Exim log files and exigrep

Exim log files and exigrep

  • /var/log/exim_mainlog – logs every email that is processed by Exim
  • /var/log/exim_rejectlog information about all rejected emails
  • /var/log/exim_paniclog error related to Exim itself

Exim has it’s own version of grep: exigrep

exigrep vs grep? Exigrep returns complete entries and grep returns only single lines.

Here is an example of an email that was delivered.

# exigrep paypal.co.uk /var/log/exim_mainlog
2020-02-09 10:31:43 1j0jsN-0002hA-Li <= service@paypal.co.uk T="Notification of Payment Received" for sales@example.net
2020-02-09 10:31:43 1j0jsN-0002hA-Li => sales  R=virtual_user T=dovecot_virtual_delivery
2020-02-09 10:31:43 1j0jsN-0002hA-Li Completed
  • 10:31:43 – timestamp
  • 1j0jsN-0002hA-Li – Exim ID
  • <= service@paypal.co.uk – incoming email from service@paypal.co.uk
  • “Notification of Payment Received” – subject
  • sales@example.net – recipent
  • R=virtual_user T=dovecot_virtual_delivery – delivered to local user
  • Completed – 🙂

Status indicators

Status indicators tell us where the email came from and where it is going to (outgoing, incoming, filter, forwarder..)

<=incoming email
=>outgoing email
->additional address in the same delivery
*>delivery suppressed by -N
**delivery failed – address bounced
==delivery deferred – temporary problem

Router and transport

Router and transport specify where the email was delivered (user on the same server, remote server..)

  • R=virtual_user – user on the same server (delivered by Dovecot)
  • R=lookuphost – user on remote server (delivered by Exim)
  • R=central_filter – matched a filter rule created by the cPanel user
See also  Unable to connect to cPanel mail server via an email client: TLS handshaking: SSL_accept() failed

Other field identifiers

Aauthenticator name (ID is optional)
CSMTP confirmation on delivery
CVcertificate validation status
Dduration
DTdelivery time – time taken to deliver the email
Ffrom – sender address
Hhostname an IP address
Iinterface used
IDmessage ID for the incoming messages
Pprotocol used for incoming and return path for outgoing
QTtime spent in queue so far for outgoing and completed
Rrouter name for outgoing and reference for incoming
Ssize of the message
STshadow transport time
Ttopic on incoming and transport name on outgoing
Uidentity of the local user or RFC 1413
XTLC cypher suite
whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.