Filter mail log for bounces

I needed a simple way to find hard bounces from a mail log yesterday.  Usually, you hook up a script to listen for bounced messages at an email address like "list-bounces@example.com".  The script receives an email message and parses it to figure out if and why it bounced.  I decided to take the opposite approach, and look for email addresses causing bounces in postfix’s mail log.  With Jo’s help, we figured out we could pipe two grep commands to extract the likely offenders (see below).  The key is the second grep, the -P switch looks for matches using a Perl regular expresion, and then the -v switch inverts the test. Another script can then look through the output.

grep &quot;mailer=esmtp&quot; /var/log/maillog | grep -v -P &quot;stat=(Sent|Deferred)&quot; &gt; likely-bounces.log<br />

Pointers: running your own mail server

There are a bunch of reasons why you might decide that running your own mail server is something you want to do. You have a lot of free time and enjoy spending a lot of time at the command line reading howto guides and installation manuals. Hopefully, you know you are running a mail server and don’t have a Windows machine that’s been turned into a spam zombie.

Ok, so that may not sound like good reasons. There are some real benefits, you can give yourself unlimited email aliases, give your friends and family easier-to-remember addresses, and set up mailing lists to keep in touch with people.

If you’ve got a linux server, Postfix is one of the more popular mail transports. One of the things about mail server jargon is that there are a number of lego blocks that go into the mail chain. I won’t attempt to write a complete guide to setting up your server, instead I’ll point you at some useful links that I found helpful, and to boot not horrendously diffult to install.

  • Postfix takes care of receiving incoming mail and routing it to a local destination. I found the Postfix Anti-UCE Cheat Sheet useful for making sure I had configured the server correctly to make sure it is being used for good and not evil.
  • Amavisd-new is a perl script for plugging in virus scanners and spam blocks into the delivery chain. I use Clam Anti-virus, a Free virus scanner, and Spamassassin, to protect users from unwanted or dangerous mail messages.
  • Once you’re system is running, you might find that you’re looking at the mail log to make sure nothing is out of sorts. Download pflogsumm and schedule it to send you a report on how many messages are being delivered/sent/blocked and other useful metrics.