Grep command to get email forwarders on specific IP's

Scootie

Member
Feb 16, 2020
5
2
3
Romania
cPanel Access Level
Reseller Owner
At the hosting company I work I just got a newbie job(which I am) to find forwarders on cPanel accounts on specific shared IP's something like:
grep/zgrep yahoo.com var/log/maillog | grep IP
In some instances multiple accounts share the same IP so finding email forwarders on a specifiv IP becomes troublesome and a grep would really help me out.
Im not sure if these two information end up in the same log but who knows.
 

cPanelLauren

Technical Support Community Manager
Staff member
Nov 14, 2017
13,271
1,243
313
Houston
grep/zgrep yahoo.com var/log/maillog | grep IP
This is just going to show you any entires with yahoo in the maillog which aren't forwarders. To see forwarded mail you'd check in /var/log/exim_mainlog but this also will pull any mail that is inbound or outbound to that service provider (yahoo.com or gmail.com for example.) even if you were just pulling forwarders it wouldn't find unused forwarders.

Each domain's forwarders are listed here: /etc/valiases/
Account IP's are listed in a large number of places but this may be the best place to find them: /etc/userips

This would tell you any account that has a forwarder
Code:
grep -ir "@" /etc/valiases/
but how you pass that through to which IP the account is on would be a much more complicated one-liner
 

Scootie

Member
Feb 16, 2020
5
2
3
Romania
cPanel Access Level
Reseller Owner
I managed to come up with something like this:
Code:
grep IP /var/log/exim_mainlog|grep yahoo |grep "=> .*@.*@.*"| awk '{print $7,$6}' | sort | uniq -c | sort -n
problem is, it pulls in also yahoo email addresses set for the contact information in cPanel. Now I ask myself, how could I filter that out. :D
 
  • Like
Reactions: cPanelLauren