设为首页收藏本站
开启辅助访问
ORF反垃圾邮件系统

邮件服务器-邮件系统-邮件技术论坛(BBS)

 找回密码
 会员注册
邮件服务器-邮件系统-邮件技术论坛(BBS)»论坛首页 ≡ 邮件服务器专区≡ Postfix / Sendmail / Qmail qmail log问题讨论
返回列表 发新帖
查看: 8388|回复: 0

[讨论] qmail log问题讨论

[复制链接]
netocool
发表于 2008-9-15 23:22:23 | 显示全部楼层 |阅读模式
我的qmail系统的日志输出目录情况:
[root@mail qmail]# pwd
/var/log/qmail
[root@mail qmail]# ls
pop3   send  smtp  spamd
[root@mail qmail]#

qmail日志产生办法:
[root@mail send]# pwd
/var/qmail/supervise/send/log
[root@mail log]# vim run

[Copy to clipboard] [ - ]
CODE:
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/send 2>&1


[root@mail log]# pwd
/var/qmail/supervise/smtp/log
[root@mail log]# vim run

[Copy to clipboard] [ - ]
CODE:
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/smtp 2>&1


[root@mail log]# pwd
/var/qmail/supervise/pop3/log
[root@mail log]# vim run

[Copy to clipboard] [ - ]
CODE:
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT /var/log/qmail/pop3 2>&1


目前查看qmail日志办法:
[root@mail send]# pwd
/var/log/qmail/send
[root@mail send]# tai64nlocal < current

[Copy to clipboard] [ - ]
CODE:
2008-07-31 00:20:31.685348500 info msg 1803366: bytes 66308 from <dandma@ert.cn> qp 22129 uid 100
2008-07-31 00:20:31.690076500 starting delivery 1189: msg 1803366 to local ericlu@ert.cn[/email]
2008-07-31 00:20:31.690082500 status: local 1/10 remote 0/60
2008-07-31 00:20:31.717134500 delivery 1189: success: did_0+0+1/
2008-07-31 00:20:31.717140500 status: local 0/10 remote 0/60
2008-07-31 00:20:31.717144500 end msg 1803366
2008-07-31 00:22:33.481513500 new msg 1803366
2008-07-31 00:22:33.481519500 info msg 1803366: bytes 66308 from <danima@ert.cn> qp 22156 uid 100
2008-07-31 00:22:33.486874500 starting delivery 1190: msg 1803366 to local erick@ert.cn[/email]
2008-07-31 00:22:33.486880500 status: local 1/10 remote 0/60
2008-07-31 00:22:33.513754500 delivery 1190: success: did_0+0+1/
2008-07-31 00:22:33.513760500 status: local 0/10 remote 0/60
2008-07-31 00:22:33.513764500 end msg 1803366
2008-07-31 00:23:07.260318500 new msg 1803366
2008-07-31 00:23:07.260463500 info msg 1803366: bytes 66308 from <ddya@ert.cn> qp 22174 uid 100
2008-07-31 00:23:07.265329500 starting delivery 1191: msg 1803366 to local erick@21cn.com[/email]
2008-07-31 00:23:07.265335500 status: local 1/10 remote 0/60
2008-07-31 00:23:07.291470500 delivery 1191: success: did_0+0+1/
2008-07-31 00:23:07.291476500 status: local 0/10 remote 0/60
2008-07-31 00:23:07.291480500 end msg 1803366
2008-07-31 00:23:46.309774500 new msg 1803366
2008-07-31 00:23:46.309780500 info msg 1803366: bytes 66308 from <dkia@ert.cn> qp 22192 uid 100
2008-07-31 00:23:46.314368500 starting delivery 1192: msg 1803366 to local deyliu@yahoo.cn[/email]
2008-07-31 00:23:46.314374500 status: local 1/10 remote 0/60


查看到的邮件收发信息是比较详细的,但是查看qmail的smtp和pop3信息就不尽人意:

[root@mail smtp]# pwd
/var/log/qmail/smtp
[root@mail smtp]# tai64nlocal < current

[Copy to clipboard] [ - ]
CODE:
2008-08-22 12:26:40.723181500 tcpserver: status: 0/100
2008-08-22 12:39:37.515143500 tcpserver: status: 1/100
2008-08-22 12:39:37.515150500 tcpserver: pid 24898 from 218.102.53.13
2008-08-22 12:39:37.515155500 tcpserver: ok 24898 mail.ert.cn:10.0.2.10:25 :218.102.53.13::54773
2008-08-22 12:39:41.203366500 tcpserver: end 24898 status 0
2008-08-22 12:39:41.203372500 tcpserver: status: 0/100
2008-08-22 12:49:20.407437500 tcpserver: status: 1/100
2008-08-22 12:49:20.409141500 tcpserver: pid 24921 from 218.102.53.13
2008-08-22 12:49:20.409146500 tcpserver: ok 24921 mail.ert.cn:10.0.2.10:25 :218.102.53.13::55484
2008-08-22 12:49:21.001666500 tcpserver: end 24921 status 0
2008-08-22 12:49:21.001672500 tcpserver: status: 0/100
2008-08-22 13:19:09.034146500 tcpserver: status: 1/100
2008-08-22 13:19:09.034170500 tcpserver: pid 25022 from 116.25.131.72
2008-08-22 13:19:09.034175500 tcpserver: ok 25022 mail.ert.cn:10.0.2.10:25 :116.25.131.72::4303
2008-08-22 13:19:10.235852500 tcpserver: end 25022 status 0
2008-08-22 13:19:10.235857500 tcpserver: status: 0/100


qmail的smtp日志只记录smtp连接的IP地址和时间
pid是什么意思呢?例如2008-08-22 12:49:20.409141500 tcpserver: pid 24921 from 218.102.53.13,进来一个邮件

但是如何才能够在qmail的send日志中找到这个邮件的详细信息呢?是什么邮件地址发过来的呢?发给谁呢?

[root@mail pop3]# pwd
/var/log/qmail/pop3
[root@mail pop3]# tai64nlocal < current

[Copy to clipboard] [ - ]
CODE:
2008-09-01 19:42:50.218745500 tcpserver: status: 0/100
2008-09-01 19:42:51.107977500 tcpserver: status: 1/100
2008-09-01 19:42:51.107983500 tcpserver: pid 20404 from 219.136.166.8
2008-09-01 19:42:51.107987500 tcpserver: ok 20404 0:10.0.2.10:110 :219.136.166.8::61607
2008-09-01 19:42:53.039149500 tcpserver: end 20404 status 256
2008-09-01 19:42:53.039154500 tcpserver: status: 0/100
2008-09-01 19:47:54.987821500 tcpserver: status: 1/100
2008-09-01 19:47:54.987829500 tcpserver: pid 20413 from 219.136.166.8
2008-09-01 19:47:54.987834500 tcpserver: ok 20413 0:10.0.2.10:110 :219.136.166.8::61617
2008-09-01 19:47:56.382481500 tcpserver: end 20413 status 256
2008-09-01 19:47:56.382487500 tcpserver: status: 0/100
2008-09-01 19:47:57.021153500 tcpserver: status: 1/100
2008-09-01 19:47:57.021159500 tcpserver: pid 20416 from 219.136.166.8
2008-09-01 19:47:57.021163500 tcpserver: ok 20416 0:10.0.2.10:110 :219.136.166.8::61619
2008-09-01 19:47:59.138800500 tcpserver: end 20416 status 256
2008-09-01 19:47:59.138806500 tcpserver: status: 0/100
2008-09-01 19:53:01.149828500 tcpserver: status: 1/100
2008-09-01 19:53:01.149850500 tcpserver: pid 20423 from 219.136.166.8
2008-09-01 19:53:01.149855500 tcpserver: ok 20423 0:10.0.2.10:110 :219.136.166.8::61631
2008-09-01 19:53:02.436220500 tcpserver: end 20423 status 256
2008-09-01 19:53:02.436226500 tcpserver: status: 0/100
2008-09-01 19:53:03.095537500 tcpserver: status: 1/100
2008-09-01 19:53:03.096935500 tcpserver: pid 20426 from 219.136.166.8
2008-09-01 19:53:03.096940500 tcpserver: ok 20426 0:10.0.2.10:110 :219.136.166.8::61633
2008-09-01 19:53:04.351779500 tcpserver: end 20426 status 256
2008-09-01 19:53:04.351785500 tcpserver: status: 0/100
2008-09-01 19:53:31.292338500 tcpserver: status: 1/100
2008-09-01 19:53:31.292343500 tcpserver: pid 20429 from 125.215.224.193
2008-09-01 19:53:31.292348500 tcpserver: ok 20429 0:10.0.2.10:110 :125.215.224.193::32943
2008-09-01 19:54:05.816009500 tcpserver: end 20429 status 256
2008-09-01 19:54:05.816015500 tcpserver: status: 0/100
2008-09-01 19:54:06.513117500 tcpserver: status: 1/100


pop3的日志也只有连接的时间和IP信息

但是目前我想需要更多的信息,例如:2008-09-01 19:53:03.096935500 tcpserver: pid 20426 from 219.136.166.8
有一用户连接到qmail收邮件,我想知道是哪个用户(邮件地址),他本次收的邮件的大小是多大呢?


大家有什么好的建议呢?谢谢
欢迎关注本站的微信公众帐号,获取最新邮件资讯与技术文章!
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 会员注册

本版积分规则

小黑屋|手机版|Archiver|邮件技术资讯网

GMT+8, 2024-5-19 13:31

Powered by Discuz! X3.2

© 2001-2016 Comsenz Inc.

本论坛为非盈利中立机构,所有言论属发表者个人意见,不代表本论坛立场。内容所涉及版权和法律相关事宜请参考各自所有者的条款。
如认定侵犯了您权利,请联系我们。本论坛原创内容请联系后再行转载并务必保留我站信息。此声明修改不另行通知,保留最终解释权。
*本论坛会员专属QQ群:邮件技术资讯网会员QQ群
 *本论坛会员备用QQ群:邮件技术资讯网备用群

快速回复 返回顶部 返回列表