What is [/var/spool/exim_incoming/msglog?

it's the messages that could not be delivered due to one or another reason. basically, your undelivered mail queue. If it's too high, you probably have misconfigured exim.conf.

for example, try changing following values:

# how long to leave bounce errors on the queue (default few days)
ignore_bounce_errors_after = 0s

# how long to wait before removing frozen messages from queue, default 7d = 1 week
timeout_frozen_after = 2d

you could also add for some better performance:

deliver_queue_load_max = 3
remote_max_parallel = 5

And you should check which messages you have in your queue. If it's mostly Sobig.F virus (possible) and your server trying to send replys to every forged address, you should add this replacing your current check_message rule:

check_message:
require verify = header_sender
drop condition = \
${if match{$message_body} \
{(Please s|S)ee the attached file for details} \
{yes}{no}}
condition = ${if >{$message_size}{98000}{yes}{no}}
condition = \
${if eq{$header_X-MailScanner:}{Found to be clean} \
{yes}{no}}
message = "Sobig.F discarded"

accept

hope it helps somewhat (definitely reduced our queue from 1000+ to 1-2 messages at one time)

cPanel.net Support Ticket Number:

 

oops, my bad. was thinking about the queue since my messagelog contains only the log for messages which are on queue, but yours obviously logs all previous mails, too, so you must have preserve_message_logs turned on.

straight from the horses mouth:

 

Add this to your exim.conf. It can be entered into the first block in the exim config editor in WHM.

Code:

# turn off writing of logs to /var/spool/exim_incoming/msglog/
no_message_logs

Richard

 

Regarding this setting, I am curious if it will not process any logs in the overall /var/log (examples)
maillog
messages
exim_mainlog
eixm_paniclog... etc.etc.

Do you know if this is what that setting is supposed to do?
Great thread....

 

GotHosting, can you provide what are you running?

My Servers show no such directory as: exim_incoming

I'm using:

WHM 8.5.4 cPanel 8.5.4-E97
RedHat 9

 

Thanks -- and you are correct. I do not use MailScanner and didn't realize the problem was directly related to it. Good thread for future problems though, if I ever do use it.

 

My /var/spool/exim_incoming/msglog has 6.0G !!!

My /var/spool/exim_incoming/msglog has 6.0G !!! Can I delete this files?

 

Yes, you can.

 

On the other hand, my /var/spool/exim_incoming/msglog contains about 3MB, which seems quite nice for the moment.

Would anyone know if MailScanner clears old files from this directory periodically, or would it build up over time and surprise me one day?

 

It looks like the exim cleanup routine is not working in exim_incoming, although it should as the coding is there. I'm going to look into it further and probably put a workaround in the daily cronjob associated with our MailScanner package to keep it tidy. If you're not interested in the msglog facility, you can switch it off by adding the following to the first textarea in the advanced mode exim config editor:

no_message_logs

 

I don't think I'm interested in the msglog facility, but then I can't say for sure because I'm not 100% sure what uses it.

I assume that the database 'mailscanner' is used by Mailwatch to produce its nice looking lists and stats, and of course there's always the contents /var/log/ to take a look through when needed.

What then the purpose of the contents of /var/spool/exim_incoming/msglog? I have a strong feeling that its of no use to me, but there's no harm in asking.

 

IIRC, the msglog is simply an archive of email going through the server and of little use.