Process_Control| notifications.systemes| PODCAST-|Admin-ch|PUB_CONTROL| @mydomain.tld|rpub@mydomain. tld'
>  | sed -u 's/messagerie-prep amavis.*},//;s/Hits:\([^,]\+\) .*/HITS:\1/; s/\
>  (Queue-ID\|Message-ID\).*, HITS/Hits/'|grep "$REGX_EMAIL ->"
>
>  This will strip out automatic notifications and give me output like this :
>
>  Mar 28 16:25:24 LOCAL [127.0.0.1]:47600 <[hidden email]> ->
>  <[hidden email]>,<r. [hidden email]>, Hits: -0.999

>
>  One can tee this into a file and build from there. You can do basic stuff with the (sort | uniq -c
>  | sort -n) pipe machine.
>
>  On Wednesday, March 28, 2018, 3:09:24 PM GMT+1, Poliman - Serwis <[hidden email]>
>  wrote:
>
>  Thank you, I will check it. I am looking for information which linux user sends email and how
>  many, for example, per hour, day. That would be perfect plugin.
>
>  2018-03-28 15:59 GMT+02:00 Matus UHLAR - fantomas <[hidden email]>:
>
>  Poliman - Serwis:
>
>  Hi people. Do you know is there any tool/plugin for monitoring outgoing
>  emails from server with postfix? Maybe postfix has this feature?
>
>  On 28.03.18 09:57, Wietse Venema wrote:
>
>  Postfix logs all transactions. I suggest that you look for tools
>  that analyze Postfix logs.
>
>  pflogsumm, for example. available in most OS/distribution repositories and
>  at: http://jimsun.linxnet.com/post fix_contrib.html
>
>  --
>  Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
>  Warning: I wish NOT to receive e-mail advertising to this address.
>  Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>  M$ Win's are shit, do not use it !
>
>  --
>  Pozdrawiam / Best Regards
>  Piotr Bracha

--



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Alex JOST-2
Am 29.03.2018 um 15:30 schrieb Poliman - Serwis:
> This one works well. One question based on one from generated lines:
> Mar 26 11:47:41  ORIGINATING LOCAL [127.0.0.1]:38920 <[hidden email]>
> -> <[hidden email]>,<[hidden email]>, Hits: 0.742
>
> Mar 26 11:47:41 --> this is date and hour when mail from
> [hidden email] was sent to [hidden email] and
> [hidden email], am I right?
> What are "Hits: 0.742" ?

Looks like amavisd scoring.

--
Alex JOST
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

chaouche yacine

It is, that's the spam score. It helps to visualise if a particular mailbox is bombarded with spam (can happen with lots and lots of e-mails from qq.com, I have that domain banned in postfix itself).

Yassine.
On Thursday, March 29, 2018, 3:21:16 PM GMT+1, Alex JOST <[hidden email]> wrote:


Am 29.03.2018 um 15:30 schrieb Poliman - Serwis:

> This one works well. One question based on one from generated lines:
> Mar 26 11:47:41  ORIGINATING LOCAL [127.0.0.1]:38920 <[hidden email]>
> -> <[hidden email]>,<[hidden email]>, Hits: 0.742
>
> Mar 26 11:47:41 --> this is date and hour when mail from
> [hidden email] was sent to [hidden email] and
> [hidden email], am I right?
> What are "Hits: 0.742" ?


Looks like amavisd scoring.

--
Alex JOST

Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
Some emails has "Hits" value even, for example 2,5. What is (if it's possible to say) good value? I am going to create script in bash  which send me an email when from particular email account will outbound for example 300 emails per day. Kind of warning. But I am not sure I could use spam score to it. What do you think guys about it?

2018-03-29 17:58 GMT+02:00 chaouche yacine <[hidden email]>:

It is, that's the spam score. It helps to visualise if a particular mailbox is bombarded with spam (can happen with lots and lots of e-mails from qq.com, I have that domain banned in postfix itself).

Yassine.
On Thursday, March 29, 2018, 3:21:16 PM GMT+1, Alex JOST <[hidden email]> wrote:


Am 29.03.2018 um 15:30 schrieb Poliman - Serwis:

> This one works well. One question based on one from generated lines:
> Mar 26 11:47:41  ORIGINATING LOCAL [127.0.0.1]:38920 <[hidden email]>
> -> <[hidden email]>,<[hidden email]>, Hits: 0.742
>
> Mar 26 11:47:41 --> this is date and hour when mail from
> [hidden email] was sent to [hidden email] and
> [hidden email], am I right?
> What are "Hits: 0.742" ?


Looks like amavisd scoring.

--
Alex JOST




--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

chaouche yacine
Here are some ideas :

1/ Create a directory somewhere in /var/, for example mailstats
2/ The directory will contain one file per sender
3/ Your bash script will parse the mail log file in real time (tail -f) then tee each matching line to the corresponding mailstats/user file, for example if the line is matching [hidden email] it will go to mailstats/bob. That way you will have, for each user, the number of outgoing emails.


Another script will simply wc -l each mailstats user file, that will give you the number of sent mails. You can use fail2ban for this task instead of writing you own script. Fail2ban can be configured to scan logfiles looking for a particular line. It will count the matching lines and if it reaches the (configurable) maximum count in a certain (configurable) amount of time, it will do whatever action you have configured, for example sending you an e-mail.

The mailstats file will need some maintenance, otherwise they will grow infinitely and possibly slow down you scripts. You can use logrotate to archive your mailstats files and create new ones automatically for you after either a specific amount of time or after a specific mail size.

It's not trivial, but it should work.


Yassine.


On Friday, March 30, 2018, 7:16:33 AM GMT+2, Poliman - Serwis <[hidden email]> wrote:


Some emails has "Hits" value even, for example 2,5. What is (if it's possible to say) good value? I am going to create script in bash  which send me an email when from particular email account will outbound for example 300 emails per day. Kind of warning. But I am not sure I could use spam score to it. What do you think guys about it?

2018-03-29 17:58 GMT+02:00 chaouche yacine <[hidden email]>:

It is, that's the spam score. It helps to visualise if a particular mailbox is bombarded with spam (can happen with lots and lots of e-mails from qq.com, I have that domain banned in postfix itself).

Yassine.
On Thursday, March 29, 2018, 3:21:16 PM GMT+1, Alex JOST <[hidden email]> wrote:


Am 29.03.2018 um 15:30 schrieb Poliman - Serwis:

> This one works well. One question based on one from generated lines:
> Mar 26 11:47:41  ORIGINATING LOCAL [127.0.0.1]:38920 <[hidden email]>
> -> <[hidden email]>,<[hidden email]>, Hits: 0.742
>
> Mar 26 11:47:41 --> this is date and hour when mail from
> [hidden email] was sent to [hidden email] and
> [hidden email], am I right?
> What are "Hits: 0.742" ?


Looks like amavisd scoring.

--
Alex JOST




--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

Poliman - Serwis
Yassine, appreciate your answer. I will check further in it but do you think that spam score could help with estimate which mail from which account is or not spam?

2018-03-30 9:27 GMT+02:00 chaouche yacine <[hidden email]>:
Here are some ideas :

1/ Create a directory somewhere in /var/, for example mailstats
2/ The directory will contain one file per sender
3/ Your bash script will parse the mail log file in real time (tail -f) then tee each matching line to the corresponding mailstats/user file, for example if the line is matching [hidden email] it will go to mailstats/bob. That way you will have, for each user, the number of outgoing emails.


Another script will simply wc -l each mailstats user file, that will give you the number of sent mails. You can use fail2ban for this task instead of writing you own script. Fail2ban can be configured to scan logfiles looking for a particular line. It will count the matching lines and if it reaches the (configurable) maximum count in a certain (configurable) amount of time, it will do whatever action you have configured, for example sending you an e-mail.

The mailstats file will need some maintenance, otherwise they will grow infinitely and possibly slow down you scripts. You can use logrotate to archive your mailstats files and create new ones automatically for you after either a specific amount of time or after a specific mail size.

It's not trivial, but it should work.


Yassine.


On Friday, March 30, 2018, 7:16:33 AM GMT+2, Poliman - Serwis <[hidden email]> wrote:


Some emails has "Hits" value even, for example 2,5. What is (if it's possible to say) good value? I am going to create script in bash  which send me an email when from particular email account will outbound for example 300 emails per day. Kind of warning. But I am not sure I could use spam score to it. What do you think guys about it?

2018-03-29 17:58 GMT+02:00 chaouche yacine <[hidden email]>:

It is, that's the spam score. It helps to visualise if a particular mailbox is bombarded with spam (can happen with lots and lots of e-mails from qq.com, I have that domain banned in postfix itself).

Yassine.
On Thursday, March 29, 2018, 3:21:16 PM GMT+1, Alex JOST <[hidden email]> wrote:


Am 29.03.2018 um 15:30 schrieb Poliman - Serwis:

> This one works well. One question based on one from generated lines:
> Mar 26 11:47:41  ORIGINATING LOCAL [127.0.0.1]:38920 <[hidden email]>
> -> <[hidden email]>,<[hidden email]>, Hits: 0.742
>
> Mar 26 11:47:41 --> this is date and hour when mail from
> [hidden email] was sent to [hidden email] and
> [hidden email], am I right?
> What are "Hits: 0.742" ?


Looks like amavisd scoring.

--
Alex JOST




--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha
Reply | Threaded
Open this post in threaded view
|

Re: monitoring outgoing emails

chaouche yacine
Absolutely. Amavis comes with a default score of 5.0. Any e-mail which has a 5.0 score or higher is considered spam. You might have false positives though, for example if the user's ISP addresses are blacklisted, which might be the case dependning on the country and ISP.

Yassine.

On Friday, March 30, 2018, 10:44:27 AM GMT+2, Poliman - Serwis <[hidden email]> wrote:


Yassine, appreciate your answer. I will check further in it but do you think that spam score could help with estimate which mail from which account is or not spam?

2018-03-30 9:27 GMT+02:00 chaouche yacine <[hidden email]>:
Here are some ideas :

1/ Create a directory somewhere in /var/, for example mailstats
2/ The directory will contain one file per sender
3/ Your bash script will parse the mail log file in real time (tail -f) then tee each matching line to the corresponding mailstats/user file, for example if the line is matching [hidden email] it will go to mailstats/bob. That way you will have, for each user, the number of outgoing emails.


Another script will simply wc -l each mailstats user file, that will give you the number of sent mails. You can use fail2ban for this task instead of writing you own script. Fail2ban can be configured to scan logfiles looking for a particular line. It will count the matching lines and if it reaches the (configurable) maximum count in a certain (configurable) amount of time, it will do whatever action you have configured, for example sending you an e-mail.

The mailstats file will need some maintenance, otherwise they will grow infinitely and possibly slow down you scripts. You can use logrotate to archive your mailstats files and create new ones automatically for you after either a specific amount of time or after a specific mail size.

It's not trivial, but it should work.


Yassine.


On Friday, March 30, 2018, 7:16:33 AM GMT+2, Poliman - Serwis <[hidden email]> wrote:


Some emails has "Hits" value even, for example 2,5. What is (if it's possible to say) good value? I am going to create script in bash  which send me an email when from particular email account will outbound for example 300 emails per day. Kind of warning. But I am not sure I could use spam score to it. What do you think guys about it?

2018-03-29 17:58 GMT+02:00 chaouche yacine <[hidden email]>:

It is, that's the spam score. It helps to visualise if a particular mailbox is bombarded with spam (can happen with lots and lots of e-mails from qq.com, I have that domain banned in postfix itself).

Yassine.
On Thursday, March 29, 2018, 3:21:16 PM GMT+1, Alex JOST <[hidden email]> wrote:


Am 29.03.2018 um 15:30 schrieb Poliman - Serwis:

> This one works well. One question based on one from generated lines:
> Mar 26 11:47:41  ORIGINATING LOCAL [127.0.0.1]:38920 <[hidden email]>
> -> <[hidden email]>,<[hidden email]>, Hits: 0.742
>
> Mar 26 11:47:41 --> this is date and hour when mail from
> [hidden email] was sent to [hidden email] and
> [hidden email], am I right?
> What are "Hits: 0.742" ?


Looks like amavisd scoring.

--
Alex JOST




--
Pozdrawiam / Best Regards
Piotr Bracha



--
Pozdrawiam / Best Regards
Piotr Bracha
12