How to , and other stuff about linux, photo, php … A linux, photography blog. To remember some linux situation, and fix them quickly.

April 13, 2020

Sender identification U=mailnull D=-system- S=mailnull

Filed under: Linux — Tags: , , , — admin @ 11:33 am

Login to your server via SSH as the root user.

Run the following command to get a sorted report of the users with the highest amounts of delivery failures:
grep "for .*@.*" /var/log/exim_mainlog | grep "<= <>" | awk -F"T=" '{print $2}' |
awk '{print $NF,$0}' | awk -F" for" '{print $1}' | sort | uniq -c | sort -n

Code breakdown:

grep “for .*@.*” /var/log/exim_mainlog = Locate lines in the Exim mail log that include any variation of “for user@domain.com”

grep “<= <>” = Locate lines that are being sent from a null sender, which indicates a bounce back

awk -F”T=” ‘{print $2}’ = Use the awk command with the Field seperator set to T= which is the subject line in the mail log, then only print the $2nd column of data.

awk ‘{print $NF,$0}’ | awk -F” for” ‘{print $1}’ = Use awk to print $NF which is the very last column, which is the email address. Then run awk again with the Field seperator set to for and then print out only the $1st colum of data (this strips the email user off of the end of the line).

sort | uniq -c | sort -n = Sort all of the data by the email users, then uniquely count them, and finally sort those counts by lowest to highest.

This will give you back data looking like this:
573 support@example.com "Mail delivery failed: returning message to sender
663 user@example.com "Mail delivery failed: returning message to sender
871 test@example.com "Mail delivery failed: returning message to sender
1282 help@example.com "Mail delivery failed: returning message to sender

Investigate cause of delivery failures

Now that you know one user in particular help@example.com had the most delivery errors, you can use the steps below to investigate the cause of these problems.

  1. Run the following command to find the latest delivery failure:grep "Mail delivery failed:" /var/log/exim_mainlog | grep help@example.com | tail -1
    This should give you back the full line from the Exim mail log that contains that error:2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012
    T="Mail delivery failed: returning message to sender" for help@example.com

    Copy the messaged ID following R=, so in this case it would be 1TvYvW-00069r-Au
  2. Using the message ID you copied, run the following command: exigrep -I -l 1TvYvW-00069r-Au /var/log/exim_mainlog
    This will display the full message transaction for the message that bounced:
    2013-01-16 14:45:34 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TvYvW-00069r-Au
    2013-01-16 14:45:34 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1TvYvW-00069r-Au
    2013-01-16 14:45:34 1TvYvW-00069r-Au <= help@example.com H=localhost (secure103.inmotionhosting.com) [127.0.0.1]:40726 P=esmtpa A=courier_login:help@example.com S=1172 id=f25ddf5d4e8c56e73ab82081c9011a34@atomlabs.net T="Test" for no-reply@example.com
    2013-01-16 14:45:34 1TvYvW-00069r-Au ** no-reply@example.com R=virtual_aliases: No Such User Here"
    2013-01-16 14:45:34 1TvYvW-00069r-Au Completed
    2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012 T="Mail delivery failed: returning message to sender" for help@example.com
    2013-01-16 14:45:34 1TvYvW-0006AC-ER => help <help@example.com> R=virtual_user T=virtual_userdelivery
    2013-01-16 14:45:34 1TvYvW-0006AC-ER Completed

    So in this case we can see the reason the message bounced was ** no-reply@example.com R=virtual_aliases: No Such User Here. Basically, help@example.com had tried to send a message to an email address that didn’t exist so it bounced.
  3. You can repeat the sames steps to investigate other bounces that user has been generating. Or an alternative method would be to directly look at the user’s mail with the following commands:
    grep "Mail delivery failed" /home/userna5/mail/example.com/help/{cur,new} -RThis gives back something like:
    /home/userna5/mail/example.com/help/cur/1358366803.H952383P10133.ecbiz103.inmotionhosting.com,S=2120:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366759.H640077P7532.ecbiz103.inmotionhosting.com,S=2115:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358365534.H479296P23705.ecbiz103.inmotionhosting.com,S=2107:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,:Subject: Mail delivery failed: returning message to sender

    You can then read one of the bounce backs for further details with this command:
    less /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,
    When you’re done looking at the file, you can hit q to quit and get back to the command line.

Original post taken from here inmotionhosting.com/support/email/find-email-delivery-failures-in-exim/

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress