No announcement yet.

Understanding email error logs..........

  • Filter
  • Time
  • Show
Clear All
new posts

  • Understanding email error logs..........


    Most of the time we have issue with our email where we sometime are unable to send and receive emails. Unknowing the root cause we start worrying about it. Here we just need to check the mail error log by executing grep email address /var/log/exim_mainlog . The error log will give the brief description of the issue. Here are some steps that we can follow to resolve the issue in-case we receive any of the below given error:

    Before going through the error log and getting it resolved it is very useful for us to understand each parameter in the mail error log. Below given log is the brief description of the understanding the parameter of the email log:

    Log :
    [email protected] [/home/user]# grep [email protected] /var/log/exim_mainlog
    2010-10-20 09:05:51 1P8UcG-0003rT-Fw <= [email protected] []:47089 I=[]:25 P=smtp S=2525 [email protected] T="test" from <[email protected]> for [email protected]
    2010-10-20 09:06:28 1P8Ucs-00041Y-8h => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=1272 [] C="250 ok dirdel"
    The 1st thing shown here is the date followed by the time and the the message id of the sender which is [email protected]
    Here H stands for host name and IP address of the sender
    I : receivers host mail server ip
    P : protocol used which is SMTP
    S : size of message
    id : message id for incoming message
    T : message subject
    from : sender here which is [email protected]
    for : receiver here which is [email protected]
    F : sender address (on delivery lines)
    R: reference for local bounce
    C : SMTP confirmation on delivery

    This was how the email log is and what its few parameter is for. Going further we will see some more error logs of email.

    1).Error:Queued mail for delivery" (mail queue manager)

    The error “Queued mail for delivery" (mail queue manager)” means that mail has not yet been delivered to recipient which can be due to IP block
    Usually we get Queued mail for delivery" (mail queue manager) error because the mail has not yet been delivered to the recipient due to IP block or blacklisting of IP In this case we just need to remove the frozen mails using the command “” exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm “” and then forcefully deliver the mail from Mail >> Email >> Mail Queue Manager .
    2). Error: soft failed sender ID check. Please ensure this IP is authorized to send"

    The next error soft failed sender ID check. Please ensure this IP is authorized to send" usually occur due to 2 reasons:
    1).Either hotmail blocking the Ip
    2).The receiver has blacklisted the senders IP.
    In such case we can first check if the ip is blacklisted in cPanel >> Mails >> Email authentication >> Additional Ip blocks for your domains (IP4):
    So if the Ip is listed there it will show this error.

    3) Error:discarded (system filter)

    This error discarded (system filter) occur because whenever some spam keywords have been set that whenever and email with that particular keyword whether is header or in body wherever it might have been set is sent then consider that message as spam and directly discarded those emails before they reach the destination.
    We can check the keywords under /etc/cpanel_exim_system_filter as all system filter are configured in /etc/cpanel_exim_system_filter. And the main thing is that we must be having the header or the body of the mail.
    Once we are in that path ie /etc/cpanel_exim_system_filter. Then locate header_subject and message_body and search if the header or the body contents given is there or not. If it is there just comment that line with #.
    4). Error:No Such User Here

    Next error No Such User Here error has many possibilities.
    1) It occurs either if the mail is sent to non-existing user.
    2) We also get this error if we have Set default email address to Discard with error to sender (at SMTP time) and added the message as No Such User Here.
    In this case we can just remove the above option and set default email address to Forward to email address which means any email sent to will be forwarded to the email address mentioned there.
    To avoid spam we usually set default email address to Discard with error to sender (at SMTP time).
    5).Error:lowest numbered MX record points to local host

    The error can occur either because of the MX record for the domain zone of destination recipient.To solve the issue, first check if the domain
    MX record and its priorities to verify that it’s pointing to the correct mail server
    If MX record is correct, ensure that the destination domain is properly designated. which means if the mail is resolving from our server then its entry should be in /etc/localdomains and Local Mail Exchanger should be selected form Main >> DNS Functions >> Edit DNS Zone and if client is using any remote mail server then the domain entry should be removed form /etc/localdomains and added under /etc/remotedomains and select Remote Mail Exchanger from Main >> DNS Functions >> Edit DNS Zone

    6). Error: cancelled by system filter: This message has been rejected because it has\na potentially executable attachment "Cyprus.eml"\nThis form of attachment has been used by\nrecent viruses or other malware.\nIf you meant to send this file then please\npackage it up as a zip file and resend it.

    Now this error usually occurs because entries for the .eml extension is included in the "antivirus settings" related file .
    Actually whenever we click “Forward” the original message is being sent as an attachment and the attached original email itself contains an attachment, probably with .eml extension. we may not see this atachment, but it's there.

    The .eml extension was originally used by Outlook, but now it has been used for many email programs. Unfortunately it is possible for an .eml file to contain a virus. So many ISP's have started blocking all mail moving through their SMTP servers which contain .eml attachments.
    And following are the extensions that we do not support:

    To resolve this issue we can follow any on the one below given steps:
    1) We can either edit anitivirus file as entries for the .eml extension is included in the "antivirus settings" related file which is being utilized by exim (e-mail) service to overcome spam.
    just go to /etc/cpanel_exim_system_filter. and remove all .eml entries and restart exim /scripts/restartsrv_exim

    2)If restarting the exim does not work next thing you need to do is if client is using Thunderbird,ask client to change the settings of the e-mail client that they are using to the standard ones where client needs to change option from "Inline" to "as Attachment" from "Tools >> Options >> Composition >> Forward Messages" here change the option from "Inline" to "as Attachment" .
    As By default, Thunderbird forwards messages as attachments, rather than as quoted inline in the body of the e-mail.
    3)Drag and drop
    you can ask client to Compose a message as usual and then drag-and-drop the message to be forwarded from the thread pane (The thread pane is the pane at the top right when you select a folder in the folder pane: The thread pane lists the contents of the current folder. The height of the thread pane depends on the message pane below it, which is described in the next section. ) into the attachment box. This will rename the attachment to "Attached Message" without ".eml" suffix, which will then pass ISP virus filtering.
    Following any of the above message will resolve the issue.

    7).Error : Mail delivery failed: returning message to sender

    This error shows you the error message "Mail delivery failed: returning message to sender" but if you go through it carefully you will see something like “SMTP error from remote mail server after end of data: host []: 554 5.2.1 : (DYN:T1) #” which means there has been a SMTP error DYN:T1 for which you can refer AOL Postmaster | Postmaster / AOL SMTP Error Messages
    so in this link you can search for DYN:T1 to find the reason which is “ The IP address you are sending from has been temporarily rate limited due to lack of whitelisting, unexpected changes in volume, or poor IP reputation. “ which means the IP address of the sender has been blacklisted.
    So in this case you need to ask client to check and remove the blacklisted IP at receivers end.
    Hope these logs be of any help in resolving your email issues......
    Last edited by Jazlyn; 17-02-2011, 11:47.