Introduction
Exim's logs can sometimes be difficult to navigate when looking for specific issues with email on a server with a lot of mail traffic. If you are having trouble with mail, using the exigrep tool is an effective way to search the Exim logs.
Procedure
The basic usage of exigrep looks like this:
[root@server ~]# exigrep
Usage:
exigrep [options] pattern [log] ...
You can search for messages to or from a certain address to find the message ID:
[root@server ~]# exigrep 'cpanel@server.hostname.tld' /var/log/exim_mainlog
20XX-01-01 00:00:00 1pN5Vl-0005aO-32 <= cpanel@server.hostname.tld H=(localhost.localdomain) [127.0.0.1]:59208 P=esmtpa A=dovecot_plain:__cpanel__service__auth__icontact__sbmod_m_ywa9zwat S=35608 id=1675228699.MWKwIY31_EKD7yNZ@server.hostname.tld T="[server.hostname.tld] \342\232\240 1 service generated warnings while checking SSL certificates." for user@destination.tld
With the message ID, you can search for that message and see the entire message history through the log, showing when the mail was received by Exim and whether it was delivered:
[root@server ~]# exigrep '1pN5Vl-0005aO-32' /var/log/exim_mainlog
20XX-01-01 00:00:00 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1pN5Vl-0005aO-32
20XX-01-01 00:00:00 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1pN5Vl-0005aO-32
20XX-01-01 00:00:00 1pN5Vl-0005aO-32 <= cpanel@server.hostname.tld H=(localhost.localdomain) [127.0.0.1]:59208 P=esmtpa A=dovecot_plain:__cpanel__service__auth__icontact__sbmod_m_ywa9zwat S=35608 id=1675228699.MWKwIY31_EKD7yNZ@server.hostname.tld T="[server.hostname.tld] \342\232\240 1 service generated warnings while checking SSL certificates." for user@destination.tld2023-02-01 05:18:20 1pN5Vl-0005aO-32 Sender identification U=__cpanel__service__auth__icontact__sbmod_m_ywa9zwat D=-system- S=__cpanel__service__auth__icontact__sbmod_m_ywa9zwat
20XX-01-01 00:00:00 1pN5Vl-0005aO-32 => cpanel <cpanel@server.hostname.tld> R=localuser T=dovecot_delivery C="250 2.0.0 <cpanel@server.hostname.tld> YP77Ihz22WNRUwAAucEqCA Saved"
20XX-01-01 00:00:00 1pN5Vl-0005aO-32 Completed
If your server has several rotated and archived Exim logs, you can use exigrep to search all of those logs and archives at once:
[root@server ~]# ls -al /var/log/exim_main*
-rw-r----- 1 mailnull mail 65535 Jan 1 00:00 /var/log/exim_mainlog
-rw-r----- 1 mailnull mail 65535 Dec 1 00:00 /var/log/exim_mainlog.1.gz
-rw-r----- 1 mailnull mail 65535 Nov 1 00:00 /var/log/exim_mainlog.2.gz
-rw-r----- 1 mailnull mail 65535 Oct 1 00:00 /var/log/exim_mainlog.3.gz
-rw-r----- 1 mailnull mail 65535 Sep 1 00:00 /var/log/exim_mainlog.4.gz
[root@server ~]# exigrep 'search pattern' /var/log/exim_mainlog*