I needed a simple way to find hard bounces from a mail log yesterday. Usually, you hook up a script to listen for bounced messages at an email address like "email@example.com". The script receives an email message and parses it to figure out if and why it bounced. I decided to take the opposite approach, and look for email addresses causing bounces in postfix’s mail log. With Jo’s help, we figured out we could pipe two grep commands to extract the likely offenders (see below). The key is the second grep, the -P switch looks for matches using a Perl regular expresion, and then the -v switch inverts the test. Another script can then look through the output.
grep "mailer=esmtp" /var/log/maillog | grep -v -P "stat=(Sent|Deferred)" > likely-bounces.log