#!/usr/local/bin/perl use Regexp::Grammars; use Data::Dumper; # A authenticator name (and optional id and sender) # C SMTP confirmation on delivery # command list for “no mail in SMTP session” # CV certificate verification status # D duration of “no mail in SMTP session” # DN distinguished name from peer certificate # DT on => lines: time taken for a delivery # F sender address (on delivery lines) # H host name and IP address # I local interface used # id message id for incoming message # P on <= lines: protocol used # on => and ** lines: return path # PRX on <= and=> lines: proxy address # QT on => lines: time spent on queue so far # on “Completed” lines: time spent on queue # R on <= lines: reference for local bounce # on => >> ** and == lines: router name # S size of message in bytes # SNI server name indication from TLS client hello # ST shadow transport name # T on <= lines: message subject (topic) # on => ** and == lines: transport name # U local user or RFC 1413 identity # X TLS cipher suite my $p = qr{ <nocontext:> <record> <rule: record> <inrecord> | <outrecord> <rule: inrecord> <date> <time> <localId> \<\= <inrecordFrom> <[element]>* <rule: outrecord> <date> <time> <localId> \=\> <outrecordTo> <[element]>* <rule: date> <year> - <month> - <day> <rule: time> <hour> : <min> : <sec> <rule: localId> <.char6> - <.char6> - <.char2> <rule: element> <size> | <protocol> | <hello> | <crypto> | <certVerify> | <messageId> | <localuser> | <auth> | <fromTo>| <some> <rule: hello> H \= \( \[ <helloString> \] \) [\s]+ \[ <helloFrom> \] | H \= \( <helloString> \) [\s]+ \[ <helloFrom> \] <rule: helloString> [\d\S]+ <rule: helloFrom> [\d\S]+ <rule: crypto> X \= <cryptoSet> <rule: cryptoSet> [A-Za-z0-9:._-]+ <rule: fromTo> \< <emailFrom> \> [\s]+ for [\s]+ <[emailTo]>+ <rule: emailFrom> <.email> <rule: emailTo> <.email> <rule: certVerify> CV \= <certStatus> <rule: certStatus> [A-Za-z]{2,4} <rule: messageId> id \= <id> <rule: protocol> P \= <protocolType> <rule: size> S \= <number> <rule: localuser> U \= <some> <rule: auth> A \= <authtype> : <authid> <rule: authtype> [a-z_]+ <rule: authid> <.email> <rule: outrecordTo> <emailLocalPart>[\s]+\< <email> \> <rule: emailLocalPart> [A-Z0-9a-z._%+-]+ | <.email> <rule: inrecordFrom> <email> <rule: email> [A-Z0-9a-z._%+-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,6} <rule: protocolType> [a-z]+ <rule: id> [a-zA-Z_\0-9.@]+ <rule: some> [\S]+ <token: year> \d\d\d\d <token: month> \d\d <token: day> \d\d <token: hour> \d\d <token: min> \d\d <token: sec> \d\d <token: char6> <char1><char1><char1><char1><char1><char1> <token: char2> <char1><char1> <token: char1> [\d\w] <token: digit4> \d\d\d\d <token: digit2> \d\d <token: digit1> \d <token: number> \d+ # <token: dash> - # <token: colon> : }xms; $t = '2016-08-08 03:08:30 1bWZ3O-0000X2-Bc <= root@mx.unix7.pro U=root P=local S=2974 from <root@mx.unix7.pro> for root'; if ($t2 =~ $p) { print Dumper(%/); } #EOF