Wednesday, September 16, 2009

SENDMAIL Notes 4 : Sendmail Logs Analyze

Mail logging configuration in syslog.conf

#grep -i mail /etc/syslog.conf
# Log anything (except mail) of level info or higher.
*.info;mail.none;authpriv.none;cron.none            /var/log/messages
# Log all the mail messages in one place.
mail.*          ;     -/var/log/maillog

logging format of syslog.conf

#facility.severity    destination

    facility      = mail, kern etc
    severity    =  info,err,warn,debug
    destination = /var/log/messages, /var/log/maillog

/var/log/messages will be logged other than all mail logs, i.e no maillogs will be logged to /var/log/messages and /var/log/maillog will be logged with all the mail activities.

To log the mail activities separately use the following option in /etc/syslog.conf

mail.*        -/var/log/mail    -/var/log/
mail.warning    -/var/log/mail.warn
mail.err    -/var/log/mail.err

This will log separately to each files

MailLog format:

Ack Log for msg received in MTA:

Sep 13 09:08:36 centos sendmail[6265]: n8D58YWM006265: from=, size=640, class=0, nrcpts=1, msgid=<>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain []

Daily Time stamp: message came from server: Daemon: Process ID: queue ID: From Server: size of message: class: number of recipient: msg id: relay=root@localhost (who has send the message from which host)

MSG Delivery Log:

Sep 13 09:08:36 centos sendmail[6268]: n8D58YWM006265: to=, ctladdr= (502/502), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30830, dsn=2.0.0, stat=Sent

Time stamp:hostname:daemon:PID:queue ID: to=recipient:ctladdr=is the local user who sends the msg (ctladdr user ID /& Group ID):delay=is expressed the amount of time between the msg recieved and delivered:xdelay=amount of time taken to transfer the msg (from user to user or host to host):mailer=the type of the mailer used in sendmail:pri=priority:dsn= Delivery Status Notification(Email Delivery Error Codes ):status=status of msg delivery 

Email Delivery Codes: Errors (Delivery Status Notification: DSN)

How many times you got your outgoing emails back and wondered what is wrong with it? Every time when your email can not be delivered, the SMTP server sends you a notification, which includes a standard error message, associated with the real problem.
     Each code is composed of three digits (X.X.X). The first digit gives the status of the email message:

  • 2 means the email was succesfully sent;

  • 4 means there was a temporary problem while sending the email (your email server may try to send it again or you have to resend it, depending on your server settings). Such error messages are using codes like 4.X.X, where X.X are used in order to give more precise information about the error;

  • 5 means there is a permanent/fatal error related to the email (the email address of the receiver does not exist, it doesn't accept emails from you, etc). Such error messages are using codes like 5.X.X, where X.X are used in order to give more precise information about the error.

  • Here is a complete list of email delivery error codes, based on the Extended SMTP (ESMTP) standards, where X can be 4 or 5, depending on the error type (Persistent Transient or Permanent):
    • X.1.0 Other address status
    • X.1.1 Bad destination mailbox address
    • X.2.0 Bad destination system address
    • X.1.3 Bad destination mailbox address syntax
    • X.1.4 Destination mailbox address ambiguous
    • X.1.5 Destination mailbox address valid
    • X.1.6 Mailbox has moved
    • X.1.7 Bad sender's mailbox address syntax
    • X.1.8 Bad sender's system address
    • X.2.0 Other or undefined mailbox status
    • X.2.1 Mailbox disabled, not accepting messages
    • X.2.2 Mailbox full
    • X.2.3 Message length exceeds administrative limit.
    • X.2.4 Mailing list expansion problem
    • X.3.0 Other or undefined mail system status
    • X.3.1 Mail system full
    • X.3.2 System not accepting network messages
    • X.3.3 System not capable of selected features
    • X.3.4 Message too big for system
    • X.4.0 Other or undefined network or routing status
    • X.4.1 No answer from host
    • X.4.2 Bad connection
    • X.4.3 Routing server failure
    • X.4.4 Unable to route
    • X.4.5 Network congestion
    • X.4.6 Routing loop detected
    • X.4.7 Delivery time expired
    • X.5.0 Other or undefined protocol status
    • X.5.1 Invalid command
    • X.5.2 Syntax error
    • X.5.3 Too many recipients
    • X.5.4 Invalid command arguments
    • X.5.5 Wrong protocol version
    • X.6.0 Other or undefined media error
    • X.6.1 Media not supported
    • X.6.2 Conversion required and prohibited
    • X.6.3 Conversion required but not supported
    • X.6.4 Conversion with loss performed
    • X.6.5 Conversion failed
    • X.7.0 Other or undefined security status
    • X.7.1 Delivery not authorized, message refused
    • X.7.2 Mailing list expansion prohibited
    • X.7.3 Security conversion required but not possible
    • X.7.4 Security features not supported
    • X.7.5 Cryptographic failure
    • X.7.6 Cryptographic algorithm not supported
    • X.7.7 Message integrity failure
    For checking the mail log - Better to grep the queue id from maillog to check the msg status:

    # grep queueid /var/log/maillog
    # grep "Aug 15" /var/log/maillog

    No comments:

    Post a Comment

    tag ur valuable ideas below