How can I see all sent emails from my mail server?

centos security logs email
57,733

Unless you've configured your mail transport agent ("MTA" - e.g. postfix, sendmail, exim, etc) to save a copy of every message sent by your system, you won't have a complete copy of the messages.

MTAs do, however, log the event of every message being sent or received - minimum details logged usually include at least the sender address, recipient address, message id and/or mail queue id, and the date & time that the message was sent.

This log is usually logged via syslog to /var/log/mail.log. If you're running systemd with syslog support disabled, you'll have to run journalctl -u <unitname>, where <unitname> is the name of your MTA's systemd unit - e.g. postfix or exim or sendmail.

Share:
57,733

Related videos on Youtube

Martin AJ
Author by

Martin AJ

Updated on September 18, 2022

Comments

  • Martin AJ
    Martin AJ almost 2 years

    My server was infected to a malware. That malware sent lots of emails to random people with random content (promotional content). And now, my domain authority is getting pretty low and every email I send goes to spam.

    What I said is a guess (though I'm sure about that malware, but I'm not sure it has sent emails). Anyway, is there any log file or whatever similar contains a log of all emails that are sent from my mail server? If yes, where is it located?

    Thanks in advance.

    • Philip Couling
      Philip Couling over 6 years
      It's a little more likely that hackers have found a valid username / password for your SMTP server than actually got malware onto your server. Unless they managed to crack your root password and log in via SSH. You should check your /var/log/auth.log to see if that looks likely and change any critical passwords. Simply having a server on a domain name will cause daily brute force attacks on an SMTP and SSH attempting lots of passwords on system account names, or lots of usernames against most common passwords.
    • Alessio
      Alessio over 6 years
      if the machine is running a web-server with an insecure formmail type CGI or php script (esp. one that allows the remote user to specify the recipient address) then that may be the source of the spam. Martin should also check his web server logs for suspicious activity and disable any mail-sending CGI/php/etc scripts that he finds.
  • Svetoslav Angelov
    Svetoslav Angelov over 4 years
    In my case, the emails were being refused by gmail and the information was located in a file in /var/mail folder.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What audit log files are created in linux to track a users activities?
Am i hacked? unknown processes dsfref, gfhddsfew, dsfref etc are starting automatically in centos 6.5
"Successful su for user by root" - suspicious entries in my /var/log/auth.log?
I am unable to generate a gpg key through the keyring program
Where are ALL ubuntu logs/terminal history stored
How to make my server email me when there are security updates?
Access Prompt keeps asking for GMail password
What automated intrusion notification/detection setup is good for home desktop use?
What does "Require all granted" on Directory / (root) REALY means? (Apache 2.4 on CentOS7
How to trace an actual IP of email sender?