I am really a beginner with Linux.

I have located /var/log/maillog

As I understand it this shows mail being sent through this server? For example if I authenticate as a valid user on the system and send an email I will see a log entry here?

If I send an email from say my hotmail account to a domain which is handled by this server it gets put into the mailbox for that account (according to my settings in /etc/mail/virtusertable) will it be logged in /var/log/maillog? I suppose I don't know if sendmail (this system is I think running sendmail) handles receiving emails as well.

Many thanks

Any mail message passing through the mail service on the system will be logged.

There is no difference between a local user sending mail (if it is using the local service for delivery) or a remote connection making a connection for delivery. All messages get logged.

The only time a message ISN'T logged will be when the user client makes a connection to a remote mail service for delivery, or for retrieving mail. Since the local service isn't being contacted, there can be no messages logged.

1 members found this post helpful.

Ok. Thanks. I can see them coming in.

The problem is that my client's server is sending out hundreds of emails an hour. It is set up for SMTP auth. I think the most likely candidate is a virus on his office Windows machine which is using his Outlook accounts to send the mails.

Another candidate is that someone has got hold of his password and is sending them from elsewhere. Looking at the maillog I think I can see what looks like the IP address of where the user came from : if this is his machine that will answer that one.

However; having changed the passwords for these users I am still seeing dozens of emails going through sendmail. Since they say to=<someaddress rather than from=< I assume they are outward bound? EDIT: yes. Clearing /var/spool/mqueue seems to have dealt with this.


Thanks

-- Justin Wyllie