Analysing mail log details – Exim log file flags a detailed view

I’m confused!! How to analyse the mail log details – Exim?

Yep, to deal with email issues we’ve to know about the log file and different log line flags. We know the basics of exim MTA and its basic commands. We already discussed the topic in one of  our previous post “How to heck spamming on server“. You will get more details about the spamming and the commands to analyse it. Here I’m explaining about the exim mail log. Exim mail log file is “/var/log/exim_mainlog

From the email queue, we can analyse the log details of an email by using the command “exim -Mvl Message-ID”

Sample email log (exim -Mvl) output:

# exim -Mvl 1VlxUy-0001ka-9V

2013-11-28 02:03:00 Received from U=swfsfcar P=local S=1349 T="Welcome to Swift Carders-The Carders' Home"
2013-11-28 02:03:00 SMTP error from remote mail server after RCPT TO:<>: host []: 450-4.2.1 The user you are trying to contact is receiving mail too quickly.\n450-4.2.1 Please resend your message at a later time. If the user is able to\n450-4.2.1 receive mail at that time, your message will be delivered. For more\n450-4.2.1 information, please visit\n450 4.2.1 sn7si36197219pab.341 - gsmtp

Log line flags – details

One line is written to the main log for each message received, and for each successful, unsuccessful, and delayed delivery. These lines can readily be picked out by the distinctive two-character flags that immediately follow the timestamp. The flags are:

<=     message arrival 
=>     normal message delivery
->     additional address in same delivery
*>     delivery suppressed by -N
**     delivery failed; address bounced
==     delivery deferred; temporary problem

A summary of the field identifiers that are used in log lines is shown in the following table:

A           authenticator name (and optional id)
C           SMTP confirmation on delivery
            command list for “no mail in SMTP session”
CV          certificate verification status
D           duration of “no mail in SMTP session”
DN          distinguished name from peer certificate
DT          on => lines: time taken for a delivery
F           sender address (on delivery lines)
H           host name and IP address
I           local interface used
id          message id for incoming message
P           on <= lines: protocol used                          on => and ** lines: return path
QT          on => lines: time spent on queue so far
            on “Completed” lines: time spent on queue
R           on <= lines: reference for local bounce                          on =>  ** and == lines: router name
S           size of message
ST          shadow transport name
T           on <= lines: message subject (topic)                          on => ** and == lines: transport name
U           local user or RFC 1413 identity
X           TLS cipher suite

Hope this will give you a close look on exim. Thanks.. 🙂

Related post

1, Find out the spam mailing script’s location
2, Remove all frozen emails from mail queue exim

, ,

Post navigation

Arunlal Ashok

Cloud Infrastructure / DevOps Engineer. I'm dealing Linux servers since 2012. I started this blog to share and discuss my ideas.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team

4 thoughts on “Analysing mail log details – Exim log file flags a detailed view

Leave a Reply

Your email address will not be published. Required fields are marked *