Can I have ps -aux report the user that is sending e-mail?

psimation used Ask the Experts™
When I do a ps -aux from time to time, I notice that the sendmail processes lists the address or IP the mail is coming from/going to, but I would really like to see the user that is sending/receiving as well, and if possible a clear indication of whether it is outgoing or incoming mail.

Only reason for this is so I can have a nice quick way of seeing what is going on at a given time, and hopefully it should be fairly easy to spot a spam session going out.

I think this information is available in the sendmail logs right? But I was just hoping one could "tweak" the output of sendmail processes to the ps a bit...
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ps cannot do this (except you modify sendmail to do it).
Sendmail usually writes a log file, /var/log/mail, wher all the information you want will be logged.


Hi ahoffmann
I had a look at the /var/log/maillog file, but it doesn't show the local user affected. It simply shows :

Nov 19 12:44:58 chaos sendmail[8415]: gAJAisK08415: from=<>, size=1684, class=0, nrcpts=1, msgid=<>, proto=ESMTP, daemon=MTA, relay=[]
Nov 19 12:44:58 chaos sendmail[8418]: gAJAisK08415: to=<>, delay=00:00:04, xdelay=00:00:00, mailer=cyrus, pri=31684, relay=localhost, dsn=2.0.0, stat=Sent
Nov 19 12:45:00 chaos sendmail[8416]: gAJAitK08416: from=<>, size=2823, class=-60, nrcpts=1, msgid=<>, proto=SMTP, daemon=MTA, []

and I'm not sure what it all means...
> and I'm not sure what it all means...
may I just repeat the first entry (partially):

    (send)mail  gAJAisK08415 from=...

and the second one:

    (send)mail  gAJAisK08415 to=... stat=sent

hmm, somthing which cannot be understood by simply reading ;-)

As you see, sendmail spawns 2 processes [pid 8415 and 8418] to handle mail: one for receiving, one for delivering. In the log they glue together by a uniqe ID: gAJAisK08415.
That's the reason why you cannot get the information with ps: 2 (or more) processes.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!


It's very "cramped", the whole point I'm trying to make is reporting the mail usage in a very simple way so you can scan it visually and quickly pickup "paterns" to detect spam being sent from the server.
Would this only be possible by processing the log file?
> Would this only be possible by processing the log file?
AFAIK no, but as long as you do not have specialised software for that, processing the logs might be simple solution.

Think that such a script exists, somewhere, somehow ..
Have you searched the web?
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
Accept comments from ahoffman as answer
Please leave any comments here within the next seven days.


EE Cleanup Volunteer


Sorry, havn't received any mail bar the last one about this question.

Will award to ahoffmann

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial