Join Log in
Score:0
avatar Server

In Postfix, how can I find the recipient address using Message-ID?

cn flag
markhorrocks

I have an abuse report for an email which only contains a message ID. How can I find the recipient email address in Postfix sent emails?

I searched the logs with cat /var/log/mail.log } grep [ID] -C 20 but the message details I see do not appear to be the right email because the mail server host does not match the abuse report.. I can't determine if I'm getting the queue ID or the message ID.

284
0 + 0
anx avatar
fr flag
anx
What information *did* you get when you searched for the message-id in your logs? And what information did you get when searching for the queue ids mentioned in the results? (Please [edit] your question to include the information you *do* have, maybe those log lines contain hints on what else you need to do).
0
Reply
cn flag
markhorrocks
I have no idea how to start. I have read that the queue ID is not the message ID.
0
Reply
Score:2
Nikita Kipriyanov avatar Server
za flag
Nikita Kipriyanov

Grepping logs with Message-ID will give you a Postfix Queue ID:

# grep XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX mail.log
Oct  3 00:10:48 mx postfix/cleanup[25302]: YYYYYYYYYY: message-id=<XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX>

YYYYYYYYYY is the Queue ID here. Now you have to grep again:

# grep YYYYYYYYYY mail.log
Oct  3 00:10:48 mx postfix/smtpd[25294]: YYYYYYYYYY: client=????????????????????
Oct  3 00:10:48 mx postfix/cleanup[25302]: YYYYYYYYYY: message-id=<XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX>
Oct  3 00:10:48 mx postfix/qmgr[30545]: YYYYYYYYYY: from=<[email protected], ...
Oct  3 00:10:48 mx postfix/lmtp[25306]: YYYYYYYYYY: to=<[email protected]>, ...
Oct  3 00:10:48 mx postfix/qmgr[30545]: YYYYYYYYYY: removed

As you see, grepping with either one doesn't differ much. Notice, external actors likely to tell you Message ID, because they may be unaware of your internal Queue ID.

In my case lmtp logged the recipient address because this was locally delivered mail with LMTP, but in case of ougoing mail the service that should log the "to" address could be smtp.

In any case, -C may not help, because there could be lines that intervene with this mail processing. Also, notice, normally log files get rotated, so you may need to look up in older files, mail.log.1 and so on. Old files might be compressed, so use for example zgrep YYYYYYYYYY mail.log.2.gz, or whatever on your system it is.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.