Tool to analyze postfix maillog
Solution 1
Using grep will get you some of the data for a domain but in order to retrieve all you would need to get the actual message ID for each message. Then grep for all of those messages ID's. Try this instead though.. http://sareport.darold.net/
Solution 2
Just parse your logfile with grep command. It's clean and simple.
grep -i --color [email protected] /var/log/maillog
Since you're using iRedMail you can even use AWStats that's builtin on the package. Take a look and check if this is sufficient to your needs: http://awstats.sourceforge.net; and there's a screenshot too: http://awstats.sourceforge.net/awstats.mail.html
Andreas Hinderberger
Updated on September 18, 2022Comments
-
Andreas Hinderberger almost 2 years
I have a mailserver running on iRedMail.
Recently we have some issues that people reporting they would receive phisihing emails from us, which haven't been sent by the users they are saying the are coming from.
Is there a tool (offline is fine too) to parse the maillog files to retrieve all entries related to a given email address?
Like for example: [email protected]
and it will output me all log entries related to mails from and to this email address?
Thanks.
-
Andreas Hinderberger about 10 yearsi would need more than only the lines containing this email address. i would like to have all lines related to this (based on the message id for example, like connect to mailserver with auth infos a.s.o.)
-
jeffatrackaid about 10 yearsSometimes I have to recursively grep for this. Extract all lines with the desired to/from pairs, extract the message IDS then grep again. Pretty easy to script up using grep/awk/sed/while loops.
-
-
Andreas Hinderberger about 10 yearsthis would show me up only the lines that contain the email address but not the other lines that are related to it (by the message id)
-
Vinícius Ferrão about 10 yearsCheck if AWStats is sufficient for you.
-
Andreas Hinderberger about 10 yearsAWStats shows me only the summary, but i can't select to "detail" on given email address
-
Vinícius Ferrão about 10 yearsDo you have the RAW message from ppl complaining about this? Perhaps the message was forged using your domain mail address?
-
Andreas Hinderberger about 10 yearsI am waiting for the RAW, but haven't received anything yet.
-
Andreas Hinderberger about 10 yearsI am nearly 99% sure that the email was not from our mailserver, but just wanted a tool to make it possible to directely check it in the mailserver logs, before "nerving" the receipient to send us back the original message headers.
-
Tutul about 10 yearsThe message-id present in postfix logs is not unique in the long term, it's unique only in a short time span. Don't rely on it to identify an email uniquely during later processing. See here - postfix.1071664.n5.nabble.com/…
