Can I have ps -aux report the user that is sending e-mail?
HI
When I do a ps -aux from time to time, I notice that the sendmail processes lists the address or IP the mail is coming from/going to, but I would really like to see the user that is sending/receiving as well, and if possible a clear indication of whether it is outgoing or incoming mail.
Only reason for this is so I can have a nice quick way of seeing what is going on at a given time, and hopefully it should be fairly easy to spot a spam session going out.
I think this information is available in the sendmail logs right? But I was just hoping one could "tweak" the output of sendmail processes to the ps a bit...
When I do a ps -aux from time to time, I notice that the sendmail processes lists the address or IP the mail is coming from/going to, but I would really like to see the user that is sending/receiving as well, and if possible a clear indication of whether it is outgoing or incoming mail.
Only reason for this is so I can have a nice quick way of seeing what is going on at a given time, and hopefully it should be fairly easy to spot a spam session going out.
I think this information is available in the sendmail logs right? But I was just hoping one could "tweak" the output of sendmail processes to the ps a bit...
ASKER
Hi ahoffmann
I had a look at the /var/log/maillog file, but it doesn't show the local user affected. It simply shows :
Nov 19 12:44:58 chaos sendmail[8415]: gAJAisK08415: from=<qna@experts-exchange
Nov 19 12:44:58 chaos sendmail[8418]: gAJAisK08415: to=<internet@linuxhelp.co.
Nov 19 12:45:00 chaos sendmail[8416]: gAJAitK08416: from=<php-general-return-1
and I'm not sure what it all means...
I had a look at the /var/log/maillog file, but it doesn't show the local user affected. It simply shows :
Nov 19 12:44:58 chaos sendmail[8415]: gAJAisK08415: from=<qna@experts-exchange
Nov 19 12:44:58 chaos sendmail[8418]: gAJAisK08415: to=<internet@linuxhelp.co.
Nov 19 12:45:00 chaos sendmail[8416]: gAJAitK08416: from=<php-general-return-1
and I'm not sure what it all means...
> and I'm not sure what it all means...
may I just repeat the first entry (partially):
(send)mail gAJAisK08415 from=...
and the second one:
(send)mail gAJAisK08415 to=... stat=sent
hmm, somthing which cannot be understood by simply reading ;-)
As you see, sendmail spawns 2 processes [pid 8415 and 8418] to handle mail: one for receiving, one for delivering. In the log they glue together by a uniqe ID: gAJAisK08415.
That's the reason why you cannot get the information with ps: 2 (or more) processes.
may I just repeat the first entry (partially):
(send)mail gAJAisK08415 from=...
and the second one:
(send)mail gAJAisK08415 to=... stat=sent
hmm, somthing which cannot be understood by simply reading ;-)
As you see, sendmail spawns 2 processes [pid 8415 and 8418] to handle mail: one for receiving, one for delivering. In the log they glue together by a uniqe ID: gAJAisK08415.
That's the reason why you cannot get the information with ps: 2 (or more) processes.
ASKER
It's very "cramped", the whole point I'm trying to make is reporting the mail usage in a very simple way so you can scan it visually and quickly pickup "paterns" to detect spam being sent from the server.
Would this only be possible by processing the log file?
Would this only be possible by processing the log file?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
psimation:
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
This old question needs to be finalized -- accept an answer, split points, or get a refund. For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations! No comment means you don't care.
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from ahoffman as answer
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
TheWeakestLink
EE Cleanup Volunteer
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from ahoffman as answer
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
TheWeakestLink
EE Cleanup Volunteer
ASKER
Sorry, havn't received any mail bar the last one about this question.
Will award to ahoffmann
Will award to ahoffmann
Sendmail usually writes a log file, /var/log/mail, wher all the information you want will be logged.