would broken smtp connections show in exim_mainlog?

spaceman

Well-Known Member
Mar 25, 2002
517
8
318
G'day.

If a client is trying to send an mail with a large attachment via a cPanel exim SMTP service, but before the email is fully sent their computer blows up (for example!), i.e. the connection is broken before successful completion, which log file(s) would I see evidence of that connection? exim_mainlog? exim_rejectlog? Other?

Thx.
 

xprt5

Well-Known Member
Apr 6, 2003
72
0
156
Houston
/var/log/exim_mainlog will show all incoming and outgoing email.

You can enable extra logging in exim by adding "log_selector = +all" to /etc/exim.conf at the top, then restart exim.

/var/log/maillog shows all POP login/logout connections if they are sending thru POP.
 

spaceman

Well-Known Member
Mar 25, 2002
517
8
318
/var/log/exim_mainlog will show all incoming and outgoing email.

You can enable extra logging in exim by adding "log_selector = +all" to /etc/exim.conf at the top, then restart exim.

/var/log/maillog shows all POP login/logout connections if they are sending thru POP.
Thanks for that. Checking maillog for the problem pop account:

Jun 7 10:02:23 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:02:23 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=0, time=0
Jun 7 10:03:24 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:03:27 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=8528, time=3
Jun 7 10:04:39 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:04:42 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=16555, time=3
Jun 7 10:05:51 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:05:52 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=0, time=1
Jun 7 10:06:54 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:07:11 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=1056289, time=17
Jun 7 10:08:01 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:08:01 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=0, time=0
Jun 7 10:09:11 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]
Jun 7 10:09:23 mercury pop3d: LOGOUT, [email protected], ip=[::ffff:60.242.173.83], top=0, retr=1067247, time=12
Jun 7 10:10:31 mercury pop3d: LOGIN, [email protected], ip=[::ffff:60.242.173.83]

I think I can assume that "top=0, retr=0, time=0" is good and "top=0, retr=1056289, time=17" is *not* good?

Does anyone know specifically what top, retr, and time mean in this context? Like this person (who also didn't get the answer they were seeking), I assumed that I'd find the answer in exim documentation:

http://www.exim-users.org/forums/showthread.php?threadid=54850

But googling on "pop3d maillog top retr time" didn't illuminate either.

Any takers?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Not exim, that's courier-imap ;)

I'd hazard:

top=0 <- how many times the POP3 POP command was used
retr=1067247 <- the amount of data (in bytes) retrieved
time=12 < the amount of time (in seconds) it took to retrieve the data

Looks like normal POP email retrieval working correctly.

However, this is nothing to do with sending email and for that you should be checking the exim_mainlog.

You cannot "send through POP", that confusion comes from POP before SMTP which is simply an authentication mechanism to allow IP's to relay.
 

spaceman

Well-Known Member
Mar 25, 2002
517
8
318
Hi Chirpy,

Thanks for your great advice.

Just one thing I'm trying to nail down: if a person connects to our server for the purpose of downloading pop email, but part-way through the download of a large email (attachment) the connection to our server dropped (for whatever reason), where would I look in our servers logs to observe this happening, and what would this event look like?

I ask because this user (and occasionally others) have problems downloading large files from our server. Normally it's a server timeout setting in their email software that needs to be increased (under the 'Advanced' tab in Outlook/Express). I just want to be able to say from our end - "yes, I can see your connection attempts, and can see these failures to download the big messages". Or perhaps I have to turn on extended logging to see this?

Thanks again.