Reading Sendmail logs

Typical place for Sendmail logs under Linux is /var/log/maillog.
Every line in log has the following elements : timestamp, name of the machine that has generated the log, word “sendmail”:, and a message. Most of the messages is of the type name = value.

When the message is processed, two log lines are generated (mostly, it can be more, as you will see). The first line logs the message reception, and there is only one for every message. Some fields that are listed here may not exist…

from – The envelope sender address.
size – The size of the message in bytes.
class – The class (i.e., numeric precedence) of the message.
pri – The initial message priority (used for queue sorting).
nrcpts – The number of envelope recipients for this message (after aliasing and forwarding).
msgid – The message id of the message (from the header).
proto – The protocol used to receive this message (e.g., ESMTP or UUCP)
daemon – The daemon name from the DaemonPortOptions setting.
relay – The machine from which it was received.

Also, every time when server tries to deliver a message, one line is logged (so if the message is not delivered in the first try, there can be more lines). Fileds are :

to – A comma-separated list of the recipients to this mailer.
ctladdr – The “controlling user”, that is, the name of the user whose credentials we use for delivery.
delay – The total delay between the time this message was received and the current delivery attempt.
xdelay – The amount of time needed in this delivery attempt (normally indicative of the speed of the connection).
mailer – The name of the mailer used to deliver to this recipient.
relay – The name of the host that actually accepted (or rejected) this recipient.
dsn – The enhanced error code (RFC2034) if available.
stat – The delivery status.

Not all of the fields are always present. For exapmle filed “relay” is usually not given for local delivery.

This entry was posted in Linux and tagged , . Bookmark the permalink.

Comments are closed.