would broken smtp connections show in exim_mainlog?

[spaceman]

G'day.

If a client is trying to send an mail with a large attachment via a cPanel exim SMTP service, but before the email is fully sent their computer blows up (for example!), i.e. the connection is broken before successful completion, which log file(s) would I see evidence of that connection? exim_mainlog? exim_rejectlog? Other?

Thx.

 

[xprt5]

/var/log/exim_mainlog will show all incoming and outgoing email.

You can enable extra logging in exim by adding "log_selector = +all" to /etc/exim.conf at the top, then restart exim.

/var/log/maillog shows all POP login/logout connections if they are sending thru POP.

 

[spaceman]

/var/log/exim_mainlog will show all incoming and outgoing email.

You can enable extra logging in exim by adding "log_selector = +all" to /etc/exim.conf at the top, then restart exim.

/var/log/maillog shows all POP login/logout connections if they are sending thru POP.

Thanks for that. Checking maillog for the problem pop account:

Jun 7 10:02:23 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:02:23 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=0, time=0
Jun 7 10:03:24 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:03:27 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=8528, time=3
Jun 7 10:04:39 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:04:42 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=16555, time=3
Jun 7 10:05:51 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:05:52 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=0, time=1
Jun 7 10:06:54 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:07:11 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=1056289, time=17
Jun 7 10:08:01 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:08:01 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=0, time=0
Jun 7 10:09:11 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:09:23 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=1067247, time=12
Jun 7 10:10:31 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]

I think I can assume that "top=0, retr=0, time=0" is good and "top=0, retr=1056289, time=17" is *not* good?

Does anyone know specifically what top, retr, and time mean in this context? Like this person (who also didn't get the answer they were seeking), I assumed that I'd find the answer in exim documentation:

http://www.exim-users.org/forums/showthread.php?threadid=54850

But googling on "pop3d maillog top retr time" didn't illuminate either.

Any takers?

 

[chirpy]

Not exim, that's courier-imap

I'd hazard:

top=0 <- how many times the POP3 POP command was used
retr=1067247 <- the amount of data (in bytes) retrieved
time=12 < the amount of time (in seconds) it took to retrieve the data

Looks like normal POP email retrieval working correctly.

However, this is nothing to do with sending email and for that you should be checking the exim_mainlog.

You cannot "send through POP", that confusion comes from POP before SMTP which is simply an authentication mechanism to allow IP's to relay.

 

[spaceman]

Hi Chirpy,

Thanks for your great advice.

Just one thing I'm trying to nail down: if a person connects to our server for the purpose of downloading pop email, but part-way through the download of a large email (attachment) the connection to our server dropped (for whatever reason), where would I look in our servers logs to observe this happening, and what would this event look like?

I ask because this user (and occasionally others) have problems downloading large files from our server. Normally it's a server timeout setting in their email software that needs to be increased (under the 'Advanced' tab in Outlook/Express). I just want to be able to say from our end - "yes, I can see your connection attempts, and can see these failures to download the big messages". Or perhaps I have to turn on extended logging to see this?

Thanks again.