Postfix
Postfix SMTP logs show connection handshakes, queue IDs, delivery attempts, status codes and relay decisions.
EnginsightGlobal Fields (4)
| Field | Type |
|---|---|
ngs.id Unique identifier for the log entry. | string |
ngs.createdAt Timestamp when the event was created locally. | pdate |
ngs.indexedAt Timestamp when the log was indexed into the SIEM. | pdate |
ngs.source Origin or source system of the log. | string |
Reference-Specific Fields (7)
| Field | Type |
|---|---|
postfix.queueId Unique identifier assigned by Postfix to the message in the mail queue. | string |
postfix.messageId The Message-ID header of the email as provided by the sending client. | string |
postfix.from Envelope sender address of the email. | text_general |
postfix.to Envelope recipient address of the email. | text_general |
postfix.clientIp IP address of the SMTP client that submitted the message. | text_general |
postfix.clientHostname Hostname of the SMTP client that connected to Postfix. | text_general |
postfix.status Delivery status of the message (e.g., sent, deferred, bounced). | text_general |
Sample Log Event
Below is a representative JSON log entry showing key fields as they’re emitted by the system. Depending on the context of the event, some fields may be omitted if they’re not applicable.