CentOS Linux Server Installation , FAQ, Tips and Tricks

Postfix Mail System - Find out the total email send by each user last 24 hours

Some readers ask me is there a quick way to find out total emails have been send out by particular user?

This is rather important when we find out those email accounts that have compromised by spammer.

The easiest way is look at our /var/log/maillong. However, there are thousand of lines and it is rather impossible for us to calculate each lines.

Thus, we need some help from the Linux CLI.

The output will be as below

15 sasl_username=[email protected]
2206 sasl_username=[email protected]
5 sasl_username=[email protected]
3 sasl_username=[email protected]
1 sasl_username=[email protected]
..

From above, the total email send out by james was 2206. This might draw your attention to investigate further to confirm the amount of legitimate email send by this user.

If the answer you get from user was lesser than that. The account might has already compromised. I would suggest you to change the password immediately.

Note.

Please check if your log rotation is configured as daily? If no, please change it to highlighted below

cat /etc/logrotate.d/maillog

var/log/maillog {
compress
daily
rotate 30
create 0600 root root
missingok

# Use bzip2 for compress.
compresscmd /usr/bin/bzip2
uncompresscmd /usr/bin/bunzip2
compressoptions -9
compressext .bz2

postrotate
/bin/kill -HUP $(cat /var/run/syslogd.pid 2> /dev/null) 2> /dev/null || true
endscript
}

Hope this help to ease your daily admin task.

CentOS Server Guide by http://www.1a-centosserver.com is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.

All trademarks are the property of their respective owners.

Postfix Mail System - Find out the total email send by each user last 24 hours

sort /var/log/maillog | grep sasl | cut -d ' ' -f 9 |sort | uniq -c | less