Working with e-mail logs
We have worked with logs from the Apache HTTP web server. The reality is that we can apply the same ideals and methodology to any log file. We will take a look at Postfix mail logs. The mail log holds all activity from the SMTP server and we can then see who has been sending e-mails to whom. The log file is usually located at /var/log/mail.log
. I will access this on my Ubuntu 15.10 server that has a local e-mail delivery. All this means is that the STMP server is listening only to the localhost interface of 127.0.0.1
.
The log format will change a little depending on the type of message. For example, $7
will contain from
logs on outbound message, whereas inbound messages will contain to
.
If we want to list all the inbound messages to the SMTP server, we can use the following command:
# awk ' ( $7 ~ /^to/ ) ' /var/log/mail.log
As the string to
is very short, we can add identification to it by ensuring that the field begins with to using the ^
. The command...