How to analyse the mail log details – Exim?
To play with email issues we’ve a good knowledge about the log file and different log line flags.
We know the basics of exim MTA and its basic commands. We already discussed the topic in one of our previous post “How to heck spamming on server“.
You will get more details about the spamming and the commands to analyse it. Here I’m explaining about the exim mail log. Exim mail log file is “/var/log/exim_mainlog“
From the email queue, we can analyse the log details of an email by using the command “exim -Mvl Message-ID”
Sample email log (exim -Mvl) output:
# exim -Mvl 1VlxUy-0001ka-9V 2013-11-28 02:03:00 Received from [email protected] U=swfsfcar P=local S=1349 T="Welcome to Swift Carders-The Carders' Home" 2013-11-28 02:03:00 SMTP error from remote mail server after RCPT TO:<[email protected]>: host gmail-smtp-in.l.google.com [17.xxx.xxx27]: 450-4.2.1 The user you are trying to contact is receiving mail too quickly.\n450-4.2.1 Please resend your message at a later time. If the user is able to\n450-4.2.1 receive mail at that time, your message will be delivered. For more\n450-4.2.1 information, please visit\n450 4.2.1 http://support.google.com/mail/bin/answer.py?answer=6592 sn7si36197219pab.341 - gsmtp
Log line flags – details
One line should be there in mail log for each messages that received, and for each successful, unsuccessful, and delayed delivery. These lines can readily be picked out by the distinctive two-character flags that immediately follow the timestamp. The flags are:
<= message arrival => normal message delivery -> additional address in same delivery *> delivery suppressed by -N ** delivery failed; address bounced == delivery deferred; temporary problem
Summary of the field identifiers that are used in log lines are listed below:
A authenticator name (and optional id) C SMTP confirmation on delivery command list for “no mail in SMTP session” CV certificate verification status D duration of “no mail in SMTP session” DN distinguished name from peer certificate DT on => lines: time taken for a delivery F sender address (on delivery lines) H host name and IP address I local interface used id message id for incoming message P on <= lines: protocol used on => and ** lines: return path QT on => lines: time spent on queue so far on “Completed” lines: time spent on queue R on <= lines: reference for local bounce on => ** and == lines: router name S size of message ST shadow transport name T on <= lines: message subject (topic) on => ** and == lines: transport name U local user or RFC 1413 identity X TLS cipher suite
Hope this will give you a close look on exim. Thanks.. 🙂
1, Find out the spam mailing script’s location
2, Remove all frozen emails from mail queue exim
Dump Mongo DB and move it to an S3 bucket.
Requirement: Need to create a script to create Mongo DB dump and move the dump to an AWS s3 bucket.
Prerequisites: SSH access to Mongo DB server, IAM user with AWS s3 full [or write] access, aws-cli on server, knowledge in Mongo commands for dump creation.
As we need to move the dump to an S3 bucket, first we need to configure IAM user. Then only we can move the dump to S3 bucket. To configure IAM, you need to install aws-cli tool on the machine.
5 thoughts on “Analysing mail log details – Exim log file flags a detailed view”