Find the answer to your Linux question:
Results 1 to 6 of 6
Hello Question for ya'll. I have a server wich is a shared web-/mailhosting. I'm tailing my mail.log and notice that a mail has been send every 10 minutes, I know ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2010
    Posts
    3

    Extend Postfix Logging


    Hello

    Question for ya'll.

    I have a server wich is a shared web-/mailhosting.

    I'm tailing my mail.log and notice that a mail has been send every 10 minutes, I know that it is a cron or webscript but I can't figure out where its coming from.

    Does anyone have any tips how to figure out the source of an e-mail? Or is it possible to extend the postfix logging to see what the source is of messages? It would be great to see the body and subject of a message that has been send.

    Thanks in advance guys!

  2. #2
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    In the log entry showing the "to=" for the message, the last field before "to=" should be the queue id. So, you'll see something like
    o3JNdAPa018493: to=username

    Then grep for o3JNdAPa018493 in the mail log and look for the "from=" entry.

  3. #3
    Just Joined!
    Join Date
    Apr 2010
    Posts
    3
    The message was locally submitted by a local script, there is no from address.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    There's a SMTP FROM address for every message. I suppose that you mean that it's not useful in determining what process is originating the messages. I'm sorry, I misunderstood what you needed to figure out.

    Look at the postsuper command (assuming you have privileges to control the mail daemons and queues). You can put the queue on hold, then use postcat to inspect contents of messages, or just look at the raw queue files.

  6. #5
    Just Joined!
    Join Date
    Apr 2010
    Posts
    3
    Thanks for the tip!
    Will try it out when I get the chance.

  7. #6
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    You're welcome. BTW, the most likely culprit for an every 10 minutes message is the default sa1 step from /etc/cron.d/sysstat. It happens every 10 and makes no provision for redirecting stderr, so any non-stdout output will generate an e-mail. I've had this happen when someone installed the 32 and 64 bit sysstat packages and somehow ended up with only the /usr/lib64/sa executables but with the 32 bit script, which uses a /usr/lib/sa path.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •