Analysing mail log details – Exim log file flags a detailed view

How to analyse the mail log details – Exim?

To play with email issues we’ve a good knowledge about the log file and different log line flags.

We know the basics of exim MTA and its basic commands. We already discussed the topic in one of  our previous post “How to heck spamming on server“.

You will get more details about the spamming and the commands to analyse it. Here I’m explaining about the exim mail log. Exim mail log file is “/var/log/exim_mainlog

From the email queue, we can analyse the log details of an email by using the command “exim -Mvl Message-ID”

Sample email log (exim -Mvl) output:

# exim -Mvl 1VlxUy-0001ka-9V

2013-11-28 02:03:00 Received from [email protected] U=swfsfcar P=local S=1349 T="Welcome to Swift Carders-The Carders' Home"
2013-11-28 02:03:00 SMTP error from remote mail server after RCPT TO:<[email protected]>: host []: 450-4.2.1 The user you are trying to contact is receiving mail too quickly.\n450-4.2.1 Please resend your message at a later time. If the user is able to\n450-4.2.1 receive mail at that time, your message will be delivered. For more\n450-4.2.1 information, please visit\n450 4.2.1 sn7si36197219pab.341 - gsmtp

Log line flags – details

One line should be there in mail log for each messages that received, and for each successful, unsuccessful, and delayed delivery. These lines can readily be picked out by the distinctive two-character flags that immediately follow the timestamp. The flags are:

<=     message arrival 
=>     normal message delivery
->     additional address in same delivery
*>     delivery suppressed by -N
**     delivery failed; address bounced
==     delivery deferred; temporary problem

Summary of the field identifiers that are used in log lines are listed below:

A           authenticator name (and optional id)
C           SMTP confirmation on delivery
            command list for “no mail in SMTP session”
CV          certificate verification status
D           duration of “no mail in SMTP session”
DN          distinguished name from peer certificate
DT          on => lines: time taken for a delivery
F           sender address (on delivery lines)
H           host name and IP address
I           local interface used
id          message id for incoming message
P           on <= lines: protocol used                          on => and ** lines: return path
QT          on => lines: time spent on queue so far
            on “Completed” lines: time spent on queue
R           on <= lines: reference for local bounce                          on =>  ** and == lines: router name
S           size of message
ST          shadow transport name
T           on <= lines: message subject (topic)                          on => ** and == lines: transport name
U           local user or RFC 1413 identity
X           TLS cipher suite

Hope this will give you a close look on exim. Thanks.. 🙂

Related post

1, Find out the spam mailing script’s location
2, Remove all frozen emails from mail queue exim

Dump Mongo DB and move it to an S3 bucket.

Requirement: Need to create a script to create Mongo DB dump and move the dump to an AWS s3 bucket.

Prerequisites: SSH access to Mongo DB server, IAM user with AWS s3 full [or write] access, aws-cli on server, knowledge in Mongo commands for dump creation.

As we need to move the dump to an S3 bucket, first we need to configure IAM user. Then only we can move the dump to S3 bucket. To configure IAM, you need to install aws-cli tool on the machine.

, ,

Post navigation

Arunlal Ashok

DevOps Engineer. Linux lover. Traveller.
Always happy for an open discussion! Write to arun ((@)) crybit ((dot)) com.

5 thoughts on “Analysing mail log details – Exim log file flags a detailed view

Leave a Reply

Your email address will not be published. Required fields are marked *