1

Recently I did an audit of my machine with logwatch and found out that my machine sends around 582 mails everyday. 

 STATISTICS
 ----------

 Messages To Recipients:  582
 Addressed Recipients:    582
 Bytes Transferred:       444985
 Messages No Valid Rcpts: 0

 SMTP SESSION, MESSAGE, OR RECIPIENT ERRORS
 ------------------------------------------

Next day 

 STATISTICS
 ----------

 Messages To Recipients:  153
 Addressed Recipients:    279
 Bytes Transferred:       8613451
 Messages No Valid Rcpts: 0

 SMTP SESSION, MESSAGE, OR RECIPIENT ERRORS
 ------------------------------------------

How can I audit more to find out the email ids to where did is send, program which schedules this etc?

Quintin Par
  • 4,373
  • 11
  • 49
  • 72

4 Answers4

4

You need to first fine out which MTA you are running. EXIM, Sendmail, Postfix etc.. Each of these MTA's have different log files. Without knowing your server setup, the best suggestion would be to dig into /var/log/maillog

Binoy
  • 49
  • 1
3

If you have syslog setup, there may be a /var/log/maillog file containing all the mail to/from lines. I'm sorry that this will not indicate the program that sent the mail however.

mdpc
  • 11,856
  • 28
  • 53
  • 67
1

Real Postmaser must read real logs, everyday!

500+ emails per day isn't giant number for any mid-size e-mail emitter. Zero bounces is a (somehow) sign of "good nature" of these e-mails

Lazy Badger
  • 3,137
  • 15
  • 13
1

Use log analyzer to find count of sender, recipient, domain etc. and other details. So that you can analyze the situation better.

Google Keyword: sendmail log analyzer

Sachin Divekar
  • 2,525
  • 2
  • 21
  • 23