# Mail Logs

## Overview

**Evidence:** Mail Logs\
**Description:** Collect Mail Logs\
**Category:** System\
**Platform:** linux\
**Short Name:** maill\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Linux mail logs record email server activities including message delivery, SMTP transactions, mail relay operations, and email-related errors from services like Postfix, Sendmail, or Exim.

## Data Collected

This collector gathers structured data about mail logs.

## Collection Method

This collector gathers mail log files from /var/log/mail\*, including rotated archives, which contain email server operational logs.

## Forensic Value

Mail logs are essential for investigating email-based attacks, spam campaigns, phishing attempts, email exfiltration, and mail server compromise. They provide evidence of email communications and server abuse.