The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to track email sent from a specific user for the last month?

Discussion in 'E-mail Discussions' started by SoftDux, Apr 17, 2008.

  1. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    I have a strange request.

    A client of ours wants to know if I can give him a list of emails that was sent to, by one of their employes who's running a sideline business from their office. They need the info as evidence.

    How exactly can I retrieve this?
     
  2. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gatineau, Quebec, Canada
    Hey SoftDux,

    It really all depends on the log_selector options you've been using with exim.conf. By default, there are no selectors and so, you can't really track subjects. I use the following in my exim.conf:

    log_selector = +arguments +subject

    From the WHM, add them in the "Exim Configuration Editor" under the "Advanced Editor" button. Just paste that in the first box at the top. :)

    If you just so happen to have installed some log_selectors, then you can issue the following command:

    Code:
    root@server [~]# exigrep "bad_person@theirdomain.com" /var/log/exim_mainlog
    Which returns something along these lines:

    Code:
    2008-04-15 09:59:02 1Jllgc-0000GC-60 <= bad_person@theirdomain.com H=localhost (your.host.name) [127.0.0.1] P=esmtpa A=fixed_login:bad_person@theirdomain.com S=1301 id=57338.1.2.3.4.1208267942.squirrel@your.host.name T="This is their subject."
    2008-04-15 09:59:03 1Jllgc-0000GC-60 => desination_user@domain.com R=lookuphost T=remote_smtp H=b.mx.mail.yahoo.com [66.196.97.250]
    2008-04-15 09:59:03 1Jllgc-0000GC-60 Completed
    
    2008-04-15 10:01:42 1JlljC-0000NZ-Nu <= bad_person@theirdomain.com H=localhost (your.host.name) [127.0.0.1] P=esmtpa A=fixed_login:bad_person@theirdomain.com S=1285 id=57350.1.2.3.4.1208268102.squirrel@your.host.name T="This is their subject."
    2008-04-15 10:02:04 1JlljC-0000NZ-Nu => desination_user@domain.com R=lookuphost T=remote_smtp H=g.mx.mail.yahoo.com [206.190.53.191]
    2008-04-15 10:02:04 1JlljC-0000NZ-Nu Completed
    
    The above basically shows "bad_person@theirdomain.com" (the person you want to trap) sent mail in to the queue (<=), they logged in using squirrelmail@your.host.name (your server using webmail) and sent something with subject "This is their subject." to destination_user@domain.com.

    Without the proper selectors though, you can still issue the command, but you won't have subject and other stuff, so it may be hard to prove it wasn't work related. ;)

    Good luck, let me know if you have any follow-up questions! :)

    Warmest regards,
     
  3. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    16
    To get last 30 days result add this to the command.

    Code:
    exiqgrep -y 2592000 "bad_person@theirdomain.com" /var/log/exim_mainlog
    
     
  4. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Thanx, I've added the code above to Exim, so now we can monitor it over the next few weeks.
     
  5. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Hi David

    That command gives me a list of all the emails for that period, is it supposed todo that?
     
  6. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Gatineau, Quebec, Canada
    Cool stuff SoftDux,

    Let me know if you have any follow-up Q's I can help you with. Any time man! :)

    Warmest regards,
     
Loading...

Share This Page