The ls (list) command can be used to list emails in a user's new mail directory and root's new mail directory.
If there are new emails in the new mail directory, each email will be a file with a string of psuedo-random data. As an example, there could be a file in the new mail directory such as 114879058.P856I6E4567229. This file will contain the email metadata. The cat command can be used to view the metadata.
Depending on the Linux distro you are using, one of the following commands will be used to view the mail log:
[root@mail ~]# tail -20 /var/log/maillog [root@mail ~]# tail -20 /var/log/mail.log [root@mail ~]# journtalctl --since="today" | grep postfix
The -f option lets you view the mail log in real time, which can be very helpful in identifying the exact command that is causing some error in the log.
[root@mail ~]# tail -f /var/log/maillog [root@mail ~]# tail -f /var/log/mail.log
If the mail log has dsn=2.0.0 and status sent (250 2.0.0 OK), this means the relay server accepted the email. In this example, this means that mail.isp.com accepted the email. The ISP may refuse to deliver the mail. Perhaps the ISP spam filter has filter the email. You will want to ensure your Postfix / Dovecot email server is configured to receive emails, because the ISP may attempt to send you an email that explains why the email was not delivered.
Aug 2 17:36:16 localhost postfix/smtp: 12A95860867: email@example.com, relay=mail.isp.com, delay=xxx, delays=xxx, dsn=2.0.0, status=sent (250 2.0.0 OK)
In the mail log, look for an event like the event listed in the below text box.
Aug 2 17:36:16 localhost postfix/smtp: 12A95860867: to=, relay=none, delay=68, delays=68/0.01/0.24/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=jeremy type=AAAA: Host not found)
For this error, follow the article on Host or domain name not found in the Postfix mail logs.
If the mail log has numerous events with text unknown[ip address]: SASL LOGIN authentication failed: authentication failure, and you do not recognize the IP address, this could be hackers attempting to determine your Postfix user name. If there are numerous attempts from the unknown IP address where there seems to be repetitive attempts to guess your email server user name, you can be almost certain that hackers are attempts to guess your Postfix user name. This implies that you have not secured your Linux computer by setting up rules in the /etc/hosts.allow and /etc/hosts.deny files. Follow these directions to secure your Linux computer by setting up allow and deny rules.
This should prevent the hackers from being able to connect to your computer and perform brute force username/password guessing attacks.