Extend Postfix Logging
Question for ya'll.
I have a server wich is a shared web-/mailhosting.
I'm tailing my mail.log and notice that a mail has been send every 10 minutes, I know that it is a cron or webscript but I can't figure out where its coming from.
Does anyone have any tips how to figure out the source of an e-mail? Or is it possible to extend the postfix logging to see what the source is of messages? It would be great to see the body and subject of a message that has been send.
Thanks in advance guys! :)
In the log entry showing the "to=" for the message, the last field before "to=" should be the queue id. So, you'll see something like
Then grep for o3JNdAPa018493 in the mail log and look for the "from=" entry.
The message was locally submitted by a local script, there is no from address.
There's a SMTP FROM address for every message. I suppose that you mean that it's not useful in determining what process is originating the messages. I'm sorry, I misunderstood what you needed to figure out.
Look at the postsuper command (assuming you have privileges to control the mail daemons and queues). You can put the queue on hold, then use postcat to inspect contents of messages, or just look at the raw queue files.
Thanks for the tip! :)
Will try it out when I get the chance.
You're welcome. BTW, the most likely culprit for an every 10 minutes message is the default sa1 step from /etc/cron.d/sysstat. It happens every 10 and makes no provision for redirecting stderr, so any non-stdout output will generate an e-mail. I've had this happen when someone installed the 32 and 64 bit sysstat packages and somehow ended up with only the /usr/lib64/sa executables but with the 32 bit script, which uses a /usr/lib/sa path.