Topic: Grep email receipients from a single user

[SchulzStefan]

Is there a way (or a contrib) to grep all email-adresses to the receipients from a single user? Any hint would be nice.

Thank's in advance,
stefan

[Stefano]

please explain your problem and not your solution, thank you

[SchulzStefan]

As I described - I don't know how to grep out of the logs all email from a single user to his/her receipients. I simple do not know which log and what command could do it. I'd like to have the data in a file to check all email-adresses. Sorry for my bad english.

[mmccarn]

You could start with this:

Code: [Select]

grep logters.*\(queue /var/log/qpsmtpd/current and see what you get.

This will pull all 'logterse' (summary) entries from the qpsmtpd log that resulted in a successful delivery (vs a deny message).

The email sender and recipient address are in the second half of the results.

You might also try downloading qploggrep, then use

Code: [Select]

qploggrep <sender-email-address>
or

Code: [Select]

qploggrep <sender-email-address> |awk '{print $6}' |sort -u
If the user uses authenticated smtp relay, you'll need to figure out how to include /var/log/sqpsmtp/* in your searches...

However, this won't help you if the user has an email client or device that is relaying outbound email through google or another smtp server claiming to come 'from' his/her work email address -- hence the earlier question about 'what is the actual problem'...

Basically, the qpsmtpd logs will probably show you the same stuff you'd get from going to the user's 'Sent Items' folder and greping for 'To: ':

Code: [Select]

cd /home/e-smith/files/users/<username>/Maildir/.Sent\ Messages
grep ^To:\  * |awk '{print $2 $3 $4 $5 $6 $7 $8 $9 $10}' |sort -u
(repeat for ".Sent Items" and ".sent-mail"; include ".Trash", ".Deleted Items" and ".Deleted Messages" if you think s/he has been deleting things)

[SchulzStefan]

Thank's a lot. That's exactly what I was looking for.

stefan