Differences

This shows you the differences between two versions of the page.

--- software:postfix:quickreference [2020/09/14 20:00] – created rodolico
+++ software:postfix:quickreference [2020/09/22 21:00] – rodolico
@@ Line 11: / Line 11: @@
   - That is the user that has been hacked
+===== Look for specific activity =====
+The mail log (/var/log/mail.log on Debian derivatives) contains way too much information most of the time. Here, //grep// is your friend. You can find different things based on which daemon is reporting the line item, then further refine by adding an additional grep after.
+For example, if you were moving a domain from one server to another, it is common to allow the old server to accept messages for a while to keep from losing your clients e-mail. So, for example, if you wanted to know the last time any mail was delivered to an example.com account, you would do.
+<code bash>grep delivered mail.log | grep example.com | tail</code>
+  * If you want to see who is sending mail, try looking for the submission daemon in the log. You can then narrow it down with a second grep<code bash>grep submission /var/log/mail.log | grep keyword_to_search_for</code>
+  * If you want to see who is receiving mail, look for the delivered keyword in the log. This only shows you mail that has been accepted and delivered. <code bash>grep delivered mail.log | grep keywork_to_search_for</code>