Previous Section Next Section

14.2 Log Transactions with -X

Beginning with V8.2 sendmail, the -X command-line switch can be used to record all input and output, SMTP traffic, and other significant transactions. The form of the -X (transaction) command-line switch looks like this: 

-X file

Space between the -X and the file is optional. The file can be specified as either a full or a relative pathname. For security the -X command-line switch always causes sendmail to give up its privileges unless it was run by root. If the transaction file cannot be opened for writing, the following error is printed and no logging is done: 

cannot open file

Otherwise, the file is opened in append mode, and each line that is written to it looks like this: 

pid what detail

The pid is the process identification number of the sendmail that added the line. The what is one of these three symbols:

<<<

This is input. It is either text that is read on the standard input, or parts of an SMTP dialog that were read on a socket connection.

>>>

This is output. It is either something that sendmail printed to its standard output, or something that it sent over an SMTP connection.

= = =

This is an event. The only two events that are currently logged are CONNECT for connection to a host and EXEC for execution of a delivery agent.

To illustrate, consider sending a mail message to yourself and to a friend at another site: 

% /usr/sbin/sendmail -X /tmp/xfile -oQ`pwd` yourself,friend@remote.host
To: yourself,friend@remote.host
Subject: test

This is a test.
.

These few lines of input produce a long /tmp/xfile. The first few lines of that file are illustrative: 

29559 <<< To: yourself,friend@remote.host
29559 <<< Subject: test
29559 <<<
29559 <<< This is a test.
29559 <<< .
29561 =  == CONNECT remote.host
29561 <<< 220 remote.host ESMTP Sendmail 8.9.3; Fri, 13 Dec 2002 08:06:47 -0600 (MDT)
29561 >>> EHLO your.host
29561 <<< 250-remote.host Hello you@your.host [206.54.76.122], pleased to meet you
29561 <<< 250-8BITMIME
29561 <<< 250-SIZE
29561 <<< 250-DSN
29561 <<< 250-VERB
29561 <<< 250-ONEX
29561 <<< 250 HELP
29561 >>> MAIL From:<your@your.host> SIZE=65
29561 <<< 250 <your@your.host>... Sender ok
29561 >>> RCPT To:<friend@remote.host>
29561 <<< 250 Recipient ok
29561 >>> DATA
29561 <<< 354 Enter mail, end with "." on a line by itself
29561 >>> The first line of data here,
29561 >>> the second line of data here,
29561 >>> and so on.

Notice that the process ID changes. After sendmail collects the message, it performs a fork(2) and exec(2) to handle the actual delivery.

Because these transaction files include message bodies, they should be guarded. Never use the -X switch with the daemon unless you are prepared for a huge file and the possibility of disclosing message contents to nonprivileged users.

    Previous Section Next Section