Ci-dessous un exemple de code permettant l'analyse d'une log Postfix. Le but de cette analyse étant de réunir sur une seule ligne l'ensemble des informations générées par la réception d'un email. La réception d'un mail légal est la tâche la plus complexe car cela nécessite de recouper les informatioons présentes sur deux lignes, un structure temporaire est chargée de mémoriser l'information, plusieurs expressions régulières sont chargées d'analyser le type de ligne courante.
A partir de cette log postfix:
Apr 2 00:03:15 fwl postfix/smtpd[5120]: connect from emailer112-172.emv2.net[81.92.112.172]
Apr 2 00:03:21 fwl postfix/smtpd[5120]: D39F2142BF: client=emailer112-172.emv2.net[81.92.112.172]
Apr 2 00:03:22 fwl postfix/cleanup[19258]: D39F2142BF: message-id=<5389267050.1074062.1175464995060@sch1>
Apr 2 00:03:22 fwl postfix/qmgr[8659]: D39F2142BF: from=<trendcorner@fr.emv1.com>, size=9197, nrcpt=1 (queue active)
Apr 2 00:03:22 fwl postfix/smtpd[5120]: disconnect from emailer112-172.emv2.net[81.92.112.172]
Apr 2 00:03:22 fwl postfix/smtp[30707]: D39F2142BF: to=<oostan@internal.domain.com>, orig_to=<oostan@domain.com>, relay=192.168.2.254[192.168.2.254]:25, delay=6.4, delays=6.2/0.02/0/0.27, dsn=2.6.0, status=sent (250 2.6.0 <5389267050.1074062.1175464995060@sch1> Queued mail for delivery)
Apr 2 00:03:22 fwl postfix/qmgr[8659]: D39F2142BF: removed
...
Apr 2 12:16:30 fwl postfix/smtpd[20161]: connect from unknown[122.168.7.222]
Apr 2 12:16:37 fwl postfix/smtpd[20161]: NOQUEUE: reject: RCPT from unknown[122.168.7.222]: 554 5.7.1 Service unavailable; Client host [122.168.7.222] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?122.168.7.222; from=<sudhakarh@auracom.com> to=<ccinpon@internal.domain.com> proto=SMTP helo=<localhost.localdomain>
Apr 2 12:16:38 fwl postfix/smtpd[20161]: lost connection after RCPT from unknown[122.168.7.222]
Apr 2 12:16:38 fwl postfix/smtpd[20161]: disconnect from unknown[122.168.7.222]
...
Apr 2 12:46:51 fwl postfix/smtpd[30601]: connect from wx-out-0506.google.com[66.249.82.237]
Apr 2 12:46:56 fwl postfix/smtpd[30601]: NOQUEUE: reject: RCPT from wx-out-0506.google.com[66.249.82.237]: 554 5.7.1 <agrandville@gmail.com>: Sender address rejected: Access denied; from=<agdv@mydomain.com> to=<cdolfl@domain.com> proto=ESMTP helo=<wx-out-0506.google.com>
Apr 2 12:46:56 fwl postfix/smtpd[30601]: disconnect from wx-out-0506.google.com[66.249.82.237]
est générée cette log:
Apr 2 00:03:22;trendcorner@fr.emv1.com;oostan@internal.domain.com;OK
Apr 2 12:16:37;sudhakarh@auracom.com;ccinpon@internal.domain.com;bl.spamcop.net
Apr 2 12:46:56;agdv@mydomain.com;cdolfl@domain.com;BL