1 Topic by markpike

  • markpike
  • Member
  • Offline
  • Registered: 2014-07-05
  • Posts: 23

Topic: Search Log files by Subject

==== Required information ====
- iRedMail version: 1.8.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Ubuntu12
- Related log if you're reporting an issue:
====

Have been told that one of the hosted accounts is compromised and sending a virus - all I have been provided is the Subject line "Invoice#.doc" and time

How do I search the logs to find the compromised account?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Search Log files by Subject

Postfix doesn't log mail subject by default, except you add some header_checks rule to ask it to do so.

If you have '@storage_sql_dsn' setting enable in Amavisd, it will log mail subject of in/out emails, but iRedAdmin-Pro doesn't support searching with mail subject.

A easier way is, asking this virus recipient to give you more details about this virus email. the most important part is mail headers. then you can filter Postfix log file with sender/recipient to find out more info about this virus email and compromised accounts.