
I was rooting around soda for some other reason and stumbled upon the mail logs (!) for soda. I just sent myself some mail to generate a sample entry. It's got complete traffic analysis data, complete with to/from pairs, time of day, and message size.
Eric, most of us know this stuff you are making yourself look very unix illiterate. I know one person at berkeley who wrote a sh script 5 years ago that would track remote mail aliases by analising who (on campus) who recived with close time stamps. with this info he was able to reverse engineer the containce of a lesbian emailing list. I have a scipt I use the just reads the syslog file and prints out a list of who is emailing who and what their total volume of mail is.
If you need a place to start looking, the mail log on soda was in the same directory as the syslog messages.
or of you look at the file /etc/syslog.conf is tell you where log the data.