How can I monitor outgoing email from Unix and Sendmail?

Question

I am running a FreeBSD server and I have been sent a warning that spam has been sent from my server. I do not have it set as an open relay and I have customized the sendmail configuration. I'd like to know who is sending what email along with their username, email subject line as well as a summary of how much mail they have been sending. I would like to run a report on a log similar to how it is done when processing Apache server logs.

What are my options?

Answer 1

You can also monitor all system calls to write and read functions by executing:

ps auxw | grep sendmail | awk '{print"-p " $2}' | xargs strace -s 256 -f 2>&1 | grep -E $'@|(([0-9]+\.){3}[0-9]+)' | tee -a "/var/log/sendmail-logs.log"

This will give you direct access to the information, you cannot go deeper I think.

Answer 2

If FreeBSD have default config, you have only one way to handle output mail, check what sending through you sendmail system in /etc/mail.

All output mail must be logged by /var/log/maillog

Answer 3

One idea is to alias sendmail to be a custom script, which simply cats the sendmail arguments to the end of a log before calling sendmail in the usual manner.

Answer 4

Can you give some sample logs? I think you're best bet would be to look through them with either grep or cut to get the source/destinations that are being sent too. Also, you could write a Perl script to automate it once you have the correct regex. This would be the best option.