Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

how to track email sent from a specific user for the last month?

Discussion in 'E-mail Discussion' started by SoftDux, Apr 17, 2008.

  1. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    994
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    I have a strange request.

    A client of ours wants to know if I can give him a list of emails that was sent to, by one of their employes who's running a sideline business from their office. They need the info as evidence.

    How exactly can I retrieve this?
     
  2. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Gatineau, Quebec, Canada
    Hey SoftDux,

    It really all depends on the log_selector options you've been using with exim.conf. By default, there are no selectors and so, you can't really track subjects. I use the following in my exim.conf:

    log_selector = +arguments +subject

    From the WHM, add them in the "Exim Configuration Editor" under the "Advanced Editor" button. Just paste that in the first box at the top. :)

    If you just so happen to have installed some log_selectors, then you can issue the following command:

    Code:
    root@server [~]# exigrep "bad_person@theirdomain.com" /var/log/exim_mainlog
    Which returns something along these lines:

    Code:
    2008-04-15 09:59:02 1Jllgc-0000GC-60 <= bad_person@theirdomain.com H=localhost (your.host.name) [127.0.0.1] P=esmtpa A=fixed_login:bad_person@theirdomain.com S=1301 id=57338.1.2.3.4.1208267942.squirrel@your.host.name T="This is their subject."
    2008-04-15 09:59:03 1Jllgc-0000GC-60 => desination_user@domain.com R=lookuphost T=remote_smtp H=b.mx.mail.yahoo.com [66.196.97.250]
    2008-04-15 09:59:03 1Jllgc-0000GC-60 Completed
    
    2008-04-15 10:01:42 1JlljC-0000NZ-Nu <= bad_person@theirdomain.com H=localhost (your.host.name) [127.0.0.1] P=esmtpa A=fixed_login:bad_person@theirdomain.com S=1285 id=57350.1.2.3.4.1208268102.squirrel@your.host.name T="This is their subject."
    2008-04-15 10:02:04 1JlljC-0000NZ-Nu => desination_user@domain.com R=lookuphost T=remote_smtp H=g.mx.mail.yahoo.com [206.190.53.191]
    2008-04-15 10:02:04 1JlljC-0000NZ-Nu Completed
    
    The above basically shows "bad_person@theirdomain.com" (the person you want to trap) sent mail in to the queue (<=), they logged in using squirrelmail@your.host.name (your server using webmail) and sent something with subject "This is their subject." to destination_user@domain.com.

    Without the proper selectors though, you can still issue the command, but you won't have subject and other stuff, so it may be hard to prove it wasn't work related. ;)

    Good luck, let me know if you have any follow-up questions! :)

    Warmest regards,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    166
    To get last 30 days result add this to the command.

    Code:
    exiqgrep -y 2592000 "bad_person@theirdomain.com" /var/log/exim_mainlog
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    994
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Thanx, I've added the code above to Exim, so now we can monitor it over the next few weeks.
     
  5. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    994
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Hi David

    That command gives me a list of all the emails for that period, is it supposed todo that?
     
  6. LiNUxG0d

    LiNUxG0d Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    206
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Gatineau, Quebec, Canada
    Cool stuff SoftDux,

    Let me know if you have any follow-up Q's I can help you with. Any time man! :)

    Warmest regards,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice