How to test whether unknown user sent mail in postfix?

Sebastiaan Alvarez Rodriguez asked:

Good day to you all,

today, I was setting up a postfix mail server. Everything works well: mails get forwarded from my server’s mail address, [email protected], to my personal email [email protected].

When testing with telnet, like this, I found that I could send mail only to [email protected].

The problem

The thing is: My logs show me that I get connections from ‘unknown’.
Here is a part of my /var/log/maillog (default CentOS postfix log location. On other Linux systems possibly /var/log/mail.log):

Jun  2 22:58:31 vps postfix/smtpd[23587]: connect from unknown[A.B.C.D]
Jun  2 22:58:31 vps postfix/smtpd[23585]: connect from unknown[A.B.C.E]
Jun  2 22:58:43 vps postfix/smtpd[23592]: connect from unknown[A.B.F.G]
Jun  2 22:58:55 vps postfix/smtpd[23597]: connect from unknown[A.B.F.H]
Jun  2 22:58:58 vps postfix/smtpd[23587]: disconnect from unknown[A.B.C.D]
...

With my current ruleset, these unknown spambots should be completely unable to send their garbage on their way to the internet.

However, I would like to check if these unknowns actually got any mail sent from my server.

What I tried

I tried the mailq command to check queued mails. This list was empty. However, this does not exclude that there was traffic.
Also, I checked my log with cat /var/log/maillog | grep 'sent'. Zero matches. I am uncertain whether this means no bot could send spam or that postfix does not log sent mails from unknown’s.

The Question

How can one check outgoing mail traffic with postfix?

My answer:


If any mail was sent, it would be in the log.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.