Reviewing Sendmail smtp log 2

[insanenupe]

We had some spamming coming from one of our client machines. When the users hit the firewall the IP is then the same across the board.

Its my understanding the smpt logs would tell me what user is spamming. How do I view the smtp logs?

 

[mbrooks]

This will allow you to monitor the user in realtime.

% cd /var/log/
% tail -f maillog | grep [i]<username>[/i]

M. Brooks

http://mbrooks.info

 

[insanenupe]

Mbrooks, thanks for you response. I will try that. But is there a way to view all users? Its does not necessarily have to be in realtime. Thanks in advance

 

[mbrooks]

Check the log manually.

% vi /var/log/maillog

M. Brooks

http://mbrooks.info

 

[insanenupe]

That works. thanks. however it only goes back a few days, is there any archieve to view files weeks even months ago.

 

[mbrooks]

Goto the /var/log. Inside that folder you should find archived maillog's.

M. Brooks

http://mbrooks.info

 

[mbrooks]

Also note. The files are likely compressed using gzip.

To decompress do:

% gzip -d [i]<filename>[/i]

M. Brooks

http://mbrooks.info

 

[mbrooks]

One last thing.. If you want to retrieve the log entries from a single user.

% grep [i]<username>[/i] /var/log/mailog > user_entries.txt

M. Brooks

http://mbrooks.info