Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Scan all emails for URL

Discussion in 'E-mail Discussions' started by forensis, Jul 11, 2017.

Tags:
  1. forensis

    forensis Registered

    Joined:
    Jul 11, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    I am trying to scan all of the messages to/from my domain for a particular URL (which may be embedded as a link in the text of the email) to look for particular spyware.

    I have gotten as far as logging into a serial console via my VPS control panel (using terminal command on a Mac). I entered the following command hoping it would bring up a log of all messages on the server:

    exigrep domain.com/var/log/message

    But it seems to either be frozen or taking a very long time to come up with the log.

    Is there a more direct way to search for a particular URL within all messages?

    Thanks in advance!

    (Apologies if this is very obvious, I'm new to this)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. forensis

    forensis Registered

    Joined:
    Jul 11, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    @cPanelMichael - Thank you! Is there any way to search through the body content of all messages for a particular email address (sent/received/junk/everything) or, even better, for all email addresses on the VPS server?

    It's helpful to know how to filter them for future reference, but what I really need to know is whether we have a received an email into any of our accounts containing a specific URL.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    If the emails still exist on the server, then you could search for them using the following option:

    "WHM >> Mail Delivery Reports"

    Thank you.
     
  5. forensis

    forensis Registered

    Joined:
    Jul 11, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael - Thanks for the suggestion, I tried that but it won't let me search within the body text of the email and even if it could, I need to search through all emails, not just the last 10 days. Is there some kind of grep command I can try?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Email body content is not stored by Exim, so you'll only be able to find it if an affected message exists on the server. You'd have to search through individual emails stored under accounts (assuming they keep copies of messages on the server). EX:

    Code:
    grep $search-term /home/example/mail/domain.tld/email-account-1/cur/*
    Thank you.
     
Loading...

Share This Page