I have received a letter from my hoster, that my server sends a lot of emails.
It's strange.
How can I enable logging of emails? Or just of to headers.
Ubuntu 12.04, postfix.
31 Answer
Logging is enabled by default
See /var/log/mail.log:
Jan 20 06:47:57 zarafa postfix/qmgr[1021]: A1749428: from=<>, size=2110, nrcpt=1 (queue active)
Jan 20 06:47:57 zarafa postfix/smtpd[21751]: disconnect from mail.thuis.mydomain.net[192.168.25.17]
Jan 20 06:47:58 zarafa postfix/lmtp[21756]: A1749428: to=<>, orig_to=<>, relay=localhost[127.0.0.1]:2003, delay=0.5, delays=0.15/0.01/0.08/0.26, dsn=2.1.5, status=sent (250 2.1.5 Ok)
Jan 20 06:47:58 zarafa postfix/qmgr[1021]: A1749428: removedBe careful about mail servers becoming an open mail relay due to a configuration change, as you probably don't intend to run one. Because, if it is, then your server is a very easy target for spammers to abuse your mail server.
Subject logging
In the comments your question changed to how to enable logging of the subject. One important note here is that Postfix is an MTA (Mail Transport Agent) and it's not responsibility of an MTA to do stuff with the contents of mails. It's simply only concerned about the headers for transport primarily.
However, with Postfix as an MTA you're lucky as it does have a feature to help you out. It's possible to log based on a regular expression to match on the headers using this method:
Install the package
postfix-pcre.Create a file with the regular expression to match, e.g.
/etc/postfix/header_checks:/^Subject:/ INFOIn your
/etc/postfix/main.cfadd this to your configuration with a line like this:header_checks = pcre:/etc/postfix/header_checksReload the configuration:
sudo service postfix reloadView the logs:
Jan 20 13:50:01 zarafa postfix/cleanup[1416]: 74D321034: info: header Subject: testsubject from localhost[127.0.0.1]; from=<> to=<> proto=ESMTP helo=<zarafa>
For more content-based inspection, see the manpage about header_checks(5).
1
