I need to recover an email that another user on my network sent a few days ago. I got the email ID using the grep command on /var/log/mail.log, but I don't know what to do right now with this.
How can I use the ID to view the contents of an email?
Have a look and see if its on the queue with
sudo postqueue -p
If it is, read it using
sudo postcat -q MESSAGE_ID
If you have large attachement, the message is at the top, so pipe it into head to have a look
sudo postcat -q MESSAGE_ID | head -n 100
You can't get the contents of the email through your logs. Only when it was processed, and if it was sent of to some local mail transport or relayed. If the email is inbound and you have some mail transport setup (e.g. cyrus/pop3/imap), then you may want to look in the mailbox for the email ID. Otherwise, if the mail was to be relayed elsewhere, and was deferred or ran into a temporary error, you can check in the postfix queues:
postqueue -p
should list all email in the postfix queues. You can then look for the email itself in the queue with the given queue ID, which should probably be in /var/spool/postfix
Try to grep /var/log/mail.log.1, /var/log/mail.log.2, etc files too.
But if the email was not bounced via postfix there are no way to recover it. By default postfix keeps emails in undeliverable state (i.e bounced) within 5 days (parameter maximal_queue_lifetime).
