Exim
Reading an Exim main log
The Beginning of the Line
Each line starts with the date and time. Immediately following is the message’s process ID number (PID):
1487
and then exim’s internal message ID:
1Ov4tU-0000Nz-Rm
The exigrep tool uses this ID to pull all log lines for this file out of the mainlog; on a busy mailserver, log lines from the same e-mail may be spread out across the logfile.
The First Line
The next item on the first line starts with “H=”. This specifies the hostname of the server that the mail originates from. Next (in square brackets) is the IP address of that server, followed by the port number. “I=” looks similar, but is describing your mailserver. A warning follows: Spamassassin believes that this message is not spam.
The Second Line
The second line almost starts the same (with H and I), but before that the “<=” symbol is used. This indicates that this line is describing the arrival of the message on your mailserver. Immediately after this symbol is the e-mail address that this mail is being sent from.After H and I, the “P” abbreviation designates the protocol being used (here esmtps). Note that this only means this because it is on a “<=” line; if this were a “=>” line it would indicate the return path of the message.
The X tells us the particular cipher suite that is used; this is usually not something you would be looking for when troubleshooting a mail issue. CV refers to certification verification status, and S is the size of the message.
Next, “id” refers to the message id that was created by the sending server and sent as one of the mail headers. T (for topic) is the subject of the e-mail. The line ends with “for user@example.com”, letting us know just who the message is for.
The Third and Fourth Lines
The third line is just as easy to decipher using the exim manual. Parsing the next two lines of the mail transaction are left as an exercise to the reader. When doing so, note that the third line has the “=>” symbol; abbreviations on the line may mean something different than they did in previous lines.
Retry timeout not reached
T=remote_smtp: retry time not reached for any host after a long failure period
1.) Go to /var/spool/exim/db
2.) delete files: retry , retry.lockfile , wait-remote_smtp, wait-remote_smtp.lockfile
3.) service exim restart
Exim Status Indicators
It is important to note that exim will show how messages arrive or deliver via a code
<= message arrival (= message fakereject => normal message delivery -> additional address in same delivery >> cutthrough message delivery *> delivery suppressed by -N ** delivery failed; address bounced == delivery deferred; temporary problem
exim configuration variables for load amount when queue is sent
deliver_queue_load_max = 12 queue_only_load = 24
deleting messages from the email queue that are older than 1 day (faster method than normal find |xargs)
find /var/spool/exim/ -print0 -mtime +1 -type f -name "*-H" | xargs -0 | sed "s/ /\n/g" | cut -d/ -f7 | cut -d- -f1-3 | xargs exim -Mrm
What is exim currently processing?
exiwhat
shows active connections being handled
ps -C exim wwwu
shows a list of all running exim procs
lsof -c exim
shows a list of files being accessed by exim
Retry Timeout
dkim_remote_smtp defer (-53): retry time not reached for any host if you see this a lot try this
cd /var/spool/exim/db rm -f retry retry.lockfile rm -f wait-remote_smtp wait-remote_smtp.lockfile service exim restart
Remove all frozen messages
exim -bp | grep -i frozen | awk '{print $3}' | while read LINE; do exim -Mt $LINE; done
exiqgrep -z -i | xargs exim -Mt
exiqgrep -z -i | xargs exim -Mrm
Ports used for mail
SMTP 25 SMTP 26 POP3 110 IMAP 143 SMTP(secure) 465 SMTP 587 IMAP(secure) 993 POP3(secure) 995 Webmail 2095 Webmail(secure) 2096
retry timeout
dkim_remote_smtp defer (-53): retry time not reached for any host
if you see this a lot try this
cd /var/spool/exim/db rm -f retry retry.lockfile rm -f wait-remote_smtp wait-remote_smtp.lockfile service exim restart
File Paths used with MailSecure setups
/etc/skipsmtpcheckhosts /etc/senderverifybypasshosts /etc/ips.remotemail /etc/trustedmailhosts
/etc/backupmxhosts add cuda01.sourcedns.com cuda02.sourcedns.com cuda03.sourcedns.com barracuda.sourcedns