Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 03-07-2008, 07:37 AM   #1
Registered: Oct 2006
Posts: 43

Rep: Reputation: 15
Need some form of grep

I am trying grep, egrep, fgrep, but am not getting the results I need.

I need to search our sendmail server, which archives a copy of every mail coming in and out. So it stores many thousands of emails! They are named according to a date stamp, but that's irrelevant. What I need is to find all emails between certain days, that have BOTH jsmith and twalker in them (we are trying to trace all emails these two have had with each other).

Right now, using the greps, I can get files returned that have EITHER, but I only want returns where BOTH are in the file.

Old 03-07-2008, 08:11 AM   #2
Registered: Mar 2004
Location: Antwerp, Belgium
Distribution: Gentoo
Posts: 65

Rep: Reputation: 15
I think you'll need a little script; something like this:

for file in $(find /path/to/emails -type f); do 
grep "jsmith" "$file" &> /dev/null && grep "twalker" "$file" &> /dev/null && echo "$file"

Make sure to fill in the correct path to your mails and modify the options for find to narrow down the results.
Then save this in a text file "" and execute with "sh". It will return the filenames of the files that have both "jsmith" and "twalker" in them.
Old 03-07-2008, 08:13 AM   #3
Registered: Dec 2007
Location: Charleston WV, USA
Distribution: Slackware 12.2, Arch Linux Amd64
Posts: 896

Rep: Reputation: 70
The thing you're trying to do seems like a little invasion of privacy... Nevertheless.

Why don't you try

grep jsmith /path/* | grep twalker
Old 03-07-2008, 08:18 AM   #4
LQ Veteran
Registered: Nov 2005
Location: Annapolis, MD
Distribution: Mint
Posts: 17,808

Rep: Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742Reputation: 742
grep works line by line---ie it returns the LINE which contains the keyword. In your case, the two keywords can be on different lines.

One crude way to do this is to have grep return enough lines of context so that the address fields are all included. Looking at a typical header, it seems that ~ 10 lines should work. So, something like this should work:

grep -C5 jsmith filename | grep twalker > newfilename

You may need to include more lines of context to get the date stamp, messageID, etc.

man grep---look at the -A, -B, and -C flags
Old 03-07-2008, 08:23 AM   #5
Registered: Oct 2006
Posts: 43

Original Poster
Rep: Reputation: 15
Hey Uncle,

Well being the IT Administrator of a company, I am often asked to do things that I frown upon. However, this is just one of those "I never got an email saying this" type things. So both parties have asked me to find if the email was ever sent.

Your grep with the pipe is close to what I want, but wouldn't you know it, the second email address is often a "cc" which puts it on a separate line in the file, so I never get any mathces for both...

I am going to try stzein's idea.

Old 03-07-2008, 08:31 AM   #6
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 33
why are you making this so hard for yourself?
tell the one who claims to have the email to give you the message id that is in the emails source code

then simply grep for that id :-)

Edit: some mail servers save the mails with that id as the name of the file, so a locate or find will do the job.

Last edited by Nathanael; 03-07-2008 at 08:32 AM.
Old 03-07-2008, 08:36 AM   #7
LQ Newbie
Registered: Jan 2008
Location: Cordoba, Argentina
Distribution: Fedora, SuSE, Ubuntu, Mandriva
Posts: 21

Rep: Reputation: 15
One option... not an expert

Hi there, I'm no expert with scripts but think you could try something... until some expert replies ;-)

I would create a list with, let's say, the ids of the mails where ONE name appears. Then another list with the mails where the OTHER name appears...

Then I would create an easy little program (in python, perl, Haskell...) which returns the intersection of both lists...

That, of course, if you can program at least a bit...

Good luck!!
Old 03-07-2008, 09:00 AM   #8
Registered: Oct 2006
Posts: 43

Original Poster
Rep: Reputation: 15
Thanks everyone! Pixellany's solution was the quickest and easiest, and it worked! Found the 'offending' email, lol!!

Thanks again!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP: build query from form entry, then display results in the same form tonedeaf1969 Programming 4 06-22-2007 07:55 AM
shell script works form command line but not form crontab saifee General 1 10-14-2004 10:27 AM
how do I copy a whoel folder form one directory to another form the command line? zwyrbla Linux - Newbie 8 08-24-2004 06:40 PM
I want Linux source code for FAT file system in user readable form not in binary form ramya272 Linux - Newbie 5 02-05-2004 07:54 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:34 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration