How to Analyze SMTP Logs and Extract Email Traffic (PHP Script)

Working with mail servers? Then you already know one thing: 👉 SMTP logs are messy. When a client asks: “Can you send me only my email logs?” You’re stuck with a huge log file containing thousands of mixed records. In this post, I’ll show you a simple but powerful way to extract a specific email’s traffic from SMTP logs using PHP. 🚨 The Problem SMTP logs are not structured per email. Instead, they look like this: SMTP-IN 63EBA13D... 20.57..79 EHLO SMTP-IN 63EBA13D... 20.57..79 MAIL FROM SMTP-IN 63EBA13D... 20.57..79 RCPT TO:[email protected] SMTP-IN 63EBA13D... 20.57..79 DATA 👉 Different emails are mixed together 👉 Same IP continues the flow 👉 Logs are split across multiple lines So filtering by email alone is not enough. 💡 The Solution Here’s the trick: Find the line containing the target email Extract the IP address from that line Collect nearby lines with the same IP This reconstructs the full SMTP flow. ⚙️ PHP Script <?php $logFile = __DIR__ . "/log/SMTP-Activity.log"; $outp