Analysing mail log details – Exim log file flags a detailed view

I’m confused!! How to analyse the mail log details – Exim?

Yep, to deal with email issues we’ve to know about the log file and different log line flags. We know the basics of exim MTA and its basic commands. We already discussed the topic in one of  our previous post “How to heck spamming on server“. You will get more details about the spamming and the commands to analyse it. Here I’m explaining about the exim mail log. Exim mail log file is “/var/log/exim_mainlog

From the email queue, we can analyse the log details of an email by using the command “exim -Mvl Message-ID”

Sample email log (exim -Mvl) output:

# exim -Mvl 1VlxUy-0001ka-9V

2013-11-28 02:03:00 Received from U=swfsfcar P=local S=1349 T="Welcome to Swift Carders-The Carders' Home"
2013-11-28 02:03:00 SMTP error from remote mail server after RCPT TO:<>: host []: 450-4.2.1 The user you are trying to contact is receiving mail too quickly.\n450-4.2.1 Please resend your message at a later time. If the user is able to\n450-4.2.1 receive mail at that time, your message will be delivered. For more\n450-4.2.1 information, please visit\n450 4.2.1 sn7si36197219pab.341 - gsmtp

Log line flags – details

One line is written to the main log for each message received, and for each successful, unsuccessful, and delayed delivery. These lines can readily be picked out by the distinctive two-character flags that immediately follow the timestamp. The flags are:

<=     message arrival 
=>     normal message delivery
->     additional address in same delivery
*>     delivery suppressed by -N
**     delivery failed; address bounced
==     delivery deferred; temporary problem

A summary of the field identifiers that are used in log lines is shown in the following table:

A           authenticator name (and optional id)
C           SMTP confirmation on delivery
            command list for “no mail in SMTP session”
CV          certificate verification status
D           duration of “no mail in SMTP session”
DN          distinguished name from peer certificate
DT          on => lines: time taken for a delivery
F           sender address (on delivery lines)
H           host name and IP address
I           local interface used
id          message id for incoming message
P           on <= lines: protocol used                          on => and ** lines: return path
QT          on => lines: time spent on queue so far
            on “Completed” lines: time spent on queue
R           on <= lines: reference for local bounce                          on =>  ** and == lines: router name
S           size of message
ST          shadow transport name
T           on <= lines: message subject (topic)                          on => ** and == lines: transport name
U           local user or RFC 1413 identity
X           TLS cipher suite

Hope this will give you a close look on exim. Thanks.. 🙂

Related post

1, Find out the spam mailing script’s location
2, Remove all frozen emails from mail queue exim

Arunlal Ashok

DevOps (Server & Cloud infrastructure) Engineer. I'm dealing Linux servers since 2012. I started this blog to share and discuss my ideas. Always happy for an open discussion! Write to arun (@) crybit (dot) com

You may also like...

4 Responses

  1. Freddy says:


  1. January 2, 2014

    […] links Check spamming on server having EXIM Exim Log line flags Exim command to find the mail that we have sent is completed or […]

  2. January 11, 2014

    […] links: Exim Log line flags Exim command to find the mail that we have sent is completed or not(Unix/Linux) Check spamming on […]

  3. January 25, 2014

    […] – Exim. Remove all frozen emails from mail queue. Delete locked mails from mail queue. Exim Log line flags. Exim log file paths in WHM/cPanel & […]

Leave a Reply

Your email address will not be published. Required fields are marked *