3

In the processing of an in-bound email through sendmail and procmail, I am having trouble matching procmail log entries with sendmail's maillog entries. Sendmail posts the queue-id to the log.

Is there a method of sendmail adding the mail queue's "Message-queue-id" to a custom header, and then capturing it in procmailrc for its use in posting it to procmail's log output entries?

For example, we just delete mail identified by spamassassin as Spam, but can't after the fact trace it back to a sendmail log entry due to lack of common identifier.

xebeche
  • 905
  • 7
  • 20
dsbcpas
  • 31
  • 2

1 Answers1

2

I am also interested to learn how to make Sendmail add a custom header that holds only the message queue ID. Until then I help myself by parsing the Received: header that is added which shows the ID after "id". Here is a template for a Procmail recipe to extract the ID:

:0
* ^Received: .*by myserver.example.net \(.*\) with [a-z]+ id \/[0-9a-z]+
{
   QID="$MATCH"
   LOG="Message queue ID = $QID ..."
}

You might need to adjust this the actual format of the Received header that your server (=myserver.example.net) adds. The \/ is specific to Procmail's regex parser. It does not match anything, it just splits the pattern and assigns whatever matches to its right to variable MATCH.

xebeche
  • 905
  • 7
  • 20
  • This is exactly the way to do it. There is no need to separately copy `MATCH` to `QID` and then the braces are superfluous too. – tripleee Feb 28 '19 at 04:14
  • @tripleee As written the code is meant to be an illustrative template. I personally use `QID` for every subsequent `LOG`. So, copying is indeed necessary. – xebeche Feb 28 '19 at 09:28
  • IMHO better approach would be to extract first `Received:` header (the one added last) and do all matches on it. – AnFi Feb 28 '19 at 10:00
  • @AnFi There are pros and cons, some servers add local Received: headers above the one you want to extract the logging from. But indeed if that is the local server both approaches should produce the same result. – tripleee Feb 28 '19 at 10:28
  • @tripleee Shit may happen e.g. "unexpected" changes in the host name. It seems that our preferences (order of importance) are "slightly" different. – AnFi Feb 28 '19 at 10:51