One of the best tools you can use when investigating e-mail problems is mail logs.
First, you need to know the following symbols:
Each line starts with the date and time. Immediately following is the message’s process ID number (PID):
1487
and then exim’s internal message ID:
1Ov4tU-0000Nz-Rm
The exigrep tool uses this ID to pull all log lines for this file out of the mainlog; on a busy mailserver, log lines from the same e-mail may be spread out across the logfile.
The First Line:
The next item on the first line starts with “H=”. This specifies the hostname of the server that the mail originates from. Next (in square brackets) is the IP address of that server, followed by the port number. “I=” looks similar, but is describing your mailserver. A warning follows: Spamassassin believes that this message is not spam.
The Second Line:
The second line almost starts the same (with H and I), but before that the “<=” symbol is used. This indicates that this line is describing the arrival of the message on your mailserver. Immediately after this symbol is the e-mail address that this mail is being sent from.After H and I, the “P” abbreviation designates the protocol being used (here esmtps). Note that this only means this because it is on a “<=” line; if this were a “=>” line it would indicate the return path of the message.
The X tells us the particular cipher suite that is used; this is usually not something you would be looking for when troubleshooting a mail issue. CV refers to certification verification status, and S is the size of the message.
Next, “id” refers to the message id that was created by the sending server and sent as one of the mail headers. T (for topic) is the subject of the e-mail. The line ends with “for user@example.com”, letting us know just who the message is for.
The Third and Fourth Lines:
Parsing the next two lines of the mail transaction are left as an exercise to the reader. When doing so, note that the third line has the “=>” symbol; abbreviations on the line may mean something different than they did in previous lines.
