In regards to recent phishing campaigns that have surfaced (Docusign) we would really like to see the ability to export a list of source IPs so that we can add to the appropriate blocklists. Syslog doesn't appear to log the source IP address along with the sender information. For example, there may be one log entry for "connect from unknown[x.x.x.x]" and one for "from=<me@domain.com>..." but they aren't really any use if they aren't together. There is no way to correlate the email logs (that I am aware of).
In the end, I would like to pull a report for all emails with the sender of "xxxxxx" that contained the recipient, source IP address, etc.
This thread was automatically locked due to age.