New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

postfix-parser

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

postfix-parser

Postfix Log Parser

latest
Source
npmnpm
Version
1.1.2
Version published
Maintainers
1
Created
Source

Build Status Coverage Status Code Climate

Postfix Parser

It parses postfix log entries.

const parser = require('postfix-parser');

Each postfix program (smtp/qmgr/cleanup/etc..) has its own format. See the test file for complete examples.

Functions

asObject

Call with a syslog line:

parser.asObject('Jul  5 06:52:11 mx1 postfix/qmgr[20459]: 3mPVKl...');

Returns an object:

{
    date: 'Jul  5 06:52:11',
    host: 'prd-mx1',
    prog: 'postfix/qmgr',
    pid: '20459',
    qid: '3mPVKl0Mhjz7sXv',
    size: '2666',
    nrcpt: '2',
}

asObjectType

requires two positional arguments:

  • type (see Parser Types)
  • a single line syslog entry (or snippet)

asObjectType is most useful when the log lines have already been partially parsed, such as by Logstash.

Typical Usage

const parsed = parser.asObjectType('syslog', data);
if (!parsed) return; // unparseable syslog line

if (!/^postfix/.test(parsed.prog)) return;  // not a postfix line

const msg = parser.asObject(parsed.prog, parsed.msg);

msg is an object of parsed.prog type (see examples below)

Parser Types

syslog

asObject(
    'syslog',
    'Jul  5 06:52:11 prd-mx1 postfix/qmgr[20459]: 3mPVKl0Mhjz7sXv: from=<>, size=2666, nrcpt=2 (queue active)'
);

Returns:

{
    date: 'Jul  5 06:52:11',
    host: 'prd-mx1',
    prog: 'postfix/qmgr',
    pid: '20459',
    msg: '3mPVKl0Mhjz7sXv: from=<>, size=2666, nrcpt=2 (queue active)',
}

This is comparable to what you'd already have in Elasticsearch if you had imported your logs using Logstash.

qmgr

asObject('3mPVKl0Mhjz7sXv: from=<>, size=2666, nrcpt=2 (queue active)');

Returns:

{
    qid: '3mPVKl0Mhjz7sXv',
    from: ''
    size: '2666',
    nrcpt: '2',
}

smtp

asObject('3mPVKl0Mhjz7sXv: to=<sam.bck@example.org>, relay=mafm.example.org[24.100.200.21]:25, conn_use=2, delay=1.2, delays=0.76/0.01/0.09/0.34, dsn=2.0.0, status=sent (250 2.0.0 t5UI2nBt018923-t5UI2nBw018923 Message accepted for delivery)');

Returns:

{
    qid: '3mPVKl0Mhjz7sXv',
    to: 'sam.bck@example.org',
    relay: 'mafm.example.org[24.100.200.21]:25',
    conn_use: '2',
    delay: '1.2',
    delays: '0.76/0.01/0.09/0.34',
    dsn: '2.0.0',
    status: 'sent (250 2.0.0 t5UI2nBt018923-t5UI2nBw018923 Message accepted for delivery)',
}

cleanup

asObject('3mKxs35RQsz7sXF: message-id=<3mKxs308vpz7sXd@mx14.example.net>');

Returns:

{
    qid: '3mKxs35RQsz7sXF',
    'message-id': '3mKxs308vpz7sXd@mx14.example.net',
}

error

asObject('3mJddz5fh3z7sdM: to=<rcarey@example.tv>, relay=none, delay=165276, delays=165276/0.09/0/0.09, dsn=4.4.1, status=deferred (delivery temporarily suspended: connect to 24.200.177.247[24.200.177.247]:25: Connection timed out)')

Returns:

{
    qid: '3mJddz5fh3z7sdM',
    to: 'rcarey@example.tv',
    relay: 'none',
    delay: '165276',
    delays: '165276/0.09/0/0.09',
    dsn: '4.4.1',
    status: 'deferred (delivery temporarily suspended: connect to 24.200.177.247[24.200.177.247]:25: Connection timed out)',
}

bounce

asObject('3mKxY750hmz7scK: sender non-delivery notification: 3mKxYH0vl4z7sWS')

Returns:

{
    qid: '3mKxY750hmz7scK',
    dsnQid: '3mKxYH0vl4z7sWS',
}

scache

asObject('statistics: domain lookup hits=0 miss=3 success=0%')

Returns:

{
    statistics: 'domain lookup hits=0 miss=3 success=0%',
}

pickup

asObject('3mKxs308vpz7sXd: uid=1206 from=<system>')

Returns:

{
    qid: '3mKxs308vpz7sXd',
    'uid': '1206',
    from: 'system',
}

local

asObject('3mLQKH6hqhz7sWK: to=<logspam@system.alerts>, relay=local, delay=3.1, delays=1.8/0.86/0/0.44, dsn=2.0.0, status=sent (forwarded as 3mLQKK4rDdz7sVS)')

Returns:

{
    qid: '3mLQKH6hqhz7sWK',
    to: 'logspam@system.alerts',
    relay: 'local',
    delay: '3.1',
    delays: '1.8/0.86/0/0.44',
    dsn: '2.0.0',
    status: 'forwarded',
    forwardedAs: '3mLQKK4rDdz7sVS',
}

See also

See log-ship-elastic-postfix for an example of combining all log entries for a single message into a normalized document.

Copyright 2015 by eFolder, Inc.

Keywords

postfix
log
parse
maillog
mail.log

FAQs

Package last updated on 13 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Security News

Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign

Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

By Sarah Gooding  -  Apr 03, 2026