This is just some notes on things I do in Postfix.
grep 'postfix/smtp' /var/log/mail.log | cut -d ':' -f4 | grep -v 'connect' | grep -v warning | grep -v SSL | sort | uniq -c | sort -nr | head
grep 47B5F826C2 /var/log/mail.log | grep 'from=' | cut -d':' -f5 | cut -d'<' -f2 | cut -d'>' -f1
grep mail.brakzijn.nl mail.log | grep RCPT | cut -d'[' -f3 | cut -d']' -f1 | sort | uniq -c | sort -rn | head
grep 126.96.36.199 /var/log/mail.log | grep 'sasl_method=LOGIN' | cut -d'=' -f4 | sort | uniq -c | sort -rn
The mail log (/var/log/mail.log on Debian derivatives) contains way too much information most of the time. Here, grep is your friend. You can find different things based on which daemon is reporting the line item, then further refine by adding an additional grep after.
For example, if you were moving a domain from one server to another, it is common to allow the old server to accept messages for a while to keep from losing your clients e-mail. So, for example, if you wanted to know the last time any mail was delivered to an example.com account, you would do.
grep delivered mail.log | grep example.com | tail
grep submission /var/log/mail.log | grep keyword_to_search_for
grep delivered mail.log | grep keywork_to_search_for
Actually, this is the total message size. It is in bytes, so it is a very large number.
To see what the current setting is, type
postconf | grep message_size_limit
. If the value is not explicitly entered in main.cf, the default value is show.
To set a new value, type
postconf -e message_size_limit=26214400
. The number is 25 Megabytes, or 25*1024*1024 (from a calculator). Obviously, you need to reload or restart postfix for this to take effect.