Exim Extended Logging Published: Jun 03, 2004
  • Rating

    2/5

What this addition does is it adds valuable logging information to your exim_mainlog file so that you can determine where messages are coming from, whos sending the message and from what directory on your server the user NOBODY is originating from, if you

Updated: July 6, 2006

About Exim
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.
www.exim.org

Requirements
For this tutorial you will need root SSH access to your server. You will also need to be running Exim 4x MTA.
This works excellent with Cpanel machines!

What does this do?
What this addition does is it adds valuable logging information to your exim_mainlog file so that you can determine where messages are coming from, whos sending the message and from what directory on your server the user NOBODY is originating from, if your seeing mail leaving as nobody. In addition, it adds very useful information to exim_mainlog to help you decipher email coming and going.

Here is an example;

2003-06-27 14:06:18 cwd=/home/usersite/public_html/forums 3 args: /usr/sbin/sendmail -t -i
2003-06-27 14:06:18 19W0QE-0001Nr-1b nobody@yourserversname.com from env-from rewritten as ""usersite.com" <minx@usersite.com>" by rule 1

The message above tells me where the message came from, who sent it from my server, the user and the path it was called from. It also tells me how it was called and what it was renamed to before leaving my server.

The message below, tells me an incoming msg arrived with the subject line = "Naked Newsreaders? OH YEAH!". Very helpful in determining spam!!!!! You will see many other messages in exim_mainlog that you didnt see before. Great for debugging your msg logs and catching spammers!!

EG: 19W0bO-0001cY-Ej <= jessica@stripdownnews.com H=(one) [128.121.247.84]:52087 I=[64.246.38.122]:25 P=smtp S=2387 T="Naked Newsreaders? OH YEAH!" from jessica@stripdownnews.com

Lets Begin!
Note to MailScanner users:
you must also do this to exim_config, so repeat these steps for both: exim.conf and exim_outgoing.conf


Through Shell Directly - Cpanel users see bottom for special instructions


1. Open exim.conf
pico /etc/exim.conf

2) Find this;
Ctrl + W: hostlist auth_relay_hosts = *

#########################
Runtime configuration file for Exim #
#########################

3) After hostlist auth_relay_hosts = *

add the following

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn


4) The final result should look like this

hostlist auth_relay_hosts = *

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

#######################################
# Runtime configuration file for Exim #
#######################################


5) Save and restart exim DONE!
ctrl + X then Y
/etc/init.d/exim restart

Now tail your log and watch the show!
tail -f /var/log/exim_mainlog

WARNING CPANEL USERS:
Cpanel/WHM updates will over-ride these changes. You can prevent Cpanel from deleting your changes by doing the following

chattr +i /etc/exim.conf


Cpanel Users - Easy Method

A much better solution is to make the changes through the root WHM interface.
1) Login and go to Service Configuration /  Exim Configuration Editor

Exim RBL WHM

2) Click the Switch to Advanced Mode button

3) Now you'll see the WHM Exim configuration editor. This is essentially like editing exim.conf but throught he online interface and it will remember your changes where as if you edit the file directly through shell it will not.

Exim RBL Editor

4) In the first window which is empty you'll need to insert the following.

log_selector=+all

5) Go to the bottom and Save the changes, they will be applied and Exim will restart.

6) Success! You have added additioinal logging to your Exim mail server for better tracking.

  • Rating

    2/5

Related Articles

Comments (17)

  • Gravatar - CHris
    CHris 16:18, June 10, 2004
    I am only new to this but I tried to follow the above instructions but only got the following error after I did, any ideas
    ------------------------------
    root@server1 [/etc]# /etc/init.d/exim restart
    Shutting down exim: [FAILED]
    Shutting down antirelayd: [ OK ]
    Shutting down spamd: [ OK ]
    Starting exim: 2004-06-11 00:11:17 Exim configuration error in line 28 of /etc/exim.conf:
    option setting expected: +address_rewrite
    [FAILED]
    Starting exim-smtps: 2004-06-11 00:11:17 Exim configuration error in line 28 of /etc/exim.conf:
    option setting expected: +address_rewrite
    [FAILED]
    Starting antirelayd: [ OK ]
    Starting spamd: [ OK ]
    root@server1 [/etc]#
    ------------------------------

    thanx
  • Gravatar - Ankur
    Ankur 17:39, June 24, 2004
    Hi Ramprage,<BR><br />
    <BR><br />
    Did you even try these configurations?<BR><br />
    I got the same errors CHris got, but figured out the problem.<BR><br />
    You just need to add a \ with each line in log_selector which makes it:<BR><br />
    <BR><br />
    log_selector = \<BR><br />
    +address_rewrite \<BR><br />
    +all_parents \<BR><br />
    +arguments \<BR><br />
    +connection_reject \<BR><br />
    +delay_delivery \<BR><br />
    +delivery_size \<BR><br />
    +dnslist_defer \<BR><br />
    +incoming_interface \<BR><br />
    +incoming_port \<BR><br />
    +lost_incoming_connection \<BR><br />
    +queue_run \<BR><br />
    +received_sender \<BR><br />
    +received_recipients \<BR><br />
    +retry_defer \<BR><br />
    +sender_on_delivery \<BR><br />
    +size_reject \<BR><br />
    +skip_delivery \<BR><br />
    +smtp_confirmation \<BR><br />
    +smtp_connection \<BR><br />
    +smtp_protocol_error \<BR><br />
    +smtp_syntax_error \<BR><br />
    +subject \<BR><br />
    +tls_cipher \<BR><br />
    +tls_peerdn<BR><br />
    <BR><br />
    But, that apart, even though I have just installed it, I know this is going to be a very useful tool.<BR><br />
    Thanks for the article.<BR><br />
    <BR><br />
    Ankur<BR>
  • Gravatar - Pierre Grandmaison
    Pierre Grandmaison 00:00, July 2, 2004
    I got it to work without putting line breaks between the log_seperator = ...(no line break, only a space) +address_rewrite ...(no line break, only a space) +all_parents ...
  • Gravatar - Piston
    Piston 04:47, July 23, 2004
    I got nothing but errors... tried putting spaces between everything and what not... should be a little more clear on this. :)
  • Gravatar - Ankur
    Ankur 13:00, July 31, 2004
    oops. Looks like the slash character is missing everywhere from my post.<br />
    <br />
    You need to add a slash (the one below the pipe symbol "|") after each line and it works.<br />
    Don't put the slash on the last line.<br />
    <br />
    Ankur
  • Gravatar - Hamster
    Hamster 16:53, August 1, 2004
    You need to put " \" at the end of each line.
  • Gravatar - Rich
    Rich 03:42, August 4, 2004
    I too used pierre's approach which worked just fine :-)<br />
    <br />
    Piston - did you make sure your editor wasn't puttin carriage returns/line feeds in? I tend to use vi so have probs with that. If its not that try to ensure you have everything patched and up 2 date before making ramprages changes.<br />
    <br />
    Here's Ramprage's text using spaces instead of new lines:<br />
    <br />
    log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
  • Gravatar - station
    station 15:36, August 8, 2004
    I had the same problem, then I used the Rich way and the errors are gone, now, how to test to be sure that it is working as it should without any conflict.
  • Gravatar - Randy O
    Randy O 23:16, October 2, 2004
    Only problem here is if cpanel updates exim it dumps this unless it is added from the exim editor inside WHM. Very much a pain.
  • Gravatar - xerophyte
    xerophyte 06:06, January 13, 2005
    Simple solution to the above problem <br />
    <br />
    log_selector = all <br />
    <br />
    since you guys have all the log selector selected there<br />
    <br />
    you can use the all keyword <br />
  • Gravatar - Chris
    Chris 17:08, March 16, 2005
    Anyone know how to add this so it's not removed by any cpanel updates?
  • Gravatar - Nick
    Nick 15:11, June 24, 2005
    Jist do <br />
    chattr +i /etc/exim.conf
  • Gravatar - gEEKBOy
    gEEKBOy 16:28, July 22, 2005
    A better way is to add it to the EXIM Config within the WHM interface. <br />
    Under Service Configuration, Exim Conf. Editor, Switch to Advanced Mode and in the very first text box at the top of the exim.conf listing, insert the above commands. cPanel will store these to seperate files which are merged into the exim.conf file at runtime so when cPanel updates the core exim.conf file, your changes are then re-merged into the config file and all is well...<br />
    <br />
    -greg
  • Gravatar - Izzy
    Izzy 02:25, September 27, 2005
    @gEEKBOy - greg<br />
    Correct proceedure for WHM :)<br />
    <br />
    @xerophyte<br />
    Should be:<br />
    log_selector = +all<br />
    <br />
    Syntax:<br />
    log_selector = +arguments -arguments<br />
    <br />
    Izzy
  • Gravatar - Vn-Sg Hosting
    Vn-Sg Hosting 18:24, December 20, 2005
    Rich solution work fine<br />
    Thanks
  • Gravatar - Tiafo
    Tiafo 00:21, August 16, 2006
    help<br />
    <br />
    root@fenix [~]# /etc/init.d/exim restart<br />
    Shutting down clamd: [ OK ]<br />
    Shutting down exim: [FAILED]<br />
    Shutting down antirelayd: [ OK ]<br />
    Shutting down spamd: [ OK ]<br />
    Starting clamd: [ OK ]<br />
    Starting exim-26: 2006-08-15 20:18:25 Exim configuration error in line 30 of /etc/exim.conf:<br />
    "log_selector" option set for the second time<br />
    [FAILED]<br />
    Starting exim: 2006-08-15 20:18:25 Exim configuration error in line 30 of /etc/exim.conf:<br />
    "log_selector" option set for the second time<br />
    [FAILED]<br />
    Starting exim-smtps: 2006-08-15 20:18:25 Exim configuration error in line 30 of /etc/exim.conf:<br />
    "log_selector" option set for the second time<br />
    [FAILED]<br />
    Starting antirelayd: [ OK ]<br />
    Starting spamd: [ OK ]<br />
    root@fenix [~]#
  • Gravatar - masha
    masha 13:37, July 10, 2010
    Hi ;)

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com