Grep command to get email forwarders on specific IP's

[Scootie]

At the hosting company I work I just got a newbie job(which I am) to find forwarders on cPanel accounts on specific shared IP's something like:
grep/zgrep yahoo.com var/log/maillog | grep IP
In some instances multiple accounts share the same IP so finding email forwarders on a specifiv IP becomes troublesome and a grep would really help me out.
Im not sure if these two information end up in the same log but who knows.

 

[cPanelLauren]

grep/zgrep yahoo.com var/log/maillog | grep IP

This is just going to show you any entires with yahoo in the maillog which aren't forwarders. To see forwarded mail you'd check in /var/log/exim_mainlog but this also will pull any mail that is inbound or outbound to that service provider (yahoo.com or gmail.com for example.) even if you were just pulling forwarders it wouldn't find unused forwarders.

Each domain's forwarders are listed here: /etc/valiases/
Account IP's are listed in a large number of places but this may be the best place to find them: /etc/userips

This would tell you any account that has a forwarder

grep -ir "@" /etc/valiases/

but how you pass that through to which IP the account is on would be a much more complicated one-liner

 

[Scootie]

I managed to come up with something like this:

grep IP /var/log/exim_mainlog|grep yahoo |grep "=> .*@.*@.*"| awk '{print $7,$6}' | sort | uniq -c | sort -n

problem is, it pulls in also yahoo email addresses set for the contact information in cPanel. Now I ask myself, how could I filter that out. :D