The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

would broken smtp connections show in exim_mainlog?

Discussion in 'E-mail Discussions' started by spaceman, Jun 6, 2007.

  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    G'day.

    If a client is trying to send an mail with a large attachment via a cPanel exim SMTP service, but before the email is fully sent their computer blows up (for example!), i.e. the connection is broken before successful completion, which log file(s) would I see evidence of that connection? exim_mainlog? exim_rejectlog? Other?

    Thx.
     
  2. xprt5

    xprt5 Well-Known Member

    Joined:
    Apr 6, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Houston
    /var/log/exim_mainlog will show all incoming and outgoing email.

    You can enable extra logging in exim by adding "log_selector = +all" to /etc/exim.conf at the top, then restart exim.

    /var/log/maillog shows all POP login/logout connections if they are sending thru POP.
     
  3. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for that. Checking maillog for the problem pop account:

    Jun 7 10:02:23 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]
    Jun 7 10:02:23 mercury pop3d: LOGOUT, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83], top=0, retr=0, time=0
    Jun 7 10:03:24 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]
    Jun 7 10:03:27 mercury pop3d: LOGOUT, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83], top=0, retr=8528, time=3
    Jun 7 10:04:39 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]
    Jun 7 10:04:42 mercury pop3d: LOGOUT, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83], top=0, retr=16555, time=3
    Jun 7 10:05:51 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]
    Jun 7 10:05:52 mercury pop3d: LOGOUT, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83], top=0, retr=0, time=1
    Jun 7 10:06:54 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]
    Jun 7 10:07:11 mercury pop3d: LOGOUT, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83], top=0, retr=1056289, time=17
    Jun 7 10:08:01 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]
    Jun 7 10:08:01 mercury pop3d: LOGOUT, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83], top=0, retr=0, time=0
    Jun 7 10:09:11 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]
    Jun 7 10:09:23 mercury pop3d: LOGOUT, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83], top=0, retr=1067247, time=12
    Jun 7 10:10:31 mercury pop3d: LOGIN, user=vikki@scenemodels.com, ip=[::ffff:60.242.173.83]

    I think I can assume that "top=0, retr=0, time=0" is good and "top=0, retr=1056289, time=17" is *not* good?

    Does anyone know specifically what top, retr, and time mean in this context? Like this person (who also didn't get the answer they were seeking), I assumed that I'd find the answer in exim documentation:

    http://www.exim-users.org/forums/showthread.php?threadid=54850

    But googling on "pop3d maillog top retr time" didn't illuminate either.

    Any takers?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Not exim, that's courier-imap ;)

    I'd hazard:

    top=0 <- how many times the POP3 POP command was used
    retr=1067247 <- the amount of data (in bytes) retrieved
    time=12 < the amount of time (in seconds) it took to retrieve the data

    Looks like normal POP email retrieval working correctly.

    However, this is nothing to do with sending email and for that you should be checking the exim_mainlog.

    You cannot "send through POP", that confusion comes from POP before SMTP which is simply an authentication mechanism to allow IP's to relay.
     
  5. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Hi Chirpy,

    Thanks for your great advice.

    Just one thing I'm trying to nail down: if a person connects to our server for the purpose of downloading pop email, but part-way through the download of a large email (attachment) the connection to our server dropped (for whatever reason), where would I look in our servers logs to observe this happening, and what would this event look like?

    I ask because this user (and occasionally others) have problems downloading large files from our server. Normally it's a server timeout setting in their email software that needs to be increased (under the 'Advanced' tab in Outlook/Express). I just want to be able to say from our end - "yes, I can see your connection attempts, and can see these failures to download the big messages". Or perhaps I have to turn on extended logging to see this?

    Thanks again.
     
Loading...

Share This Page