postfix log中查询邮件主题(二)

基礎知識，原理見前篇，根據其原理，編寫腳本實現postfix郵件主旨的記錄和腳本自動分析。

一．准備

MW.XXXX.com  發送郵件主機       centos5.2 + postfix

MAIL.XXXX.com 接收郵件主機      centos5.2 + postfix

MW 修改日記，使其保存到MAIL主機

MW:

   Vim /etc/syslog.conf

    Mail.*              @mail.XXXX.tw

   Vim /etc/sysconfig/syslog

      SYSLOGD_OPTIONS="-m 0 -r"

重起日記服務 service syslog restart

在root用戶下新建 bin目錄，將解碼腳本保存為 perldecode 文件

編寫分析腳本文件 perMailAna

二．編寫腳本

所有用戶收信以MAIL主機日記為准

所有用戶發信以MW主機日記為准

腳本可以實現兩種使用方式

Use: perMailAna username logfile        -----interactive output Report

Use: perMailAna                         -----according prompt output Report

Use ctrl+c interactive output

Username: 1.Don't containing other character except number,letter and dot.

          2.It must be ended by dot plus family name(the letter).

第一種交互式輸出，查看

第二種按提示保存到文件

腳本在運行是可以按ctrl+c鍵終止，退出，自動清除垃圾文件

腳本文件如下：

 #!/bin/sh
#This is the 3rd maillog analyze bash file.Now the log file add the subject content
#and all output use english title
#send mail use mw server  log
#receive mail use mail server log
#. /root/bin/perldecode
#Write by XieHaiBin 2009/11/16
trap "my_exit" 1 2 3 15

my_exit(){
echo -e "\nReport Output interrupt..."
echo "Do you wish to really exit???"
echo "Y:YES"
echo "N,or any other key:No"
echo -n "Your choice [Y..N]>"
ANS=`get_a_key`
case $ANS in
Y|y)
rm -f $ttmp1 $ttmp2 $_istr 2> /dev/null
exit 1;;
N|n) ;;
*)   ;;
esac
}
dishead()
{
cat << MYDAY
---------------------------------------------------------------------------------
 Time    Size Sender host Sender ip
MYDAY
}
get_a_key(){
#read_a_char
SAVEDSTTY=`stty -g`
stty cbreak
dd if=/dev/tty bs=1 count=1 2> /dev/null
stty -cbreak
stty $SAVEDSTTY
}
continue_prompt(){
echo -n "Hit any key to continue.."
DUMMY=`get_a_key`
}
get_enter_key(){
echo -n "Hit enter key to see next or ctrl+c exit"
read a < /dev/tty
}

mailuser_check(){
_letter=`echo $1|awk '{if($0~/[^a-z0-9.]/) print "1" ; else if ($0~/\.[a-z]*$/) print "0"; else print "1"}'`
if [ "$_letter" = "1" ];then
   return 1
else
   return 0
fi
}

str_to_utf8()
{
#detect if text code
_a=`echo $1 | awk  '{if (/^=?.*?=$/) print 0 ;else print 1}'`
_str=$1
if [ $_a = "0" ];then
_origin_code=`echo "$_str" | awk -F? '{print $2}'`
case $_origin_code in
#big5|gb2312|GB2312|BIG5|gbk|GBK)
#echo `perldecode $_str | iconv -f $_origin_code -t utf8 2> /dev/null`
# ;;
utf8|UTF8)
echo `/root/bin/perldecode $_str 2> /dev/null`
 ;;
#big5|gb2312|GB2312|BIG5|gbk|GBK
*)
echo `perldecode $_str | iconv -f $_origin_code -t utf8 2> /dev/null`
 ;;
esac
else
# =1; text,direct output
# return 1
echo $_str
fi
}

ana_send_log(){
echo -e "\t\t\t\tUser $user Send mail Report"
#deal with send record; mw server
_sum=`wc -l $ttmp1 | awk '{print $1}'`
_num=1
while read Trecord
do
grep "\<$Trecord\>" $logfile > $ttmp2
Tsubject=`grep 'Subject:' $ttmp2 | sed 's/.*Subject:\(.*\)from unknown.*/\1/'`
Tdate=`head -n1 $ttmp2|cut -d " " -f 1-4`
Tsize=`grep 'size' $ttmp2  | sed 's/.*size=\([^,]*\).*/\1/'`
Tip=`grep 'client' $ttmp2  | sed 's/.*client=.*\[\(.*\)\].*/\1/'`
Thost=`grep 'helo=' $ttmp2 | sed 's/.*helo=<\([^>]*\).*/\1/'`
Treceive=`grep '\]*\)>.*/\1/'|uniq`
echo -e "Messenge Code:      $Trecord\tLogfile: $logfile"
#echo "Orign Subject Code: "$Tsubject
Tsubject=`str_to_utf8 $Tsubject`
dishead
echo -e "\t$Tdate\t\t$Tsize\t$Thost\t$Tip"
echo -e "\nSubject:\t$Tsubject\n "
echo -e "Recever:\n\t"$Treceive |awk 'BEGIN{RS=" ";ORS="\n\t"};{print}'
echo -e "\t\tSend mail record $_num / $_sum"
echo -e "\n================================================================================="
if [ "$directsave" = "1" ];then
get_enter_key
fi
_num=`expr $_num + 1`
done < $ttmp1
}

ana_rece_log(){
echo -e "\t\t\t\tUser $user Received mail Report"
#deal with send record; mw server
_sum=`wc -l $ttmp1 | awk '{print $1}'`
_num=1
while read Trecord
do
grep "\<$Trecord\>" $logfile | grep '\' > $ttmp2
Tsender=`grep '\, size.*/\1/'|uniq`
Tsubject=`grep 'Subject:' $ttmp2 | sed 's/.*Subject:\(.*\)from .*/\1/'`
Tdate=`head -n1 $ttmp2|cut -d " " -f 1-4`
Tsize=`grep 'size' $ttmp2  | sed 's/.*size=\([^,]*\).*/\1/'`
Tip=`grep 'client' $ttmp2  | sed 's/.*client=.*\[\(.*\)\].*/\1/'`
Thost=`grep 'helo=' $ttmp2 | sed 's/.*helo=<\([^>]*\).*/\1/'`
Treceive=`grep '\]*\)>.*/\1/'|uniq`
echo -e "Messenge Code:      $Trecord\tLogfile: $logfile"
#echo "Orign Subject code: "$Tsubject
Tsubject=`str_to_utf8 $Tsubject`
dishead
echo -e "\t$Tdate\t\t$Tsize\t$Thost\t$Tip"
echo -e "\nSender:\t$Tsender\n"
echo -e "\nSubject:\t$Tsubject\n "
echo -e "All Recever:\n\t"$Treceive |awk 'BEGIN{RS=" ";ORS="\n\t"};{print}'
echo -e "\t\t    Recevied mail record $_num / $_sum"
echo -e "\n================================================================================"
if [ "$directsave" = "1" ];then
get_enter_key
fi
_num=`expr $_num + 1`
done < $ttmp1
}

get_user_name(){
while :
do
echo -e -n "\nPlease Input the local mail user>"
read Tname

  if mailuser_check $Tname ;then
 name_sta=0
 break
  else
        name_sta=1
 echo "User Error,please reinput..."
  fi
done
}
get_file(){
while :
do
echo -e -n "Please Input the logfile [maillog]>"
read Tlog
: ${Tlog:="maillog"}
Tlog="/var/log/$Tlog"
if [ -f $Tlog ];then
 file_sta=0
echo "Use log file: $Tlog to analyze."
 break
else
 echo "File not exist,please reinput..."
 file_sta=1
fi
done
}
set_save_report(){
echo -n -e "\nPlease input the Report name [ "mailreport."$Tname ]>"
read mailreport
: ${mailreport:="mailreport.$Tname"}
echo "Your report will save in $HOME/$mailreport"
mailreport="$HOME/$mailreport"
}

usage(){
echo "Use: perMailAna username logfile  -----interactive output Report"
echo "Use: perMailAna    -----according prompt output Report"
echo "Use ctrl+c interactive output"
echo "Username: 1.Don't containing other character except number,letter and dot."
echo "          2.It must be ended by dot plus family name(the letter)."
}

#main
directsave="1"
case $# in
0)
tput clear
get_user_name
get_file
 if [ "$name_sta" = "0" -a "$file_sta" = "0" ];then
set_save_report
 user="$Tname"
 logfile="$Tlog"
 directsave="0"
 fi
;;
2)
user=$1
logfile="/var/log/$2"
if mailuser_check $user ;then
 if [ -f $logfile ];then
  #mailreport="$HOME/mailreport.$user"
  directsave="1"
 else
  echo "log file don't exist,please check!"
  usage
  exit 1
 fi
else
 echo "mailuser error,Please use local username to analyze log."
 usage
 exit 1
fi
;;
*)
usage
exit 1
;;
esac

if [ -z $mailreport ];then
 :
else
echo "" > $mailreport 2>/dev/null
  if [ $? -eq "1" ];then
 echo "Error,Can't create save file,Please check you have privilege!"
 exit 1
  fi
fi

ttmp1="/tmp/permailana.t$$"
ttmp2="/tmp/permailana2.$$"
grep "to=<$user" $logfile |grep '\'| cut -d: -f4 | uniq > $ttmp1
if [ -s $ttmp1 ];then
 if [ "$directsave" = "0" ];then
 echo "Now,process.Please Wait..."
 ana_rece_log >> $mailreport
 else
 ana_rece_log
 fi
else
echo "Don't find any receive mail log with this user."
fi
if [ "$directsave" = "1" ];then
echo -e "\n\tNow See the [Send mail Report];ctrl+c exit..."
fi
grep "from=<$user" $logfile |grep '\'| cut -d: -f4 | uniq > $ttmp1
if [ -s $ttmp1 ];then
 if [ "$directsave" = "0" ];then
 ana_send_log >> $mailreport
 echo -e "\nProcess complete!"
 else
 ana_send_log
 fi
else
echo "Don't find any send mail log with this user."
fi
rm -f $ttmp1 $ttmp2

三．運行效果

[root@mail bin]# perMailAna iris.peng maillog
                                User iris.peng Received mail Report
Messenge Code:      7DFA3A1774  Logfile: /var/log/maillog
---------------------------------------------------------------------------------
        Time                            Size    Sender host     Sender ip
        Nov 16 08:14:19 mail            1595    st.xxxx.tw     61.222.12*.**

Sender: