The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim_mainlog appears not to be logging all mail activity

Discussion in 'E-mail Discussions' started by spaceman, Oct 5, 2006.

  1. spaceman

    spaceman Well-Known Member

    Mar 25, 2002
    Likes Received:
    Trophy Points:
    Hi All,

    Got a call from a client today (m.nel) saying that he's not received an email from someone (akernst) that he was expecting this morning before 9am.

    As it turned out the mail HAD been received successfully, but had ended up in m.nel's spam folder.

    BUT here's the thing. I did a grep of exim_mainlog for all mails sent/received between and akernst and there's no record of that email ever passing through our server (at least as far as exim_mainlog is concerned). The mail was was definitely sent 2006-10-06 around about 0700-0800, and I'm as confident as I can be that and akernst are the correct addresses to be searching for.

    root@saturn [/var/log]# grep 'akernst' /var/log/exim_mainlog | grep 'm.nel'
    2006-10-01 12:06:02 1GTsaW-00034b-Mb <= []:54235 I=[]:25 P=esmtp S=152890 id=!~! T="Andree's Timesheet 30 Sept" from <> for
    2006-10-01 12:06:05 1GTsaW-00034b-Mb => m.nel <> F=<> R=virtual_sa_user T=virtual_sa_userdelivery S=153179
    2006-10-03 07:30:51 1GUXFL-0003rB-CI <= []:17601 I=[]:25 P=esmtp S=10974 id=!~! T="New Resaerch .. The Science of Wisdom- Catalyst 5 October 2006" from <> for
    2006-10-03 07:30:57 1GUXFL-0003rB-CI => m.nel <> F=<> R=virtual_sa_user T=virtual_sa_userdelivery S=11250
    2006-10-06 10:56:34 1GVft4-0001ut-8g <= []:65274 I=[]:25 P=esmtp S=889 id=8573531.1160103480149.JavaMail.root@web06sl T="Testing" from <> for
    2006-10-06 10:56:44 1GVft4-0001ut-8g => m.nel <> F=<> R=virtual_sa_user T=virtual_sa_userdelivery S=1158
    root@saturn [/var/log]#

    So you can see emails logged before and after, but not the one definitely sent and successfully received around about 0700-0800 2006-10-06.

    Is there mail activity that exim_mainlog doesn't record? I was under the impression that this sort of search of exim_mainlog (and perhaps exim_paniclog and exim_rejectlog) was 100% authoritative for all mail activity on the server. Or perhaps my grep is wrong?

    Can anyone throw me any bones here?

Share This Page