On 1/29/2013 at 2:01 PM Brian Evans wrote:

|On 1/29/2013 1:43 PM, Brian Evans wrote:
|> Because of that, I have skewed numbers:
|> All "incoming" log records: 10187
|> All "status=sent" log records: 7506
|> All "status=deferred" log records: 3302
|> rejected: -621 (-6%)
|>
|> It is not a simple math of "A minus B minus C" to find out how much
|> postscreen is rejecting in its current state.
|
|Furthermore, the script assumes that connect to sent ratio is (1:1).
|This is almost never the case with multi-recipient mail or clients
that
|can send more than one message in a single transaction.
|
|Brian

  =============

Version 1.1, now uploaded to

  http://archive.mgm51.com/sources/pslogscan.html

has removed the deferrals from the rejected calculation.


Multi-recipients handling would involve some very detailed processing,
which is beyond the stated goal of this script.

I use the script to watch day-to-day trends, not for detailed analysis.
   In that capacity, it works fine for me.  YMMV

Thanks again for your feedback.

On 1/29/2013 at 2:01 PM Brian Evans wrote:

|On 1/29/2013 1:43 PM, Brian Evans wrote:
|> Because of that, I have skewed numbers:
|> All "incoming" log records: 10187
|> All "status=sent" log records: 7506
|> All "status=deferred" log records: 3302
|> rejected: -621 (-6%)
|>
|> It is not a simple math of "A minus B minus C" to find out how much
|> postscreen is rejecting in its current state.
|
|Furthermore, the script assumes that connect to sent ratio is (1:1).
|This is almost never the case with multi-recipient mail or clients
that
|can send more than one message in a single transaction.
|
|Brian

=============

Version 1.1, now uploaded to

http://archive.mgm51.com/sources/pslogscan.html

has removed the deferrals from the rejected calculation.


Multi-recipients handling would involve some very detailed processing,
which is beyond the stated goal of this script.

I use the script to watch day-to-day trends, not for detailed analysis.
   In that capacity, it works fine for me. YMMV

Thanks again for your feedback.

On 1/29/2013 at 2:06 PM lconrad@... wrote:

|On Tuesday 29/01/2013 at 1:37 pm, Mike.  wrote:
|>
|I suggest you simplify and use only postscreen log lines.
|
|"sent" and "deferred" are not postscreen actions.
|
|and "sent" double counts when postfix sends to content filter  AND
|sends to next hop, in a relay-only gateway.
|
|"incoming" should be "SMTP connections"
|
|you should automatically detect RBL servers rather than looking for
|defined, eg sorbs, RBL server, which I don't use
|
|awk '/dnsblog/{print $11}' /var/log/maillog | sort -f | uniq -ic
|290700 b.barracudacentral.org
|209424 zen.spamhaus.org
|
|
|good work
|
|
|I think I'll write my own in python  :)
|
|
|Len
  =============

Yes, after pondering the helpful pointers that Brian gave me, I have
started to think about using only the Postscreen log lines, that way I
can avoid the multiplication of messages due to multi-recipient
messages and other messes, such as the double count you note.  I backed
myself into a corner when I tried to track the flow of messages without
tracking the details thereof.

I'll leave the auto-detect to those who are more adventurous in that
area than I.  :)

"incoming" currently also includes "pickup".  But that may be removed
when I go to postscreen-only log messages.


If I sparked an idea for someone else, all the better.

Thanks for the comment.

On Jan 29, 2013, at 10:49 AM, Wietse Venema <wietse@...> wrote:

> Let the computer do the work for you.
>
> /etc/postfix/main.cf:
>   sender_bcc_maps = pcre:/etc/postfix/sender_bcc.pcre
>
> /etc/postfix/sender_bcc.pcre:
>    if !/^archive-sender@archive-host\.example\.com$/
>    /./ archive-recipient@...
>    endif
>
> That should bcc all mail except mail from
> archive-sender@... and mail with the null
> sender address (i.e. delivery status notifications).
>
>  Wietse

Phew, thanks I was hopping I could use a regex like that, perfect.

-j

On 1/29/2013 8:07 PM, Mike. wrote:
>
> I implemented the postscreen capability on a small MTA I run for
> friends and family.  Once I got postscreen configuration producing the
> results I wanted, I soon tired of watching the detailed maillog to see
> how postscreen was operating.  So I wrote a quick shell script to
> summarize the log file and give me an overview of how well postscreen
> is working.
>
> I offer the script to anyone who would like to use it.   One company I
> worked for would not allow open source software into the company unless
> there was an explicit license on the software, so I put the BSD license
> on the script.
>
> You can download the script from here:
>   http://archive.mgm51.com/sources/pslogscan.html

Thanks Mike.

The concept is really good but I must say it's a script for very small
logs but in a system that the logs are in sizes of more then 100MB I
assume your script will be very slow.

How are you in other scripting languages?
I have been working with Ruby\Perl\Python\Bash and for me Ruby is the
most intuitive and seems like capable of doing this task easily.

Regards,
--
Eliezer

:( No ways resolve this problem ? or accept when sendmail to Hotmail into Spam.

Help Me if YOUs did...


-----Original Message-----
From: owner-postfix-users@... [mailto:owner-postfix-users@...]
On Behalf Of peter evans
Sent: Tuesday, January 29, 2013 3:45 PM
To: postfix-users@...
Subject: Re: Send mail to hotmail

On Jan/28.20:30:32, Michael J Wise wrote:
> > No one outside of Microsoft …
> Strike that.
> Nobody outside of HotMail.
> You should choose to trust me on this…. :)

	 And he is spot on too, having worked with HotMail several years ago,
	 and any NDA has long since expired, find out why you are in their
	 spam bucket will be quite tough even if you do know people there...

	 My money is on casino spam ^^;

	 P

> I was lurking around for the best solution to graph postfix usage, the
> most detailed possible, in order to prevent and foresee problems.
> I'm finding sparse results, I'm not sure which one is the most current /
> complete.
> Do you have any suggestions ?

have a look at Glen's cacti stuff

http://www.pitt-pladdy.com/blog/_20091122-164951_0000_Postfix_stats_on_Cacti_via\
_SNMP_/

we have a contractor given an email address for use in contacting clients,
the boss would like to bcc all his outbound mails, is there a way to bcc
all outbound emails for one user ?

(I realize he can simply change his smtp to another smtp server to
overcome this, but, that's what the boss wants...)

other suggestions to monitor emails welcomed, tia

v

Is it possible to customize the bounce messages and include an encapsulated html
message for MIME-compliant clients? If yes, is there some reason why one should
not do that? I'd like to make postfix bounce messages easier readable for the
average user...

Thanks,
Juerg

Am 30.01.2013 13:13, schrieb Fernando Maior:
> In the area where my office is, internet providers cannot offer us links with
fixed ip, only dhcp. I wonder if
> someone in the list knows about a mail forwarder server that can receive
emails from my server and forwards them to
> the internet in our behalf.

your provider should have a "relayhost"

on the other hand: if you receive mails the MX can not
be on a dynamic IP, so why is on the mailserver which
is your MX not a smtpd?

Am 30.01.2013 13:43, schrieb Juerg Reimann:
> Is it possible to customize the bounce messages and include an encapsulated
html message for MIME-compliant clients? If yes, is there some reason why one
should not do that? I'd like to make postfix bounce messages easier readable for
the average user...

you do NOT make bounces easier readable with HTML
look at all this braindead HTML bounces from MS exchange
they are always a pain as ANY HTML message at all

On Wed, 30 Jan 2013 10:13:58 -0200
Fernando Maior articulated:

> In the area where my office is, internet providers cannot offer us
> links with fixed ip, only dhcp. I wonder if someone in the list knows
> about a mail forwarder server that can receive emails from my server
> and forwards them to the internet in our behalf.

Perhaps something like this is what you are looking for:

http://dyn.com/

--
Jerry ✌
postfix-user@...
_____________________________________________________________________
TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

On 1/30/2013 6:13 AM, Fernando Maior wrote:
> Hello All,
>
> In the area where my office is, internet providers cannot offer us links
> with fixed ip, only dhcp. I wonder if someone in the list knows about a
> mail forwarder server that can receive emails from my server and forwards
> them to the internet in our behalf.

In this case simply configure a relayhost and outbound SASL auth, and
use the provider's submission server.  Basic configuration information
can be found here:
http://www.hardwarefreak.com/postfix-adsl-relay-config.txt

That covers outbound.  With a dynamic IP, how are you receiving mail to
your domain/server?  Are you using a dynamic DNS service?  If so, those
services usually offer mail relaying, albeit for an extra fee.

--
Stan

Juerg Reimann:
> Is it possible to customize the bounce messages and include an
> encapsulated html message for MIME-compliant clients? If yes, is
> there some reason why one should not do that? I'd like to make
> postfix bounce messages easier readable for the average user...

All Postfix features are documented. If it isn't documented then
it isn't supported.

Postfix bounce messages (structured per RFC 3462) preserve all the
MIME attributes of the original message.  Other MTAs use home-grown
formats that will corrupt returned messages with content other than
plain ASCII text.

You can use Postfix bounce(5) templates to change the text that is
presented to the user. You can even include URLs if you want. And
if you make it longer than 1-2 lines, chances that anyone reads it
will drop to near-zero.

However, you're welcome to propose a way to include a text/html
alternative besides text/plain in the context of the RFC 3462
framework. In particular I wonder what the bounce(5) configuration
interface would look like.

Finally, I will definitely not support yet another home-grown return
mail format.

	 Wietse

On 1/30/2013 at 3:55 AM Eliezer Croitoru wrote:

|On 1/29/2013 8:07 PM, Mike. wrote:
|>
|> I implemented the postscreen capability on a small MTA I run for
|> friends and family.  Once I got postscreen configuration producing
the
|> results I wanted, I soon tired of watching the detailed maillog to
see
|> how postscreen was operating.  So I wrote a quick shell script to
|> summarize the log file and give me an overview of how well
postscreen
|> is working.
|>
|> I offer the script to anyone who would like to use it.   One company
I
|> worked for would not allow open source software into the company
unless
|> there was an explicit license on the software, so I put the BSD
license
|> on the script.
|>
|> You can download the script from here:
|>   http://archive.mgm51.com/sources/pslogscan.html
|
|Thanks Mike.
|
|The concept is really good but I must say it's a script for very small

|logs but in a system that the logs are in sizes of more then 100MB I
|assume your script will be very slow.
|
|How are you in other scripting languages?
|I have been working with Ruby\Perl\Python\Bash and for me Ruby is the
|most intuitive and seems like capable of doing this task easily.
|
|Regards,
|--
|Eliezer

  =============


I've tried it on logs up to 40MB, and it ran to completion in around
five seconds.  However, for that test, I copied the log file off the
production mail server and on to a lightly loaded box.

Peter von Nostrand:
> dovecot unix - n n - - pipe
>   flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> ${sender} -d ${recipient}
>
> How can I send to Dovecot the username from the mail or proxyaddress alias
> field?

perhaps surprisingly, this is described in the pipe(8) manpage.

	 Wietse

On Wed, Jan 30, 2013 at 11:34:13AM -0300, Peter von Nostrand wrote:

> The users data is on Active Directory.
> Users has different email addresses to their username on AD and they have
> aliases on proxyaddress field.
>
> Here is the AD query:
>
> server_host = dc1.intranet.local
> search_base = dc=intranet,dc=local
> version = 3
> query_filter = (&(objectclass=Person)(|(mail=%s)(proxyAddresses=%s)))

This query is perhaps wrong, the "proxyAddresses" field in AD usually
contains address forms with <protocol>: prefixes, thus for SMTP addresses
the content is usually "smtp:localpart@domain" not "localpart@domain".

You should also set the "domain = " attribute in the map definition so
that lookups are always for full addresses and don't waste cycles with
addresses in domains that never have entries in AD.


> result_attribute = sAMAccountName
> result_format = %u/Maildir/

The sAMAccountName attribut is username not email address valued, so
there is no need to use %u here, use "%s".

> scope= sub
> bind = yes
> bind_dn = intranet\ldap
> bind_pw = somepassword
>
> And the result:
>
> #postmap -q diego@... ldap:/etc/postfix/ldap-users.cf
> diego.maradona/Maildir/
>
> But when I try to deliver a mail to diego@..., Dovecot tries to
> deliver it to the mail address and not the username. Returning with a "user
> unknown" message. It works OK if I edit a file with virtual aliases,
> mapping addresses to usernames, but I need to have all integrated on the AD.

Since you're using Dovecot, the virtual_mailbox_maps table is only
used for recipient validation, not for delivery, since that's done
by Dovecot. Since you want to rewrite the envelope (Dovecot user
address), you should use virtual_alias_maps instead, just change the
result to:

	 result_attribute = sAMAccountName
	 result_format = %s@...

with this the virtual_mailbox_domain is now a virtual_alias_domain,
since all valid addresses are rewritten to <samaccountname>@dovecot.invalid.
Use the resulting table in virtual_alias_maps, leaving virtual_mailbox_maps
empty, since you're not using virtual(8) to do the deliveries and no longer
using virtual_mailbox_domains.

Then map the "dovecot.invalid" domain to the dovecot transport in
transport_maps.

     transport:
	 dovecot.invalid  dovecot

> master relevant line:
>
> dovecot unix - n n - - pipe
>   flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> ${sender} -d ${recipient}

This will pass the user's rewritten email address to dovecot with
an @dovecot.invalid suffix. See pipe(8) for instructions on passing
just the localpart.

--
	 Viktor.

On Jan 30, 2013, at 09.34, Peter von Nostrand wrote:

> dovecot unix - n n - - pipe
>  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f
> ${sender} -d ${recipient}

i'd encourage you to consider delivering to dovecot via lmtp[1] rather than
pipe, and thus to consider using the relay domain class[2] instead of virtual. 
doing this has been beneficial for me in terms of logic and postfix
concepts/terminology. additionally, there are often performance benefits as
well.

[1] http://wiki2.dovecot.org/LMTP
[2] http://www.postfix.org/ADDRESS_CLASS_README.html

-ben

I made some changes to the script based upon the excellent feedback I
received here.

The script no longer wanders beyond the postscreen log records in order
to gather the information needed to determine the postscreen rejection
rate.  So that removes the problems caused by multiple-recipient
messages.

There is now the need to tell the script whether deep protocol testing
is being done.  There's an easy way to do this in the script.   The
default setting for this is the same as postscreen's default - deep
protocol testing is disabled.

Also, there is also the ability in the script to adjust the mktemp
template according to the OS being used.



You can download version 1.2 of the script from here:
  http://archive.mgm51.com/sources/pslogscan.html


Here is the sample output that pslogscan.sh produces (the 158MB file
was processed on 4 seconds):

Scanning /var/log/maillog

   CONNECT log records:      116340
   PASS NEW log records:     8190
   PASS OLD log records:     37002
   WHITELISTED log records:  2289
   BLACKLISTED log records:  0

           rejected:         77049  (66%)


   Protocol errors:
                 HANGUP log records:  62580
               PREGREET log records:  3927
           BARE NEWLINE log records:  21
     COMMAND TIME LIMIT log records:  168
     COMMAND PIPELINING log records:  21

   DNS black lists log records:
             b.barracudacentral.org:  57939
                    dnsbl.sorbs.net:  28098
                   zen.spamhaus.org:  66654

   DNSBL blocked log records: 50610
     DNSBL rank 3:  10353
     DNSBL rank 4:  0
     DNSBL rank 5:  0
     DNSBL rank 6:  19698
     DNSBL rank 7:  0
     DNSBL rank 8:  0
     DNSBL rank 9+: 20559

   DNSBL blocks by domain:
                example.com: 8253
                example.net: 1449
               example.info: 35679
                example.bix: 2268

On Wed, Jan 30, 2013 at 10:13:58AM -0200, Fernando Maior wrote:
> In the area where my office is, internet providers cannot offer us
> links with fixed ip, only dhcp. I wonder if someone in the list
> knows about a mail forwarder server that can receive emails from my
> server and forwards them to the internet in our behalf.

Perhaps cheaper, and perhaps better than this: you could get a VPS
and run your own mail service, both MX and outbound, from there.
There are many different VPS providers, as well as different
virtualization technologies they use.

http://en.wikipedia.org/wiki/Virtual_private_server

I wouldn't say a VPS is for everyone: you generally do need to be (or
to have employed) a competent system administrator, not to mention a
mail system administrator . But it's also an affordable way to gain
such experience.
--
   http://rob0.nodns4.us/ -- system administration and consulting
   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

On Wed, Jan 30, 2013 at 11:31:21PM +1100, lists@... wrote:
> we have a contractor given an email address for use in contacting
> clients, the boss would like to bcc all his outbound mails, is
> there a way to bcc all outbound emails for one user ?
>
> (I realize he can simply change his smtp to another smtp server
> to overcome this, but, that's what the boss wants...)
>
> other suggestions to monitor emails welcomed, tia

Simplest means is sender_bcc_maps, but of course that assumes he's
using the provided sender address.

http://www.postfix.org/postconf.5.html#sender_bcc_maps

You can require AUTH for all submission and enforce sender addresses
per SASL username:

http://www.postfix.org/postconf.5.html#smtpd_sender_login_maps and
#reject_authenticated_sender_login_mismatch

Then perhaps that's not a problem, because boss' main concern might
be what this contractor is saying on behalf of your company? If he
changes sender address to another domain, that's not hurting your
company reputation. It all depends how secure and ironclad you want
to make it. Most users don't even know how to configure a MUA, much
less that they could set the sender address to anything they want.
--
   http://rob0.nodns4.us/ -- system administration and consulting
   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

On Tue, Jan 29, 2013 at 12:22:35PM +0100, M. Fioretti wrote:
> of course, any comment on this is still welcome, as well as on any
> weakness in my server postconf -n output.

The original issue was to be able to relay from a dynamic residential
IP address on your server. Your solution, adding the dynamic IP to
mynetworks, is less than ideal in many ways. For one thing, it's a
high-maintenance solution, where you must change mynetworks with
every IP address change. For another, what if you don't get to it?
What if the new owner of your previous IP address is running malware
with an open relay tester? What if that malware finds you? Ouch!

The standard solution is SASL AUTH (typically also requiring TLS
encryption for security.) This is covered here:

http://www.postfix.org/SOHO_README.html#client_sasl_enable

A less common, but very good, solution is TLS authentication, which
is covered here:

http://www.postfix.org/TLS_README.html#server_access

If you don't want to get into all that, you can use a VPN like
openvpn to make a tunnel through which to send your mail, and add
your tunnel IP address to mynetworks.
--
   http://rob0.nodns4.us/ -- system administration and consulting
   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

I seem to be missing smtp log events regarding delivery status for TLS
enabled mail when smtp_tls_loglevel = 3.  I see a ton of TLS data as
expected, but the actual smtp result is no longer present.  Is there any
explanation for this behavior?
mail_version = 2.6.6

#sample TLS mail
grep CAEAB20079 ./maillog
Jan 29 01:00:25 server242 postfix-mx01/smtpd[24491]: CAEAB20079:
client=unknown[10.100.190.101]
Jan 29 01:00:25 server242 postfix-mx01/cleanup[24601]: CAEAB20079:
message-id=<redacted@...>
Jan 29 01:00:25 server242 postfix-mx01/qmgr[18097]: CAEAB20079:
from=<redacted@...>, size=10269, nrcpt=1 (queue active)
Jan 29 01:00:27 server242 postfix-mx01/qmgr[18097]: CAEAB20079: removed

#sample non TLS mail
grep 8B8362008B ./maillog
Jan 29 03:00:43 server242 postfix-mx01/smtpd[12814]: 8B8362008B:
client=unknown[10.100.190.101]
Jan 29 03:00:43 server242 postfix-mx01/cleanup[12903]: 8B8362008B:
message-id=<redacted@redacted>
Jan 29 03:00:43 server242 postfix-mx01/qmgr[18097]: 8B8362008B:
from=<redacted@...>, size=10262, nrcpt=1 (queue active)
#the line below is the one that is missing from the example above
Jan 29 03:00:49 server242 postfix-mx01/smtp[12904]: 8B8362008B:
to=<redacted@...>, relay=server[X.X.X.X]:25, conn_use=4,
delay=6.4, delays=0.01/4.5/0.12/1.8, dsn=2.0.0, status=sent (250 Backend
Replied [XXXXX]: 2.0.0 r0T80nWF017713 Message acce)
Jan 29 03:00:49 server242 postfix-mx01/qmgr[18097]: 8B8362008B: removed

Thanks,

Asa Gage

Asa Gage:
> I seem to be missing smtp log events regarding delivery status for TLS
> enabled mail when smtp_tls_loglevel = 3.  I see a ton of TLS data as
> expected, but the actual smtp result is no longer present.  Is there any
> explanation for this behavior?

syslog uses a connection-less transport.  The more logging you turn
on, the more events will be lost.

	 Wietse

On Wed, Jan 30, 2013 at 05:07:47PM -0500, Asa Gage wrote:
> I seem to be missing smtp log events regarding delivery status for
> TLS enabled mail when smtp_tls_loglevel = 3.

Below you have showed us nothing which would be affected by the
setting of smtp_tls_loglevel.

> I see a ton of TLS data as expected, but the actual smtp result is
> no longer present.  Is there any explanation for this behavior?
> mail_version = 2.6.6
>
> #sample TLS mail
> grep CAEAB20079 ./maillog
> Jan 29 01:00:25 server242 postfix-mx01/smtpd[24491]: CAEAB20079:
> client=unknown[10.100.190.101]
> Jan 29 01:00:25 server242 postfix-mx01/cleanup[24601]: CAEAB20079:
> message-id=<redacted@...>
> Jan 29 01:00:25 server242 postfix-mx01/qmgr[18097]: CAEAB20079:
> from=<redacted@...>, size=10269, nrcpt=1 (queue active)
> Jan 29 01:00:27 server242 postfix-mx01/qmgr[18097]: CAEAB20079: removed

No smtp(8) logging shown in this incomplete log snippet. (No outgoing
transport at all, for that matter.)

> #sample non TLS mail
> grep 8B8362008B ./maillog
> Jan 29 03:00:43 server242 postfix-mx01/smtpd[12814]: 8B8362008B:
> client=unknown[10.100.190.101]
> Jan 29 03:00:43 server242 postfix-mx01/cleanup[12903]: 8B8362008B:
> message-id=<redacted@redacted>
> Jan 29 03:00:43 server242 postfix-mx01/qmgr[18097]: 8B8362008B:
> from=<redacted@...>, size=10262, nrcpt=1 (queue active)
> #the line below is the one that is missing from the example above
> Jan 29 03:00:49 server242 postfix-mx01/smtp[12904]: 8B8362008B:
> to=<redacted@...>, relay=server[X.X.X.X]:25, conn_use=4,
> delay=6.4, delays=0.01/4.5/0.12/1.8, dsn=2.0.0, status=sent (250 Backend
> Replied [XXXXX]: 2.0.0 r0T80nWF017713 Message acce)

There's smtp logging, but you did say it was non-TLS.

> Jan 29 03:00:49 server242 postfix-mx01/qmgr[18097]: 8B8362008B: removed

Perhaps you are confusing smtp(8) and smtpd(8)?
--
   http://rob0.nodns4.us/ -- system administration and consulting
   Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Le 30/01/2013 13:13, Fernando Maior a écrit :
> Hello All,
>
> In the area where my office is, internet providers cannot offer us links
> with fixed ip, only dhcp. I wonder if someone in the list knows about a
> mail forwarder server that can receive emails from my server and forwards
> them to the internet in our behalf.
>

well, it really depends on a way too many things! how much mail do you
send? are you ready to pay for or are you looking for a free service
(free also means no contractual guarantee)? ... etc.

for a "free" service, you can try google or other.
if you want "something else", many of us here (including $self) can
setup that for you. the richer you are, the more we will make you pay:)
If it's for  a charity org or the like, I'll do that for free (with the
usual things: no mass mail, no stupid sender).

On 1/30/2013 4:32 PM, Mike. wrote:
>   =============
>
>
> I've tried it on logs up to 40MB, and it ran to completion in around
> five seconds.  However, for that test, I copied the log file off the
> production mail server and on to a lightly loaded box.

It's a pretty decent speed.
I have wrote a script to analyze squid\apache logs before and it's more
complicated then just match a line to a string.

grep in general is faster for exact matches in most cases I have seen
yet and it's amazing.

The same lookup on any other scripting lang will take *3-4 or more.

--
Eliezer Croitoru