How to , and other stuff about linux, photo, php … A linux, photography blog. To remember some linux situation, and fix them quickly.

April 13, 2020

Sender identification U=mailnull D=-system- S=mailnull

Filed under: Linux — Tags: , , , — admin @ 11:33 am

Login to your server via SSH as the root user.

Run the following command to get a sorted report of the users with the highest amounts of delivery failures:
grep "for .*@.*" /var/log/exim_mainlog | grep "<= <>" | awk -F"T=" '{print $2}' |
awk '{print $NF,$0}' | awk -F" for" '{print $1}' | sort | uniq -c | sort -n

Code breakdown:

grep “for .*@.*” /var/log/exim_mainlog = Locate lines in the Exim mail log that include any variation of “for user@domain.com”

grep “<= <>” = Locate lines that are being sent from a null sender, which indicates a bounce back

awk -F”T=” ‘{print $2}’ = Use the awk command with the Field seperator set to T= which is the subject line in the mail log, then only print the $2nd column of data.

awk ‘{print $NF,$0}’ | awk -F” for” ‘{print $1}’ = Use awk to print $NF which is the very last column, which is the email address. Then run awk again with the Field seperator set to for and then print out only the $1st colum of data (this strips the email user off of the end of the line).

sort | uniq -c | sort -n = Sort all of the data by the email users, then uniquely count them, and finally sort those counts by lowest to highest.

This will give you back data looking like this:
573 support@example.com "Mail delivery failed: returning message to sender
663 user@example.com "Mail delivery failed: returning message to sender
871 test@example.com "Mail delivery failed: returning message to sender
1282 help@example.com "Mail delivery failed: returning message to sender

Investigate cause of delivery failures

Now that you know one user in particular help@example.com had the most delivery errors, you can use the steps below to investigate the cause of these problems.

  1. Run the following command to find the latest delivery failure:grep "Mail delivery failed:" /var/log/exim_mainlog | grep help@example.com | tail -1
    This should give you back the full line from the Exim mail log that contains that error:2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012
    T="Mail delivery failed: returning message to sender" for help@example.com

    Copy the messaged ID following R=, so in this case it would be 1TvYvW-00069r-Au
  2. Using the message ID you copied, run the following command: exigrep -I -l 1TvYvW-00069r-Au /var/log/exim_mainlog
    This will display the full message transaction for the message that bounced:
    2013-01-16 14:45:34 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TvYvW-00069r-Au
    2013-01-16 14:45:34 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1TvYvW-00069r-Au
    2013-01-16 14:45:34 1TvYvW-00069r-Au <= help@example.com H=localhost (secure103.inmotionhosting.com) [127.0.0.1]:40726 P=esmtpa A=courier_login:help@example.com S=1172 id=f25ddf5d4e8c56e73ab82081c9011a34@atomlabs.net T="Test" for no-reply@example.com
    2013-01-16 14:45:34 1TvYvW-00069r-Au ** no-reply@example.com R=virtual_aliases: No Such User Here"
    2013-01-16 14:45:34 1TvYvW-00069r-Au Completed
    2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012 T="Mail delivery failed: returning message to sender" for help@example.com
    2013-01-16 14:45:34 1TvYvW-0006AC-ER => help <help@example.com> R=virtual_user T=virtual_userdelivery
    2013-01-16 14:45:34 1TvYvW-0006AC-ER Completed

    So in this case we can see the reason the message bounced was ** no-reply@example.com R=virtual_aliases: No Such User Here. Basically, help@example.com had tried to send a message to an email address that didn’t exist so it bounced.
  3. You can repeat the sames steps to investigate other bounces that user has been generating. Or an alternative method would be to directly look at the user’s mail with the following commands:
    grep "Mail delivery failed" /home/userna5/mail/example.com/help/{cur,new} -RThis gives back something like:
    /home/userna5/mail/example.com/help/cur/1358366803.H952383P10133.ecbiz103.inmotionhosting.com,S=2120:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366759.H640077P7532.ecbiz103.inmotionhosting.com,S=2115:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358365534.H479296P23705.ecbiz103.inmotionhosting.com,S=2107:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,:Subject: Mail delivery failed: returning message to sender

    You can then read one of the bounce backs for further details with this command:
    less /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,
    When you’re done looking at the file, you can hit q to quit and get back to the command line.

Original post taken from here inmotionhosting.com/support/email/find-email-delivery-failures-in-exim/

December 16, 2012

How to update DomainKeys on a cpanel server with existing accounts

Filed under: Linux — Tags: , , , — admin @ 2:30 pm

Hello ,
Well, I have a main server with cpanel , because is easy to make e-mail account’s there , and other server for other big sites. So basically I create account on cpanel server and after that I move ip to point to other server.
However if you server crash and you restore the cpanel account it appear that cpanel rebuild the dns zone, and you have to work twice, to redo the ip to old server .
If is one domain is easy but if you have a few , then a solution is to, restore /var/named files from backup that you made, and /etc/named.conf. After this what I do was to chattr +i /var/named/*.db . In this way cpanel will keep my old configuration. However your cpanel serve will create new dkim files for you, and you will have old values on your *.db files.
So, how we fix that ?
Firs of all when the restore is done make then movable again chattr -i /var/named/*.db
After this just run :
for user in `ls -A /var/cpanel/users` ; do /usr/local/cpanel/bin/dkim_keys_uninstall $user ; done
This will erase old dkim configuration for you, when is done run :
for user in `ls -A /var/cpanel/users` ; do /usr/local/cpanel/bin/dkim_keys_uninstall $user ; done

Now you have all information updated . Off course you should use those generated files from /var/cpanel/domain_keys on other server if you send mail from there also .

Best regards

Powered by WordPress