On 14 Jun 2013, at 11:40, soumya tr <[email protected]> wrote: > I am trying to get some statistics from exim maillog. But when I check > manually I can find the mail logs to be similar for incoming and outgoing > mails. Is there any way i can differentiate incoming and outgoing mail? May > be using some keyword [eg: Protocol etc]
There isn't one, strictly speaking. As configured, Exim accepts mail from different sources and delivers to different destinations. In a basic sense, all mail is "incoming" when it's being pumped into Exim, and "outgoing" when delivered. What you're trying to determine is "incoming" and "outgoing" from your personal perspective. For example, messages sent over authenticated SMTP connections by your end users *or* from trusted hosts which you provide an onward relay service to could be considered "outgoing". Messages from arbitrary 3rd-party systems on the Internet could be considered "incoming". You probably need to process your logs using exigrep, and look at the P= entries or the IP addresses of the sending hosts. Regex: "P=e?smtps?a" would match all authenticated submissions Regex: " \[(192\.168\.7|10\.0\.9)" would match all messages sent by hosts in the 192.168.7.0/24 and 10.0.9.0/24 netblocks. Graeme -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
