On Thu, Jun 11, 2009 at 08:45:34PM +0700, Sthu Pous wrote:
> Do You know a way how I can track an local application/process that called
> postfix to send a messages (on a hacked system)?
The only thing recorded by Postfix is either the SMTP client source IP
address (and optionally the source port) or the Unix uid of the process
that invoked sendmail(1). With SMTP, if the client uses SASL auth,
that's also in the logs.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
