The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

need to find when an email was sent

Discussion in 'E-mail Discussions' started by keat63, Oct 30, 2015.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm trying to determine, when a PHP script may have sent an email to a customer.
    Are there any scripts I could run to search for his email address across multiple log files ?

    I'm quite possibly looking at something which may have happened 4 months ago, and i don't see any mail logs going back this far, unless there are any archives.

    I have the IP address of the device which initiated the PHP file, so if there's anything i could use to search for this, may help.
     
    #1 keat63, Oct 30, 2015
    Last edited: Oct 30, 2015
  2. madmanmachines

    madmanmachines Well-Known Member

    Joined:
    Nov 28, 2014
    Messages:
    94
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi,

    What do you have to go off? Do you have the email? If so, locate the exim id from the headers(e.g. 1ZsAqY-0000jk-3r). Use this to search as below:
    Code:
     zgrep exim-message-id /var/log/exim_mainlog*
    If you don't have the message id, I would recommend searching by the current working directory of where the mail script is located. If the script was at '/home/bob/mailscript.php' then:
    Code:
    zgrep -A1 "cwd=/home/bob" /var/log/exim_mainlog*
    Thanks,
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It depends on how far back your Exim logs go. You can search for the email address in /var/log/exim_mainlog and any archives of this log file with a command such as:

    Code:
    exigrep user@domain /var/log/exim_mainlog*
    Thank you.
     
Loading...

Share This Page