#! /bin/sh mid_pattern='postfix\/[a-z]*\[[0-9]*\]: [0-9A-F]*:' mid_replace_pattern='^.*postfix\/[a-z]*\[[0-9]*\]: \([0-9A-F]*\):.*$' logfile=/var/log/mail.log* usage() { cat < The pattern given will be grepped through /var/log/mail.log to find messages. Any line matching the message ID will then be displayed. The pattern can be a message id, a from, a to, an email address, anything that appears in a line that might lead to a message id. That message ID then used to print the whole log associated with the message id. If multiple message IDs match, their logs will be displayed one after the other. Examples: $0 Nov 22 08:19:16 $0 209.44.112.65 $0 evil@example.com $0 user@koumbit.org EOF } # this script grew out of this oneliner: # grep 'from.*info@koumbit.org' /var/log/mail.log | awk '{ print $6 }' | grep -v NOQUEUE | sed -e 's/://' | while read mid; do grep "$mid" /var/log/mail.log; done if [ $# -lt 1 ]; then usage exit fi pattern="$*" echo checking for pattern $pattern # extract the pattern from the logfile cat <