Email logs are used to describe the process in an operating system regarding sent online messages. Its analysis is a crucial step, especially in processes where there are problems in receiving and sending emails. In this way, it is possible to raise the diagnosis and solve the problem quickly.
Therefore, in this post that we have prepared, we will discuss how to interpret these logs, tips on how to make an effective reading and why it is so important master this skill on a day-to-day basis in an increasingly digital world. Also, understand how to interpret email queue logs for better online interaction. Follow up!
After all, how to interpret e-mail logs?
To understand how e-mail logs work, first you need to understand the stage of submissions via text file. They are made available to you through a ticket in the Sending — SMTP category. In this way, the logs are subdivided into two subgroups. Know what they are:
- SMTP authenticated – refers to when you use your emails via email program, webmail or web send , however, you must use an account and password along with your domain’s SMTP server;
- SMTP web – when sending via of some function of your web server, such as forms.
In addition, during the process, some terms appear frequently and it is essential to understand what each of them are. The main ones are:
- from: defines who sent the message;
- to: recipient who will receive the message;
- relay: MX server responsible for receiving the message;
- status=send: addresses that the message was sent.
How read and interpret them?
If you use cPanel in your hosting plan (platform used to manage hosted sites), it will be possible to configure practical and efficient identification sent by the server, with the analysis of e-mail logs. In addition, this model uses Exim (email transfer agent) and thus, they are stored in the following parameters:
- mailman logs : found in directory – /usr/local/cpanel/3rdparty/mailman/logs/*
- dovecot and Spam Assassin Log: found in –/var /log/maillog
- Exim main logs: found in –/var/log/exim_mainlog
After you have accessed your server terminal, you can use the “grep” command. It serves to filter the files for a specific term and provides lines about the model you were looking for. The command is done as follows:
grep “account@de-email” /var/log/exim_mainlog
After that, you will have the answer inside the file exim_mainlog, which contains the term “account@de-email”. It is also possible to find the logs of your emails through the WHM that is in the option “Reports of email deliveries”. In this menu, it is possible to filter accounts, receipts, shipments, dates, etc.
After executing the report icon, click on the magnifying glass and go to the actions tab to display more detailed information about that message .
How to interpret the e-mail logs?
There are some signals emitted in the log of the e-mail that indicates if your message was sent, received or if it had some error. So, to know if it was issued, it displays the code:
2022–07–30 11:49:12 1YMQRX–0008D8–LD => root@marcosp.tk…
When the message is received, it issues the code:
2022–07–30 11:49:12 1YMQRX–0008D8–LD
When the message is deferred, the code appears as follows:
2022–07–30 11:49:12 1YMQRX–0008D8–LD == root@marcosp.tk…
Finally, when it fails:
2022–07–30 11:49:12 1YMQRX–0008D8–LD root@marcosp.tk…
In short, every message sent via e-mail has a unique code linked to it, called a message ID, that is, even if e-mail software other than Exim is used, the nomenclature is will keep the same. Thus, it guarantees that no message has this identical code.
In addition to the message ID code, the emails also display the Exim ID, a code specific to this model that creates unique emails at the time of shipping. To find them, the format they present is in Exim _mainlog format and every time a message arrives on servers that use Exim, a new Exim ID is established on that server.
Why is it so important to know how to interpret the logs?
In fact, interpreting the email logs for better online interaction is a complex task, mainly because many commands are presented in English. However, even so, it is possible to understand these issues because the terms are often repeated and with a translator, it will be possible to become familiar with the subject and over time, this step will become easier.
With the correct interpretation, you can optimize the work and correct details without the need for technical support. However, be sure to count on a specialized team to give that strength when doubts arise, after all, as it is a detailed work, particularities can go unnoticed.
Therefore, also try to understand about the transporter and router in this process. Routers indicate which path the message takes to resolve. Transporters, in turn, refer to the part of code executed in the path. Both are present in the log stage to assist in the correction of failures in sending and receiving.
To be identified in the logs, the router is found after the term R= and the carrier, after the expression T=. In the following example, we see a case where the router is virtual_user and the carrier is decover_virtual_delivery.
2022–07–30 13:28:23 1nI98A–0006cz–Lm => marco@ landmark referencing through the /etc/exim.conf file, which points out how the transformer and router must work.
Including, it is also common for emails to enter the sending queue and this occurs when there is a very high volume of uploads, or even when the server is overloaded with other tasks. In the case of the Exim log, during the mail queue, the process will send one message at a time.
Now that you have seen how to read and interpret the mail logs, this step it will be more practical, however, remember: as there will always be details that may vary depending on the platform of the hosted site, it is important to have specialized support for the removal of doubts, especially with technology in companies.
Was the post enlightening? So share it with your friends on social networks so that they too dominate on this subject!
