We have worked with logs from the Apache HTTP web server. The reality is that we can apply the same ideals and methodology to any log file. We will take a look at Postfix mail logs. The mail log holds all activity from the SMTP server and we can then see who has been sending e-mails to whom. The log file is usually located at /var/log/mail.log
. I will access this on my Ubuntu 15.10 server that has a local e-mail delivery. All this means is that the STMP server is listening only to the localhost interface of 127.0.0.1
.
The log format will change a little depending on the type of message. For example, $7
will contain from
logs on outbound message, whereas inbound messages will contain to
.
If we want to list all the inbound messages to the SMTP server, we can use the following command:
# awk ' ( $7 ~ /^to/ ) ' /var/log/mail.log
As the string to
is very short, we can add identification to it by ensuring that the field begins with to using the ^
. The command and output...