summarizing postfix logs problem(s)

Razvan Cosma razvan.cosma at catv.telemach.ro
Mon Oct 14 16:51:51 CEST 2002 

  Hello,
 I am looking for a solution to create mail traffic statistics for each
user of a single system (or domain, actually). So I sent a postfix log
to the online responder to test and noticed some strange results. My
setup is: one domain for testing, an antivirus (RAV, could be some
other, don't know yet), and an user with multiple aliases. Here's how
the delivery from e.g. the subscription mail goes (hope the word wrap
won't mess it):

postfix/smtpd[13014]: connect from logreport.IAE.nl[212.61.24.7]
postfix/smtpd[13014]: 658D918004: client=logreport.IAE.nl[212.61.24.7]
postfix/cleanup[13015]: 658D918004: message-id=<20021014141519.F3FF2C027 at hibou.logreport.org>
postfix/smtpd[13014]: disconnect from logreport.IAE.nl[212.61.24.7]
postfix/qmgr[4218]: 658D918004: from=<questions-request at logreport.org>, size=4415, nrcpt=1 (queue active)
ravpostfix[13032]: data received... begin scanning...
ravmd[13033]: scanning mail from <questions-request at logreport.org> to <my.alias at my.domain>.
ravmd[13033]: scanning file </var/spool/rav/postfix/->(RAV13032)>.
ravmd[13033]: file_ok
ravmd[13033]: scanning file </var/spool/rav/postfix/->(RAV13032)->(part0000:)>.
ravmd[13033]: file_ok
ravmd[13033]: end_ok.
ravpostfix[13032]: scanning returns OK... sending file...
postfix/smtpd[13020]: connect from localhost[127.0.0.1]
postfix/smtpd[13020]: B1D5C389CE: client=localhost[127.0.0.1]
postfix/cleanup[13015]: B1D5C389CE: message-id=<20021014141519.F3FF2C027 at hibou.logreport.org>
postfix/qmgr[4218]: B1D5C389CE: from=<questions-request at logreport.org>, size=4602, nrcpt=1 (queue active)
postfix/smtpd[13020]: disconnect from localhost[127.0.0.1]
postfix/smtp[13031]: 658D918004: to=<my.alias at my.domain>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 Ok)
postfix/local[13021]: B1D5C389CE: to=<my.username at my.domain>, relay=local, delay=0, status=sent ("|/usr/bin/maildrop")

 The mail could be counted twice (first when received from the network,
then when returned by the antivirus), or even three times if
postfix/smtp and postfix/local are treated the same. Now I am quite
confused on how the accounting could be done, does logreport handle
correctly such situations?
 Thank you for any pointers, and for taking the time reading the lengthy
message.



-- 
To UNSUBSCRIBE, email to questions-request at logreport.org with a subject of 
"unsubscribe". Trouble? Send an email with subject "help" to 
questions-request at logreport.org

More information about the Questions mailing list