- /var/log/exim_mainlog – logs every email that is processed by Exim
- /var/log/exim_rejectlog information about all rejected emails
- /var/log/exim_paniclog error related to Exim itself
Exim has it’s own version of grep: exigrep
exigrep vs grep? Exigrep returns complete entries and grep returns only single lines.
Here is an example of an email that was delivered.
# exigrep paypal.co.uk /var/log/exim_mainlog
2020-02-09 10:31:43 1j0jsN-0002hA-Li <= service@paypal.co.uk T="Notification of Payment Received" for sales@example.net
2020-02-09 10:31:43 1j0jsN-0002hA-Li => sales R=virtual_user T=dovecot_virtual_delivery
2020-02-09 10:31:43 1j0jsN-0002hA-Li Completed- 10:31:43 – timestamp
- 1j0jsN-0002hA-Li – Exim ID
- <= service@paypal.co.uk – incoming email from service@paypal.co.uk
- “Notification of Payment Received” – subject
- sales@example.net – recipent
- R=virtual_user T=dovecot_virtual_delivery – delivered to local user
- Completed – 🙂
Status indicators
Status indicators tell us where the email came from and where it is going to (outgoing, incoming, filter, forwarder..)
| <= | incoming email |
| => | outgoing email |
| -> | additional address in the same delivery |
| *> | delivery suppressed by -N |
| ** | delivery failed – address bounced |
| == | delivery deferred – temporary problem |
Router and transport
Router and transport specify where the email was delivered (user on the same server, remote server..)
- R=virtual_user – user on the same server (delivered by Dovecot)
- R=lookuphost – user on remote server (delivered by Exim)
- R=central_filter – matched a filter rule created by the cPanel user
Other field identifiers
| A | authenticator name (ID is optional) |
| C | SMTP confirmation on delivery |
| CV | certificate validation status |
| D | duration |
| DT | delivery time – time taken to deliver the email |
| F | from – sender address |
| H | hostname an IP address |
| I | interface used |
| ID | message ID for the incoming messages |
| P | protocol used for incoming and return path for outgoing |
| QT | time spent in queue so far for outgoing and completed |
| R | router name for outgoing and reference for incoming |
| S | size of the message |
| ST | shadow transport time |
| T | topic on incoming and transport name on outgoing |
| U | identity of the local user or RFC 1413 |
| X | TLC cypher suite |
