From bcbd67c057e1e8e44384cf420e572ef59f646410 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Tue, 2 Mar 2021 12:54:32 +0100
Subject: initial commit: Skript seems to work

---
 journal-watcher.py | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100755 journal-watcher.py

diff --git a/journal-watcher.py b/journal-watcher.py
new file mode 100755
index 0000000..91b9c34
--- /dev/null
+++ b/journal-watcher.py
@@ -0,0 +1,27 @@
+#!/bin/python
+
+from systemd import journal
+import re
+from time import sleep
+from email.mime.text import MIMEText
+from subprocess import Popen, PIPE
+
+j = journal.Reader()
+j.this_boot()
+j.add_match(_SYSTEMD_UNIT='courier-esmtpd.service')
+
+regex = re.compile('.*msg="534 SIZE=Message too big\.",cmd: MAIL FROM:[^<]*<([^>]+)> SIZE=([0-9]+)')
+
+while True:
+   item=j.get_next()
+   while item!={}:
+      match = regex.match(item['MESSAGE'])
+      if match:
+         msg = MIMEText("Hi,\n\n{} hat eine zu grosze Email ({}) geschickt ({}).".format(match.group(1),match.group(2),item['SYSLOG_TIMESTAMP']))
+         msg["From"] = "journal-watcher@eckner.net"
+         msg["To"] = "logs@eckner.net"
+         msg["Subject"] = "zu grosze Email von {}".format(match.group(1))
+         p = Popen(["/usr/sbin/sendmailadvanced", "-t"], stdin=PIPE)
+         p.communicate(msg.as_bytes())
+      item=j.get_next()
+   sleep(10)
-- 
cgit v1.2.3-70-g09d2