proxmox-mirrors/pmg-log-tracker
1
0
Fork 0
mirror of https://git.proxmox.com/git/pmg-log-tracker synced 2025-04-28 14:42:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
106 Commits 1 Branch 0 Tags 228 KiB
Rust 98.5%
Makefile 1.5%
1cdbebe57b
Go to file
Stoiko Ivanov 1cdbebe57b do not assume constant year based on file index 
rather start with the current time at invocation and if the month in
the log is larger assume a year-wrap happened between logwriting and
invocation.

the old logic is flawed (but that can be said about parsing
traditional syslog timestamps (w/o year) in general) - it got worse
with the change in bullseye of rotating syslog weekly by default -
resulting in users losing one week of logs per day in the new year as
reported in https://forum.proxmox.com/threads/.102322/

Reviewed-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2022-01-04 13:55:49 +01:00
.cargo add .cargo/config and rustfmt.toml 2020-02-28 09:22:16 +01:00
debian debcargo: track updates 2021-06-28 17:04:06 +02:00
src do not assume constant year based on file index 2022-01-04 13:55:49 +01:00
tests add test for empty to (dnsbl reject) 2021-12-01 19:02:30 +01:00
.gitignore add .gitignore file 2022-01-03 14:56:17 +01:00
Cargo.toml bump edition to 2021 2022-01-03 13:22:16 +01:00
Makefile buildsys: upload to bullseye 2021-06-28 17:00:36 +02:00
README add before queue filter support 2020-02-21 09:47:35 +01:00
rustfmt.toml add .cargo/config and rustfmt.toml 2020-02-28 09:22:16 +01:00

README 

The pmg-log-tracker extracts information out of the syslog to match all entries
related to a single mail. It does so by using the PID of 'smtpd' entries in the
log as key for the SEntry structs. The QID, an ID consisting of at least 2 all
upper case hex digits, is used for both QEntry structs and FEntry structs.

As a rule of thumb, SEntrys are used wherever the services 'postscreen' and
'smtpd' are involved. QEntrys on the other hand are only used when a queue is
involved (e.g. after-queue filtering passing the postscreen checks,
before-queue filtering when the mail is 'accepted'). FEntrys are used whenever
the filter (pmg-smtp-filter) is involved.

The typical flow of a mail (after-queue):

1. postscreen (NOQUEUE -> mail finished)
2. smtpd (pid matching)
3. cleanup -> qmgr (mail in queue, QID matching)
4. pmg-smtp-filter (rule system, accept/block, long (Q)ID matching)
5. lmtp/smtp/local/error (QID matching, filter ID matching in lmtp)
6. qmgr ('removed')
7. smtpd ('disconnected from')

Both 6 and 7 are required before the mail can be printed completely.
6 and 7 can be logged in arbitrary order.

The typical flow of a mail (before-queue):

1. postscreen (NOQUEUE -> mail finished)
2. smtpd 1 (pid matching)
3. pmg-smtp-filter (rule system, accept/block, long (Q)ID matching)
  - on accept match the QID
4. smtpd 2 (pid matching)
5. (optional, only on 'accept') cleanup -> qmgr (mail in queue, QID matching)
6. (optional, only on 'accept') smtp (QID matching)
7. (optional, only on 'accept') qmgr ('removed')
8. smtpd 2 ('disconnect from')
9. smtpd 1 (proxy-accept/proxy-reject, filter (Q)ID matching)
10. smtpd 1 ('disconnect from')

7, 8 and 10 are required before the mail can be printed completely.
7, 8 and 10 can be logged in arbitrary order.