I have an email log file which records when an email went out, and who to. This gets logrotated and so there are a mixture of zipped and unzipped log files going back a week or so.

I'm currently (successfully) getting back all lines matching a particular email with

sudo find /var/log/exim4/ -type f -exec zgrep -i "foobar@gmail.com" "{}" \\; | sort

this gives me back all emails sent to foobar@gmail.com. So far so good.

What i'd like to do now is to get all emails sent after a specific time, regardless of recipient. This should be simple (i think) because all of the log file lines start with a timestamp - they have this format:

2015-04-20 18:01:05 H=(fake.org) [180.108.175.57] F=<fake@fake.org> rejected RCPT <webmaster@charanga.com>: relay not permitted
2015-04-20 18:01:05 H=(fake.org) [180.108.175.57] F=<fake@fake.org> rejected RCPT <webmaster@charanga.com>: relay not permitted
2015-04-20 18:06:33 H=(bar.net) [111.176.77.1] F=<foo@bar.net> rejected RCPT <service@charanga.com>: relay not permitted

So, let's say that i want all emails sent after "2015-04-20 18:03:00". It should just be a case of getting all lines that are "greater than" my timestamp. How do i modify my command for this? thanks, Max