Mail Logs

Overview

Evidence: Mail Logs
Description: Collect Mail Logs
Category: System
Platform: linux
Short Name: maill
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes

Background

Linux mail logs record email server activities including message delivery, SMTP transactions, mail relay operations, and email-related errors from services like Postfix, Sendmail, or Exim.

Data Collected

This collector gathers structured data about mail logs.

Collection Method

This collector gathers mail log files from /var/log/mail*, including rotated archives, which contain email server operational logs.

Forensic Value

Mail logs are essential for investigating email-based attacks, spam campaigns, phishing attempts, email exfiltration, and mail server compromise. They provide evidence of email communications and server abuse.