Hi Charles,
> You can patch qmail-smtpd to add some logging to it. See the list archives or
> qmail.org for others' approaches to that.
I hate patching a Live System......
> The other alternative:
>
>> I tried to catch some data by capturing the traffic, but its a hard work
>> to do so as a lot of information must be correlated by hand.....
>
> Nah, just use Ethereal/Wireshark. It "correlates" it all for you -- you just
> need to pick the start of the appropriate SMTP conversation and do "follow TCP
> stream" (or similar, can't recall what the option is). Then you can read both
> sides of the conversation and see exactly what's happening.
Iigh - did so, but the point is to fetch the right connection - there
are some hundreds a minute and I dont have a clue how to find the right
one. This time I had a look at the accounting data where I can see the
IP of the connction with the huge amount of data and afterwards grep
through it. So I guess I must do a capture about a day and awterwards
search for the ips....bad luck :(
THX anyway
Oliver
|