Exim – Find Total Number of Emails Sent Per User in Last 24 Hours

emailsmtp

Want to go through exim logs for past 24 hours and sum up total number of emails on per user basis, please suggest me command(s)

I know how to view emails currently in queue.. but I want to find which users have sent most number of emails in past 24 hours.

Best Answer

It might depend on how your logging is setup, but I think this would work on a default system:

grep -oP "A=\K([A-Za-z0-9_.:]+)" /var/log/exim4/mainlog | sort | uniq -c | sort -nr

Which would output something like this:

151 dovecot_plain:grafana
 12 dovecot_plain:jolt
  6 dovecot_plain:banana
  2 dovecot_login:banana

What I do here is to find A= which contains the username and how they were authenticated from /var/log/exim4/mainlog, then I pipe it to sort and uniq -c, which aggregates them as a group and gives you a number. The last sort -nr just gives me the count in an ordered group in reverse (max number first).

If you have different types of authentication, let's say dovecot_plain and dovecot_login but with the same username, then the easiest way to get rid of that is to put in another grep that only get what is after ":", like so:

grep -oP "A=\K([A-Za-z0-9_.:]+)" /var/log/exim4/mainlog | grep -oP ":\K(.*)" | sort | uniq -c | sort -nr

And the output:

151 grafana
 12 jolt
  8 banana

Note: I have not take in account the 24h limit, since that also depends on how logging is setup, and it gets more complicated and I think this is a good start. Otherwise you need to somehow filter your log timestamps with grep to ilter the dates, then pipe that to my grep string.

Best Answer

Related Solutions

email – How to Send Emails and Avoid Spam Classification

Optimizing IIS 6 SMTP to send out large ammounts of email

Related Topic