Hi All,
Got a call from a client today (m.nel) saying that he's not received an email from someone (akernst) that he was expecting this morning before 9am.
As it turned out the mail HAD been received successfully, but had ended up in m.nel's spam folder.
BUT here's the thing. I did a grep of exim_mainlog for all mails sent/received between m.net and akernst and there's no record of that email ever passing through our server (at least as far as exim_mainlog is concerned). The mail was was definitely sent 2006-10-06 around about 0700-0800, and I'm as confident as I can be that m.net and akernst are the correct addresses to be searching for.
root@saturn [/var/log]# grep 'akernst' /var/log/exim_mainlog | grep 'm.nel'
2006-10-01 12:06:02 1GTsaW-00034b-Mb <= [email protected] H=omta04ps.mx.bigpond.com [144.140.83.156]:54235 I=[216.7.176.116]:25 P=esmtp S=152890 id=!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAsWuqM4x+bESiMBk9lwpgdsKAAAAQAAAAM77NS4PLwk2gx4JDCvta5wEAAAAA@bigpond.com T="Andree's Timesheet 30 Sept" from <[email protected]> for [email protected] [email protected] [email protected]
2006-10-01 12:06:05 1GTsaW-00034b-Mb => m.nel <[email protected]> F=<[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery S=153179
2006-10-03 07:30:51 1GUXFL-0003rB-CI <= [email protected] H=omta04sl.mx.bigpond.com [144.140.93.156]:17601 I=[216.7.176.116]:25 P=esmtp S=10974 id=!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAsWuqM4x+bESiMBk9lwpgdsKAAAAQAAAA9xYdvFuPZUCTAl8MOkxIJgEAAAAA@bigpond.com T="New Resaerch .. The Science of Wisdom- Catalyst 5 October 2006" from <[email protected]> for [email protected] [email protected] [email protected] [email protected]
2006-10-03 07:30:57 1GUXFL-0003rB-CI => m.nel <[email protected]> F=<[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery S=11250
2006-10-06 10:56:34 1GVft4-0001ut-8g <= [email protected] H=imta06sl.mx.bigpond.com [144.140.93.143]:65274 I=[216.7.176.116]:25 P=esmtp S=889 id=8573531.1160103480149.JavaMail.root@web06sl T="Testing" from <[email protected]> for [email protected]
2006-10-06 10:56:44 1GVft4-0001ut-8g => m.nel <[email protected]> F=<[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery S=1158
root@saturn [/var/log]#
So you can see emails logged before and after, but not the one definitely sent and successfully received around about 0700-0800 2006-10-06.
Is there mail activity that exim_mainlog doesn't record? I was under the impression that this sort of search of exim_mainlog (and perhaps exim_paniclog and exim_rejectlog) was 100% authoritative for all mail activity on the server. Or perhaps my grep is wrong?
Can anyone throw me any bones here?
Got a call from a client today (m.nel) saying that he's not received an email from someone (akernst) that he was expecting this morning before 9am.
As it turned out the mail HAD been received successfully, but had ended up in m.nel's spam folder.
BUT here's the thing. I did a grep of exim_mainlog for all mails sent/received between m.net and akernst and there's no record of that email ever passing through our server (at least as far as exim_mainlog is concerned). The mail was was definitely sent 2006-10-06 around about 0700-0800, and I'm as confident as I can be that m.net and akernst are the correct addresses to be searching for.
root@saturn [/var/log]# grep 'akernst' /var/log/exim_mainlog | grep 'm.nel'
2006-10-01 12:06:02 1GTsaW-00034b-Mb <= [email protected] H=omta04ps.mx.bigpond.com [144.140.83.156]:54235 I=[216.7.176.116]:25 P=esmtp S=152890 id=!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAsWuqM4x+bESiMBk9lwpgdsKAAAAQAAAAM77NS4PLwk2gx4JDCvta5wEAAAAA@bigpond.com T="Andree's Timesheet 30 Sept" from <[email protected]> for [email protected] [email protected] [email protected]
2006-10-01 12:06:05 1GTsaW-00034b-Mb => m.nel <[email protected]> F=<[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery S=153179
2006-10-03 07:30:51 1GUXFL-0003rB-CI <= [email protected] H=omta04sl.mx.bigpond.com [144.140.93.156]:17601 I=[216.7.176.116]:25 P=esmtp S=10974 id=!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAsWuqM4x+bESiMBk9lwpgdsKAAAAQAAAA9xYdvFuPZUCTAl8MOkxIJgEAAAAA@bigpond.com T="New Resaerch .. The Science of Wisdom- Catalyst 5 October 2006" from <[email protected]> for [email protected] [email protected] [email protected] [email protected]
2006-10-03 07:30:57 1GUXFL-0003rB-CI => m.nel <[email protected]> F=<[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery S=11250
2006-10-06 10:56:34 1GVft4-0001ut-8g <= [email protected] H=imta06sl.mx.bigpond.com [144.140.93.143]:65274 I=[216.7.176.116]:25 P=esmtp S=889 id=8573531.1160103480149.JavaMail.root@web06sl T="Testing" from <[email protected]> for [email protected]
2006-10-06 10:56:44 1GVft4-0001ut-8g => m.nel <[email protected]> F=<[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery S=1158
root@saturn [/var/log]#
So you can see emails logged before and after, but not the one definitely sent and successfully received around about 0700-0800 2006-10-06.
Is there mail activity that exim_mainlog doesn't record? I was under the impression that this sort of search of exim_mainlog (and perhaps exim_paniclog and exim_rejectlog) was 100% authoritative for all mail activity on the server. Or perhaps my grep is wrong?
Can anyone throw me any bones here?