Outgoing/incoming mail stats?

sams2526 · May 10, 2025, 11:17am

Is there anything there that can show incoming/outgoing stats for each domain email etc?

Having sissues with a client that is trashing my primary mail server as a mailing list - they sending circa 9k emails a week ffs and outlook.com isnt happy with me.

Sam.

Felix · May 10, 2025, 10:25pm

Does this help?
grep '<=' /var/log/exim4/mainlog | awk '{print $5}' | grep \@ | sort | uniq -c | sort -nrk1 ; echo ""

jlguerrero · May 11, 2025, 12:34am

Thank you very much Felix.

I tried that command and it wasn’t that helpful because I got one count for every single email address in that log and many of them were temporary and auto generated.

After asking AI, I got this one…

grep '<=' /var/log/exim4/mainlog* | awk '{print $5}' | grep '@' | 
awk -F'@' '{print $2}' | 
awk -F. '{if ($(NF-1) == "co" || $(NF-1) == "com" || $(NF-1) == "net" || $(NF-1) == "org" || $(NF-1) == "gov" || $(NF-1) == "edu") print $(NF-2)"."$(NF-1)"."$NF; else print $(NF-1)"."$NF}' | 
sort | uniq -c | sort -nr

sams2526 · May 14, 2025, 8:41am

ok great that works but it doesnt touch the gz files.

mainlog mainlog.2.gz mainlog.5.gz mainlog.8.gz
mainlog.1 mainlog.3.gz mainlog.6.gz mainlog.9.gz
mainlog.10.gz mainlog.4.gz mainlog.7.gz

sahsanu · May 14, 2025, 8:51am

Change grep with zgrep

sams2526 · May 17, 2025, 12:28am

Thanks that worked – is there a way to do a similar check but a specific domain and the emails tally per each email account too?

Just trying to isolate a potential password guess on an email. Have domain that shouldnt have so many outgoing emails. no rootkit found though so i am guessing may be a false positive or they guessed the password to the only email account on that domain.

sams2526 · May 17, 2025, 12:38am

actually i think this is tallying incoming too and the email adddress thats getting this high tally isnt a valid email. hmmmmmm. so many hits from russia/china though to that invalid email address.

sahsanu · May 17, 2025, 1:08am

Try this.

To get a list of mails sent by your mail domains:

list="$(for i in $(/usr/local/hestia/bin/v-list-users plain | cut -f1 | sort);do for a in $(/usr/local/hestia/bin/v-list-mail-domains $i plain | cut -f1);do echo "$(idn2 $a)";done; done | sort|sed -z -e 's/\n/|@/g' -e 's/^/@/' -e 's/|@$//')"; zgrep '<=' /var/log/exim4/mainlog* | awk '{print $5}' | awk -F'@' '{print "@"$2}' | sort | uniq -c | sort -n | grep -E "$list" | tr -d '@'

To get a list of mails sent by the accounts of your mail domains:

list="$(for i in $(/usr/local/hestia/bin/v-list-users plain | cut -f1 | sort);do for a in $(/usr/local/hestia/bin/v-list-mail-domains $i plain | cut -f1);do echo "$(idn2 $a)";done; done | sort|sed -z -e 's/\n/|@/g' -e 's/^/@/' -e 's/|@$//')"; zgrep '<=' /var/log/exim4/mainlog* | awk '{print $5}' | sort | uniq -c | sort -n | grep -E "$list"

sams2526 · May 17, 2025, 7:40am

brilliant Thank You!!!