how to track email sent from a specific user for the last month?

[SoftDux]

I have a strange request.

A client of ours wants to know if I can give him a list of emails that was sent to, by one of their employes who's running a sideline business from their office. They need the info as evidence.

How exactly can I retrieve this?

[LiNUxG0d]

I have a strange request.

A client of ours wants to know if I can give him a list of emails that was sent to, by one of their employes who's running a sideline business from their office. They need the info as evidence.

How exactly can I retrieve this?

Hey SoftDux,

It really all depends on the log_selector options you've been using with exim.conf. By default, there are no selectors and so, you can't really track subjects. I use the following in my exim.conf:

log_selector = +arguments +subject

From the WHM, add them in the "Exim Configuration Editor" under the "Advanced Editor" button. Just paste that in the first box at the top.

If you just so happen to have installed some log_selectors, then you can issue the following command:

Code:

root@server [~]# exigrep "bad_person@theirdomain.com" /var/log/exim_mainlog

Which returns something along these lines:

Code:

2008-04-15 09:59:02 1Jllgc-0000GC-60 <= bad_person@theirdomain.com H=localhost (your.host.name) [127.0.0.1] P=esmtpa A=fixed_login:bad_person@theirdomain.com S=1301 id=57338.1.2.3.4.1208267942.squirrel@your.host.name T="This is their subject."
2008-04-15 09:59:03 1Jllgc-0000GC-60 => desination_user@domain.com R=lookuphost T=remote_smtp H=b.mx.mail.yahoo.com [66.196.97.250]
2008-04-15 09:59:03 1Jllgc-0000GC-60 Completed

2008-04-15 10:01:42 1JlljC-0000NZ-Nu <= bad_person@theirdomain.com H=localhost (your.host.name) [127.0.0.1] P=esmtpa A=fixed_login:bad_person@theirdomain.com S=1285 id=57350.1.2.3.4.1208268102.squirrel@your.host.name T="This is their subject."
2008-04-15 10:02:04 1JlljC-0000NZ-Nu => desination_user@domain.com R=lookuphost T=remote_smtp H=g.mx.mail.yahoo.com [206.190.53.191]
2008-04-15 10:02:04 1JlljC-0000NZ-Nu Completed

The above basically shows "bad_person@theirdomain.com" (the person you want to trap) sent mail in to the queue (<=), they logged in using squirrelmail@your.host.name (your server using webmail) and sent something with subject "This is their subject." to destination_user@domain.com.

Without the proper selectors though, you can still issue the command, but you won't have subject and other stuff, so it may be hard to prove it wasn't work related.

Good luck, let me know if you have any follow-up questions!

Warmest regards,

[david510]

To get last 30 days result add this to the command.

Code:

exiqgrep -y 2592000 "bad_person@theirdomain.com" /var/log/exim_mainlog

[SoftDux]

Hey SoftDux,

It really all depends on the log_selector options you've been using with exim.conf. By default, there are no selectors and so, you can't really track subjects. I use the following in my exim.conf:

log_selector = +arguments +subject

From the WHM, add them in the "Exim Configuration Editor" under the "Advanced Editor" button. Just paste that in the first box at the top.

Without the proper selectors though, you can still issue the command, but you won't have subject and other stuff, so it may be hard to prove it wasn't work related.

Good luck, let me know if you have any follow-up questions!

Warmest regards,

Thanx, I've added the code above to Exim, so now we can monitor it over the next few weeks.

[SoftDux]

To get last 30 days result add this to the command.

Code:

exiqgrep -y 2592000 "bad_person@theirdomain.com" /var/log/exim_mainlog

Hi David

That command gives me a list of all the emails for that period, is it supposed todo that?

[LiNUxG0d]

Thanx, I've added the code above to Exim, so now we can monitor it over the next few weeks.

Cool stuff SoftDux,

Let me know if you have any follow-up Q's I can help you with. Any time man!

Warmest regards,