This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Mail rate limiting, sent messages log

5 posts / 0 new

Topic locked

Last post

#1 Thu, 07/31/2014 - 13:39

rogeriobrito

Mail rate limiting, sent messages log

Hello all,

I've enabled the Mail Rate Limiting option a few days ago, and several of my customers got blocked. The problem is they say they don't send that many e-mails in one hour.

Is there a way to list all email messages (only sender, subject and recipient) that were sent from a domain within a time frame? Or is there another way for me to prove to my customer that he really sent that many e-mails?

Thank you - Rogerio

#2 Thu, 07/31/2014 - 14:04

tpnsolutions

Hi,

Try from the command line:

grep "from=<email@address.com>" /var/log/maillog

If you want to narrow to a specific date:

grep "from=<email@address.com>" /var/log/maillog | grep "Jul 30"

If you want to save the results to a file:

grep "from=<email@address.com>" /var/log/maillog | grep "Jul 30" > /directory/filename

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 604-229-0715 (new)
Skype: tpnsupport
Website: http://www.tpnsolutions.com

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist

#3 Thu, 07/31/2014 - 14:24 (Reply to #2)

rogeriobrito

Hi Peter,

I'm using: egrep -h "from=<[[:graph:]]+@domain.com.br>" /var/log/maillog > /tmp/maillog_domain.txt

to get all emails from the domain... but I don't think that will be enough. One of my clients was blocked, and he had sent only 34 messages today. My limit is 300 messages / hour.

I believe the problem is the number of recipients per message. Each recipient shows on a different line on the log...

I must have a way to show the customer the messages that were sent. This may even help to identify when viruses are the vilan.

Thanks

#4 Thu, 07/31/2014 - 16:42

Locutus

The mail rate limiting milter should record all triplets (sender IP, sender address, recipient address) it sees for reception or delivery, no matter if they were sent in one connection or multiple. You could filter the mail.log by these.

The mail.log will not contain subject lines though. You only find those in the procmail log, and only for incoming messages (outgoing ones aren't piped through procmail).

#5 Thu, 07/31/2014 - 18:32

rogeriobrito

Thanks Locutus, I'll try that.

Topic locked