How can I see all sent emails from my mail server?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
My server was infected to a malware. That malware sent lots of emails to random people with random content (promotional content). And now, my domain authority is getting pretty low and every email I send goes to spam.
What I said is a guess (though I'm sure about that malware, but I'm not sure it has sent emails). Anyway, is there any log file or whatever similar contains a log of all emails that are sent from my mail server? If yes, where is it located?
Thanks in advance.
centos security logs email
asked Mar 7 at 11:38
Martin AJ
1133
add a comment |Â
up vote
2
down vote
favorite
My server was infected to a malware. That malware sent lots of emails to random people with random content (promotional content). And now, my domain authority is getting pretty low and every email I send goes to spam.
What I said is a guess (though I'm sure about that malware, but I'm not sure it has sent emails). Anyway, is there any log file or whatever similar contains a log of all emails that are sent from my mail server? If yes, where is it located?
Thanks in advance.
centos security logs email
asked Mar 7 at 11:38
Martin AJ
1133
It's a little more likely that hackers have found a valid username / password for your SMTP server than actually got malware onto your server. Unless they managed to crack your root password and log in via SSH. You should check your/var/log/auth.logto see if that looks likely and change any critical passwords. Simply having a server on a domain name will cause daily brute force attacks on an SMTP and SSH attempting lots of passwords on system account names, or lots of usernames against most common passwords.
– couling
Mar 7 at 12:00
if the machine is running a web-server with an insecure formmail type CGI or php script (esp. one that allows the remote user to specify the recipient address) then that may be the source of the spam. Martin should also check his web server logs for suspicious activity and disable any mail-sending CGI/php/etc scripts that he finds.
– cas
Mar 7 at 12:22
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
My server was infected to a malware. That malware sent lots of emails to random people with random content (promotional content). And now, my domain authority is getting pretty low and every email I send goes to spam.
What I said is a guess (though I'm sure about that malware, but I'm not sure it has sent emails). Anyway, is there any log file or whatever similar contains a log of all emails that are sent from my mail server? If yes, where is it located?
Thanks in advance.
centos security logs email
asked Mar 7 at 11:38
Martin AJ
1133
My server was infected to a malware. That malware sent lots of emails to random people with random content (promotional content). And now, my domain authority is getting pretty low and every email I send goes to spam.
What I said is a guess (though I'm sure about that malware, but I'm not sure it has sent emails). Anyway, is there any log file or whatever similar contains a log of all emails that are sent from my mail server? If yes, where is it located?
Thanks in advance.
centos security logs email
asked Mar 7 at 11:38
Martin AJ
1133
asked Mar 7 at 11:38
Martin AJ
1133
asked Mar 7 at 11:38
Martin AJ
1133
asked Mar 7 at 11:38
Martin AJ
1133
1133
It's a little more likely that hackers have found a valid username / password for your SMTP server than actually got malware onto your server. Unless they managed to crack your root password and log in via SSH. You should check your/var/log/auth.logto see if that looks likely and change any critical passwords. Simply having a server on a domain name will cause daily brute force attacks on an SMTP and SSH attempting lots of passwords on system account names, or lots of usernames against most common passwords.
– couling
Mar 7 at 12:00
if the machine is running a web-server with an insecure formmail type CGI or php script (esp. one that allows the remote user to specify the recipient address) then that may be the source of the spam. Martin should also check his web server logs for suspicious activity and disable any mail-sending CGI/php/etc scripts that he finds.
– cas
Mar 7 at 12:22
add a comment |Â
It's a little more likely that hackers have found a valid username / password for your SMTP server than actually got malware onto your server. Unless they managed to crack your root password and log in via SSH. You should check your/var/log/auth.logto see if that looks likely and change any critical passwords. Simply having a server on a domain name will cause daily brute force attacks on an SMTP and SSH attempting lots of passwords on system account names, or lots of usernames against most common passwords.
– couling
Mar 7 at 12:00
if the machine is running a web-server with an insecure formmail type CGI or php script (esp. one that allows the remote user to specify the recipient address) then that may be the source of the spam. Martin should also check his web server logs for suspicious activity and disable any mail-sending CGI/php/etc scripts that he finds.
– cas
Mar 7 at 12:22
It's a little more likely that hackers have found a valid username / password for your SMTP server than actually got malware onto your server. Unless they managed to crack your root password and log in via SSH. You should check your
/var/log/auth.log to see if that looks likely and change any critical passwords. Simply having a server on a domain name will cause daily brute force attacks on an SMTP and SSH attempting lots of passwords on system account names, or lots of usernames against most common passwords.– couling
Mar 7 at 12:00
It's a little more likely that hackers have found a valid username / password for your SMTP server than actually got malware onto your server. Unless they managed to crack your root password and log in via SSH. You should check your
/var/log/auth.log to see if that looks likely and change any critical passwords. Simply having a server on a domain name will cause daily brute force attacks on an SMTP and SSH attempting lots of passwords on system account names, or lots of usernames against most common passwords.– couling
Mar 7 at 12:00
if the machine is running a web-server with an insecure formmail type CGI or php script (esp. one that allows the remote user to specify the recipient address) then that may be the source of the spam. Martin should also check his web server logs for suspicious activity and disable any mail-sending CGI/php/etc scripts that he finds.
– cas
Mar 7 at 12:22
if the machine is running a web-server with an insecure formmail type CGI or php script (esp. one that allows the remote user to specify the recipient address) then that may be the source of the spam. Martin should also check his web server logs for suspicious activity and disable any mail-sending CGI/php/etc scripts that he finds.
– cas
Mar 7 at 12:22
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
3
down vote
accepted
Unless you've configured your mail transport agent ("MTA" - e.g. postfix, sendmail, exim, etc) to save a copy of every message sent by your system, you won't have a complete copy of the messages.
MTAs do, however, log the event of every message being sent or received - minimum details logged usually include at least the sender address, recipient address, message id and/or mail queue id, and the date & time that the message was sent.
This log is usually logged via syslog to /var/log/mail.log. If you're running systemd with syslog support disabled, you'll have to run journalctl -u <unitname>, where <unitname> is the name of your MTA's systemd unit - e.g. postfix or exim or sendmail.
answered Mar 7 at 11:50
cas
37.6k44392
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
accepted
Unless you've configured your mail transport agent ("MTA" - e.g. postfix, sendmail, exim, etc) to save a copy of every message sent by your system, you won't have a complete copy of the messages.
MTAs do, however, log the event of every message being sent or received - minimum details logged usually include at least the sender address, recipient address, message id and/or mail queue id, and the date & time that the message was sent.
This log is usually logged via syslog to /var/log/mail.log. If you're running systemd with syslog support disabled, you'll have to run journalctl -u <unitname>, where <unitname> is the name of your MTA's systemd unit - e.g. postfix or exim or sendmail.
answered Mar 7 at 11:50
cas
37.6k44392
add a comment |Â
up vote
3
down vote
accepted
Unless you've configured your mail transport agent ("MTA" - e.g. postfix, sendmail, exim, etc) to save a copy of every message sent by your system, you won't have a complete copy of the messages.
MTAs do, however, log the event of every message being sent or received - minimum details logged usually include at least the sender address, recipient address, message id and/or mail queue id, and the date & time that the message was sent.
This log is usually logged via syslog to /var/log/mail.log. If you're running systemd with syslog support disabled, you'll have to run journalctl -u <unitname>, where <unitname> is the name of your MTA's systemd unit - e.g. postfix or exim or sendmail.
answered Mar 7 at 11:50
cas
37.6k44392
add a comment |Â
up vote
3
down vote
accepted
up vote
3
down vote
accepted
Unless you've configured your mail transport agent ("MTA" - e.g. postfix, sendmail, exim, etc) to save a copy of every message sent by your system, you won't have a complete copy of the messages.
MTAs do, however, log the event of every message being sent or received - minimum details logged usually include at least the sender address, recipient address, message id and/or mail queue id, and the date & time that the message was sent.
This log is usually logged via syslog to /var/log/mail.log. If you're running systemd with syslog support disabled, you'll have to run journalctl -u <unitname>, where <unitname> is the name of your MTA's systemd unit - e.g. postfix or exim or sendmail.
answered Mar 7 at 11:50
cas
37.6k44392
Unless you've configured your mail transport agent ("MTA" - e.g. postfix, sendmail, exim, etc) to save a copy of every message sent by your system, you won't have a complete copy of the messages.
MTAs do, however, log the event of every message being sent or received - minimum details logged usually include at least the sender address, recipient address, message id and/or mail queue id, and the date & time that the message was sent.
This log is usually logged via syslog to /var/log/mail.log. If you're running systemd with syslog support disabled, you'll have to run journalctl -u <unitname>, where <unitname> is the name of your MTA's systemd unit - e.g. postfix or exim or sendmail.
answered Mar 7 at 11:50
cas
37.6k44392
answered Mar 7 at 11:50
cas
37.6k44392
answered Mar 7 at 11:50
cas
37.6k44392
answered Mar 7 at 11:50
cas
37.6k44392
37.6k44392
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f428725%2fhow-can-i-see-all-sent-emails-from-my-mail-server%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
It's a little more likely that hackers have found a valid username / password for your SMTP server than actually got malware onto your server. Unless they managed to crack your root password and log in via SSH. You should check your
/var/log/auth.logto see if that looks likely and change any critical passwords. Simply having a server on a domain name will cause daily brute force attacks on an SMTP and SSH attempting lots of passwords on system account names, or lots of usernames against most common passwords.– couling
Mar 7 at 12:00
if the machine is running a web-server with an insecure formmail type CGI or php script (esp. one that allows the remote user to specify the recipient address) then that may be the source of the spam. Martin should also check his web server logs for suspicious activity and disable any mail-sending CGI/php/etc scripts that he finds.
– cas
Mar 7 at 12:22