I have an abuse report for an email which only contains a message ID. How can I find the recipient email address in Postfix sent emails?
I searched the logs with cat /var/log/mail.log } grep [ID] -C 20 but the message details I see do not appear to be the right email because the mail server host does not match the abuse report.. I can't determine if I'm getting the queue ID or the message ID.
Grepping logs with Message-ID will give you a Postfix Queue ID:
YYYYYYYYYYis the Queue ID here. Now you have to grep again:As you see, grepping with either one doesn't differ much. Notice, external actors likely to tell you Message ID, because they may be unaware of your internal Queue ID.
In my case
lmtplogged the recipient address because this was locally delivered mail with LMTP, but in case of ougoing mail the service that should log the "to" address could besmtp.In any case,
-Cmay not help, because there could be lines that intervene with this mail processing. Also, notice, normally log files get rotated, so you may need to look up in older files,mail.log.1and so on. Old files might be compressed, so use for examplezgrep YYYYYYYYYY mail.log.2.gz, or whatever on your system it is.