How To : Email Log Checking

  Email

Ticket Example : HFR-787-99774

 

There are many online tools available over the internet in order to retrieve DNS records such as DNSviewer. DNS records are basically mapping files that tell the DNS server which IP address each domain is associated with. It consists of name servers, A record (IPV4 address), MX record (Mail Exchanger) and others.

These are the following steps to check the email usage after SSH to the nameserver

You can check the total amount of emails by executing

exim -bp

Or to be more specific

exim -bpc

To check if email exceeded the limit or not, execute

cat /etc/virtual/limit

Example of limit error message prompt:


2017-09-14 09:50:06 login authenticator failed for (customPC) [101.78.19.170]: 435 Unable to authenticate at present (set_id=siti@jetstream.com.my): The email send limit for jetstre12 has been reached

Besides, you can also check specific email log of the domain by entering

cat /etc/virtual/domainowners | grep

For example, 

cat /etc/virtual/domainowners | grep jetstream.com.my

Upon checking the specific email log, the username of the domain will be displayed. Using the username given, for example “jetstre12”, check the total of outgoing email by either:

cat /etc/virtual/usage/jetstre12 | wc

Or

cat /etc/virtual/usage/jetstre12 | wc -l

If you want to get the specific incoming and outgoing email, you can also execute the following command line

cat /etc/virtual/usage/jetstre12.bytes | grep outgoing

To check the frequently send out email of a particular user, type 

cat /var/log/exim/mainlog | grep

For example:

cat /var/log/exim/mainlog | grep siti@jetstream.com.my

You can also check the user mail log specifically by date. For example, cat /var/log/exim/mainlog | grep siti@jetstream.com.my | grep 2017-09-14

Please check the outgoing email carefully as some of it may be spam/compromised email. Also, do not forgot to check for the top-level domain such as .net,. com and others as some of them may look irrelevant from the sender or recipient. For example:


a.knyazev@caac.kz
r.agarwal@texmaco.in
mailrbg@user.ru

If the email has been spam/compromised, please disable or suspend the user account and notify the hosting / server owner.