When the Email Configuration Report is run, a compressed file is obtained, it contains Exim Mailer log file located at \var\log\exim folder, called mainlog
In this log, all mail related activities are stored and can be checked looking for errors.
On Exim Internet Mailer logs file (mainlog) every line starts with a timestamp, in the format shown in the following example.
2016-07-13 06:35:07 1bNIRX-0001ZU-83 Completed
By default, the timestamps are in the local timezone.
One line is written to the mainlog file for each message received, and for each successful, unsuccessful, and delayed delivery. These lines can readily be picked out by the distinctive two-character flags that immediately follow the timestamp. The flags are:
<= message arrival
=> normal message delivery
-> additional address in same delivery
>> cutthrough message delivery
*> delivery suppressed by -N
** delivery failed; address bounced
== delivery deferred; temporary problem
The format of the single-line entry in the main log that is written for every message received is shown in the basic example below
2016-07-12 15:03:09 1bN3td-000Cay-Ca <= user@company.name H=mailer.company.name [X.X.X.X] P=esmtp S=1841 id=d27de664-39e1-9ff6-95c8-6fda85978e59@company.name
The address immediately following “<=” is the envelope sender address. A bounce message is shown with the sender address “<>”, and if it is locally generated, this is followed by an item of the form
R=
which is a reference to the message that caused the bounce to be sent.
The format of the single-line entry in the main log that is written for every delivery is shown in one of the examples below, for local and remote deliveries, respectively.
2016-07-12 15:00:07 1bN3qh-000CPj-Gl => munin <munin@kbox.company.name> R=localuser T=local_delivery
2016-07-11 07:03:48 1bMZw8-0003ye-Lc => user@company.name R=smart_route T=remote_smtp H=company.name [X.X.X.X] C="250 Queued (0.422 seconds)"
When a delivery is deferred, a line of the following form is logged:
2016-07-12 15:00:07 1bN3qh-000CPj-Gl == user R=dnslookup T=smtp defer (146): Connection refused
In the case of remote deliveries, the error is the one that was given for the last IP address that was tried. Details of individual SMTP failures are also written to the log, so the above line would be preceded by something like
2016-07-12 15:00:07 1bN3qh-000CPj-Gl Failed to connect to kbox.company.name [X.X.X.X]: Connection refused
When this error is logged, generally it is related to DNS server configuration and MX record not properly set. For more information this article is recommended
NOTE: This is the most common error on mail configuration.
If a delivery fails because an address cannot be routed, a line of the following form is logged:
2016-07-12 15:00:07 1bN3qh-000CPj-Gl ** user@company.name : unknown mail domain
In this case DNS server settings must be checked
A line of the form
2016-07-12 15:00:07 1bN3qh-000CPj-Gl Completed
is written to the main log when a message is about to be removed from the spool at the end of its processing.
A summary of the field identifiers that are used in log lines is shown in the following table (not all of these will be logged at K1000 since some of these features are not available on Kbox configuration, but these are used as reference:
| A | authenticator name (and optional id and sender) |
| C | SMTP confirmation on delivery command list for “no mail in SMTP session” |
| CV | certificate verification status |
| D | duration of “no mail in SMTP session” |
| DN | distinguished name from peer certificate |
| DT | on => lines: time taken for a delivery |
| F | sender address (on delivery lines) |
| H | host name and IP address |
| I | local interface used |
| id | message id for incoming message |
| P | on <= lines: protocol used on => and ** lines: return path |
| PRX | on <= and => lines: proxy address |
| QT | on => lines: time spent on queue so far on “Completed” lines: time spent on queue |
| R | on <= lines: reference for local bounce on => >> ** and == lines: router name |
| S | size of message in bytes |
| SNI | server name indication from TLS client hello |
| ST | shadow transport name |
| T | on <= lines: message subject (topic) on => ** and == lines: transport name |
| U | local user or RFC 1413 identity |
| X | TLS cipher suite |
Other log entries
Various other types of log entry are written from time to time. Most should be self-explanatory. Among the most common are:
Understanding Exim Logs should provide understanding about different situation found on K1000's service desk or reporting.
For more information on Exim, see Exim Internet Mailer
NOTE: The above link is provided as additional information and KACE Technical Support is not responsible for the content provided. It is referenced for additional information.
