From Just another day in the life of a linux sysadmin
Jump to navigation Jump to search


Reading an Exim main log

The Beginning of the Line
Each line starts with the date and time. Immediately following is the message’s process ID number (PID):


and then exim’s internal message ID:


The exigrep tool uses this ID to pull all log lines for this file out of the mainlog; on a busy mailserver, log lines from the same e-mail may be spread out across the logfile.

The First Line

The next item on the first line starts with “H=”. This specifies the hostname of the server that the mail originates from. Next (in square brackets) is the IP address of that server, followed by the port number. “I=” looks similar, but is describing your mailserver. A warning follows: Spamassassin believes that this message is not spam.

The Second Line

The second line almost starts the same (with H and I), but before that the “<=” symbol is used. This indicates that this line is describing the arrival of the message on your mailserver. Immediately after this symbol is the e-mail address that this mail is being sent from.After H and I, the “P” abbreviation designates the protocol being used (here esmtps). Note that this only means this because it is on a “<=” line; if this were a “=>” line it would indicate the return path of the message.

The X tells us the particular cipher suite that is used; this is usually not something you would be looking for when troubleshooting a mail issue. CV refers to certification verification status, and S is the size of the message.

Next, “id” refers to the message id that was created by the sending server and sent as one of the mail headers. T (for topic) is the subject of the e-mail. The line ends with “for user@example.com”, letting us know just who the message is for.

The Third and Fourth Lines

The third line is just as easy to decipher using the exim manual. Parsing the next two lines of the mail transaction are left as an exercise to the reader. When doing so, note that the third line has the “=>” symbol; abbreviations on the line may mean something different than they did in previous lines.

Retry timeout not reached

T=remote_smtp: retry time not reached for any host after a long failure period

1.) Go to /var/spool/exim/db

2.) delete files: retry , retry.lockfile , wait-remote_smtp, wait-remote_smtp.lockfile

3.) service exim restart


Exim Status Indicators

It is important to note that exim will show how messages arrive or deliver via a code

<=     message arrival
(=     message fakereject
=>     normal message delivery
->     additional address in same delivery
>>     cutthrough message delivery
*>     delivery suppressed by -N
**     delivery failed; address bounced
==     delivery deferred; temporary problem

exim configuration variables for load amount when queue is sent

deliver_queue_load_max = 12 queue_only_load = 24

deleting messages from the email queue that are older than 1 day (faster method than normal find |xargs)

find /var/spool/exim/ -print0 -mtime +1 -type f -name "*-H" | xargs -0 | sed "s/ /\n/g" | cut -d/ -f7 | cut -d- -f1-3 | xargs exim -Mrm

What is exim currently processing?


shows active connections being handled

ps -C exim wwwu

shows a list of all running exim procs

lsof -c exim

shows a list of files being accessed by exim

Retry Timeout

dkim_remote_smtp defer (-53): retry time not reached for any host if you see this a lot try this

cd /var/spool/exim/db rm -f retry retry.lockfile rm -f wait-remote_smtp wait-remote_smtp.lockfile service exim restart

Remove all frozen messages

exim -bp | grep -i frozen | awk '{print $3}' | while read LINE; do exim -Mt $LINE; done

exiqgrep -z -i | xargs exim -Mt

exiqgrep -z -i | xargs exim -Mrm

Ports used for mail

SMTP            25
SMTP            26
POP3            110
IMAP            143
SMTP(secure)    465
SMTP            587
IMAP(secure)    993
POP3(secure)    995
Webmail         2095
Webmail(secure) 2096

retry timeout

dkim_remote_smtp defer (-53): retry time not reached for any host

if you see this a lot try this

cd /var/spool/exim/db
rm -f retry retry.lockfile
rm -f wait-remote_smtp wait-remote_smtp.lockfile
service exim restart

File Paths used with MailSecure setups

/etc/skipsmtpcheckhosts /etc/senderverifybypasshosts /etc/ips.remotemail /etc/trustedmailhosts

/etc/backupmxhosts add cuda01.sourcedns.com cuda02.sourcedns.com cuda03.sourcedns.com barracuda.sourcedns