Evidence: Mail Logs
Description: Collect Mail Logs
Category: System
Platform: linux
Short Name: maill
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Linux mail logs record email server activities including message delivery, SMTP transactions, mail relay operations, and email-related errors from services like Postfix, Sendmail, or Exim.
Data Collected
This collector gathers structured data about mail logs.
Collection Method
This collector gathers mail log files from /var/log/mail*, including rotated archives, which contain email server operational logs.
Forensic Value
Mail logs are essential for investigating email-based attacks, spam campaigns, phishing attempts, email exfiltration, and mail server compromise. They provide evidence of email communications and server abuse.
