Perhaps a particular domain on your cPanel server has stopped receiving e-mail. Or, an address on your domain is able to receive e-mail, except from your supplier. Maybe you can receive e-mail just fine, but are receiving error message bounce-backs from Yahoo. How are you going to get the fine-grained information you need to figure out just what is going on?

The answers you seek can be found in exim’s logs.

Getting Started

Once you have sshed into your cPanel server, you will need to cd into the directory where exim keeps its logs. Exim puts all of its logs into the following directory:

[[email protected] / ]% cd /var/log

Exim maintains three logfiles:


exim_mainlog: This logs tracks every single mail transaction that your server handles. This is the go-to log when troubleshooting all e-mail delivery problems.

exim_rejectlog: This log only logs delivery rejections. While this can be useful, this is not the first log file you will want to search when troubleshooting a mail problem. For example, if mail is getting through on the server, but your mail client is silently failing to download mail, this log will not help you.

exim_paniclog: This log contains has information regarding the exim program itself, and not mail transactions. For this reason, it is not suitable for most mail troubleshooting.

Using Exigrep

As you can imagine, on a server sending and receiving a lot of mail, exim’s log files can get large fast. While normally one would use the grep command to find lines in a file matching a search string, that does not work as well with exim’s logs. One single mail transaction will span multiple lines in the file, and not every line will have the search string you are looking for. The exigrep command works around this problem by finding your search string in transactions, and then helpfully gathering every log entry into separate, complete transactions.

exigrep is run just like grep; simply pass it the search string and the filename of the log file you are searching in:

[[email protected] /var/log/ ]% exigrep "input_string" exim_mainlog

A typical result will look something like this:

2010-09-13 05:00:13 [1487] 1Ov4tU-0000Nz-Rm []:51792 I=[]:25 Warning: "SpamAssassin as theuser detected message as NOT spam (0.0)"
2010-09-13 05:00:13 [1487] 1Ov4tU-0000Nz-Rm <= [email protected] []:51792 I=[]:25 P=esmtps X=TLSv1:AES256-SHA:256 CV=no S=21778 [email protected] T="Daily Science Maillinglist: Chameleon" from for [email protected]
2010-09-13 05:00:14 [1534] 1Ov4tU-0000Nz-Rm => user F= P= R=virtual_user T=virtual_userdelivery S=21902 QT=6s DT=0s
2010-09-13 05:00:15 [1534] 1Ov4tU-0000Nz-Rm Completed QT=7s

Reading exigrep Output

The most basic thing to check for when reading exigrep output is the word “Completed” on the last line. If it says “Completed”, then the e-mail in question has been delivered. If you do not see the word “Completed” you will likely see an error, which is a good starting place for tracking down your delivery failures.

These are a parts of the transaction that are also important:

  • Timestamp: the beginning of each line has the date and time that a specific step of the mail transaction occurred.
  • from and to: as you can see in the second entry of the example (as indicated with the second timestamp), one line of every transaction shows both who the e-mail is from, and who the e-mail is being sent to
  • Transaction ID: each transaction gets its own unique identification string; in the above example, that string is 1Ov4tU-0000Nz-Rm.

Hopefully, understanding the basics of a successful transaction in cPanel’s exim_mainlog will give you a sound basis for starting to troubleshoot thornier exim issues. If you are having trouble making out a particular transaction on your Web server, do not hesitate to contact Web’s Heroic Support to find out more. Further articles on this topic will dig more deeply into more complex exigrep queries, as well as transaction results for e-mails that have not been delivered.

  • Linux Determine which Services are Enabled at Boot
  • Howto Linux / UNIX setup SSH with DSA public key authentication (password less login)
  • Swift Blockchain Success Sets Stage for Sibos
  • Dogecoin’s Jackson Palmer on Fast Transactions, Many Tips and Much Inflation
  • Pullback on Hand? Bitcoin Shows Weakness Above $10K
  • DarkMarket Alternative Launches With Friendlier Title ‘OpenBazaar’
  • IBM Talks Open Ledger Project, Bright Future for Blockchain
  • Bank Suspends Polish Bitcoin Exchange’s Accounts
  • Blockchain Startup Digital Asset Hires SWIFT and SunGard Veterans
  • Next Bitcoin Core Release to Finally Connect Hardware Wallets to Full Nodes
  • Parity Says ‘No Intention’ to Split Ethereum Over Fund Recovery
  • Ethereum’s Byzantium Testnet Just Verified A Private Transaction
  • How to use/run bash aliases over ssh based session
  • How To Install and Configure Ansible Tower on CentOS 7 / RHEL 7/8
  • Fedora Linux: Start / Stop / Restart Apache Server
  • SXI LLC Company
    SXI.IO is a global Blockchain software company, specialized in developing white label crypto exchange platforms , Wallet platforms, ICO platforms, Token Erc20 .....
    Fully Managed VPS Fully Managed VPS Fully Managed VPS

    You Might Also Enjoy NewS Post

    Best Free Web Hosting 2020

    Free Hosting 1GB $0.00 USD/mo Disk space 1GB Traffic 10GB/Month Domains 2 Plesk Cpanel Databases 10 Free 12 Month

    02/05/2020 READ MORE