improve mail log regexp

21b20a44 · Etersoft sysadmin · Vitaly Lipatov · dfa7f969 · 21b20a44 · 21b20a44
Commit 21b20a44 authored Oct 28, 2015 by Etersoft sysadmin Committed by Vitaly Lipatov Feb 26, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 1 deletion

byregexp.sh mail/mymail/byregexp.sh +1 -1

formattedbyregexp.sh mail/mymail/formattedbyregexp.sh +22 -0

No files found.
--- a/mail/mymail/byregexp.sh
+++ b/mail/mymail/byregexp.sh
@@ -36,7 +36,7 @@ case $STATUS in
 		;;
 esac

-$CATCMD | grep -- $EMAIL | grep -- "$REGEXP" | grep -- "$STATUS"
+$CATCMD | grep -- "<$EMAIL>" | grep -- "$REGEXP" | grep -- "$STATUS"

 # TODO: записи нужно распознавать и приводить в читаемый вид.


--- a/mail/mymail/formattedbyregexp.sh
+++ b/mail/mymail/formattedbyregexp.sh
+#!/bin/sh
+
+# Oct 28 15:34:52 from unknown[123.21.162.223]: 450 4.7.1 Client host rejected: cannot find your hostname, [123.21.162.223]; from=<suhanov5858@mail.ru> to=<lav@etersoft.ru> proto=ESMTP helo=<[123.21.162.223]>
+# Oct 28 12:47:46 server postfix/smtpd[7013]: NOQUEUE: reject: RCPT from unknown[2.50.178.28]: 450 4.7.1 Client host rejected: cannot find your hostname, [2.50.178.28]; from=<mexicoax7@list.ru> to=<lav@etersoft.ru> proto=ESMTP helo=<[2.50.178.129]>
+# Oct 28 17:37:51 server postfix/smtpd[30552]: NOQUEUE: reject: RCPT from unknown[46.151.52.121]: 450 4.7.1 Client host rejected: cannot find your hostname, [46.151.52.121]; from=<ixyt.map@mail.ru> to=<200605212330.18561.lav@etersoft.ru> proto=ESMTP helo=<wiki-mail-eqiad.wikimedia.org>'
+# Oct 28 16:38:26 server postfix/smtpd[25474]: NOQUEUE: reject: RCPT from triband-mum-120.61.169.161.mtnl.net.in[120.61.169.161]: 450 4.2.0 <lav@etersoft.ru>: Recipient address rejected: Please, come back in 180 seconds; from=<stirseewz00@stjoelive.com> to=<lav@etersoft.ru> proto=ESMTP helo=<triband-mum-120.61.169.161.mtnl.net.in>
+IPMASK="[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
+#./byregexp.sh "$@" "" "rejected" | \
+echo "Oct 28 16:38:26 server postfix/smtpd[25474]: NOQUEUE: reject: RCPT from triband-mum-120.61.169.161.mtnl.net.in[120.61.169.161]: 450 4.2.0 <lav@etersoft.ru>: Recipient address rejected: Please, come back in 180 seconds; from=<stirseewz00@stjoelive.com> to=<lav@etersoft.ru> proto=ESMTP helo=<triband-mum-120.61.169.161.mtnl.net.in>" | \
+	sed -e "s|\(.* [0-9][0-9]:[0-9][0-9]:[0-9][0-9]\) .*RCPT from \(.*\)\[\($IPMASK\)\]: \([0-9][0-9][0-9]\) \(.*\), \[$IPMASK\]; from=<\(.*@.*\)> to=<\(.*@.*\)> proto=ESMTP helo=<\(.*\)>|DATE='\1'; DOMAIN='\2'; IP='\3'; ERROR='\4'; ERRORSTRING='\4 \5'; EMAIL='\6'; EMAILTO='\7'; HELO='\8'|g" | \
+	while read F STR ; do
+		# DATE DOMAIN IP ERROR ERRORSTRING EMAIL HELO
+		if ! echo "$F" | grep -q DATE ; then
+			echo
+			echo "Unparseable: $F $STR"
+			continue
+		fi
+		eval "$F $STR"
+		echo "PARSED: $DATE $DOMAIN $IP $ERROR $ERRORSTRING $EMAIL $EMAILTO $HELO"
+		#exit
+	done
+