3

I have received a letter from my hoster, that my server sends a lot of emails.

It's strange.

How can I enable logging of emails? Or just of to headers.

Ubuntu 12.04, postfix.

Dmitry
  • 257
  • I'm curious as to what you search for yourself. The first hit on Google using mail log ubuntu highlights the location of the log. – gertvdijk Jan 20 '13 at 10:39
  • The problem is I want to see subjects. – Dmitry Jan 20 '13 at 11:20
  • I've added subject logging to my answer. Next time put this into your question, as this is not trivial and a very important aspect. (see my answer for why this isn't trivial) – gertvdijk Jan 20 '13 at 13:41

1 Answers1

10

Logging is enabled by default

See /var/log/mail.log:

Jan 20 06:47:57 zarafa postfix/qmgr[1021]: A1749428: from=<root@thuis.mydomain.net>, size=2110, nrcpt=1 (queue active)
Jan 20 06:47:57 zarafa postfix/smtpd[21751]: disconnect from mail.thuis.mydomain.net[192.168.25.17]
Jan 20 06:47:58 zarafa postfix/lmtp[21756]: A1749428: to=<gert@mydomain.net>, orig_to=<gert@zarafa.thuis.mydomain.net>, relay=localhost[127.0.0.1]:2003, delay=0.5, delays=0.15/0.01/0.08/0.26, dsn=2.1.5, status=sent (250 2.1.5 gert@mydomain.net Ok)
Jan 20 06:47:58 zarafa postfix/qmgr[1021]: A1749428: removed

Be careful about mail servers becoming an open mail relay due to a configuration change, as you probably don't intend to run one. Because, if it is, then your server is a very easy target for spammers to abuse your mail server.

Subject logging

In the comments your question changed to how to enable logging of the subject. One important note here is that Postfix is an MTA (Mail Transport Agent) and it's not responsibility of an MTA to do stuff with the contents of mails. It's simply only concerned about the headers for transport primarily.

However, with Postfix as an MTA you're lucky as it does have a feature to help you out. It's possible to log based on a regular expression to match on the headers using this method:

  1. Install the package postfix-pcre.

  2. Create a file with the regular expression to match, e.g. /etc/postfix/header_checks:

    /^Subject:/ INFO

  3. In your /etc/postfix/main.cf add this to your configuration with a line like this:

    header_checks = pcre:/etc/postfix/header_checks

  4. Reload the configuration:

    sudo service postfix reload

  5. View the logs:

    Jan 20 13:50:01 zarafa postfix/cleanup[1416]: 74D321034: info: header Subject: testsubject from localhost[127.0.0.1]; from=<gert@mydomain.net> to=<user@example.org> proto=ESMTP helo=<zarafa>

For more content-based inspection, see the manpage about header_checks(5).

gertvdijk
  • 67,947