Log Transactions with -X

Beginning with V8.2 sendmail, the -X command-line switch can be used to record all input and output, SMTP traffic, and other significant transactions. The form of the -X (transaction) command-line switch looks like this:

-X file

Space between the -X and the file is optional. The file can be specified as either a full or a relative pathname. For security, the -X command-line switch always causes sendmail to give up its privileges unless it was run by root. If the transaction file cannot be opened for writing, the following error is printed and no logging is done:

cannot open file

Otherwise, the file is opened in append mode, and each line that is written to it looks like this:

pid what detail

The pid is the process identification number of the sendmail that added the line. The what is one of these three symbols:

<<<: This is input. It is either text that is read on the standard input, or parts of an SMTP dialog that were read on a socket connection.
>>>: This is output. It is either something that sendmail printed to its standard output, or something that it sent over an SMTP connection.
= = =: This is an event. The only two events that are currently logged are CONNECT for connection to a host and EXEC for execution of a delivery agent.

To illustrate, consider sending a mail message to yourself and to a friend at another site:

% /usr/sbin/sendmail -X /tmp/xfile -oQ`pwd` yourself,friend@remote.host

To: yourself,friend@remote.host
Subject: test

This is a test.
.

These few lines ...

Get sendmail, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

sendmail, 4th Edition by Bryan Costales, Claus Assmann, George Jansen, Gregory Neil Shapiro

Log Transactions with -X

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly