We have worked with logs from the Apache HTTP web server. The reality is that we can apply the same ideals and methodology to any log file. We will take a look at Postfix mail logs. The mail log holds all activity from the SMTP server and we can then see who has been sending emails to whom. The log file is usually located at /var/log/mail.log. I will access this on my Ubuntu 15.10 server that has a local email delivery. All this means is that the STMP server is listening only to the localhost interface of 127.0.0.1.
The log format will change a little depending on the type of message. For example, $7 will contain from logs on outbound messages, whereas inbound messages will contain to.
If we want to list all the inbound messages to the SMTP server, we can use the following command:
$ awk ' ( $7 ~ /^to/ ) ' /var/log/mail.log
As the string to...
