Ever had someone go "I need you to look through the logs and get me every email address this From address sent to". Well heres how (or at least the easiest way I can think of doing it)
grep "from=<foo@example.com>" /var/log/mail.log | awk '{if ($6 != "NOQUEUE:"){print $6}}' | sed 's/\://g' |\
while read SEARCH; do grep "${SEARCH}" /var/log/mail.log; done | grep "to=" |\
awk '{print $7}' | sed -r 's/^to=<(.+)>\,$/\1/g' | uniq
Here is a step by step walkthrough of whats going on
- We grep the from address out of the mail log
- Pipe the output to awk and get the 6th column which is the mail id, if the 6th column doesn't start with
NOQUEUE
print the output - The output goes to sed which removes the ":" and
- Read the output and put it into a variable and from that variable go through the mail log again
- This time filter out the
"to="
line from the mail log and print out the 7th column (which is the to address) - Use sed to filter out the
to=<>
line to print out the actual email addresses - Pass it through uniq to make sure there are no dupes