I needed to find all the email that a user sent with only the postfix mail.log. This simple script does that. There is probably an easier way :-)

#!/bin/bash USERNAME=$1 for i in `grep -A2 $USERNAME mail.log | \
grep message-id | cut -d'<' -f2 | cut -d'>' -f1`; \
do grep "$i" /var/log/mail.log | grep "to=" | awk '{ print $7 }' | \
cut -d'<' -f2 | cut -d'>' -f1; done | sort | uniq -c