In this article we are going to go over how to quickly review the entire mail log for your VPS or dedicated server in order to find delivery failures that are occurring.

Email delivery failures can happen for a large number of reasons, for a more in-depth explanation on these types of issues you can check out my article on why does email bounce?

In order to follow the steps below you'll need root access to your server.

Locating email delivery failed messages

  1. Login to your server via SSH as the root user.
  2. Run the following command to get a sorted report of the users with the highest amounts of delivery failures:

    grep "for .*@.*" /var/log/exim_mainlog | grep "<= <>" | awk -F"T=" '{print $2}' | awk '{print $NF,$0}' | awk -F" for" '{print $1}' | sort | uniq -c | sort -n

    Code breakdown:

    grep "for .*@.*" /var/log/exim_mainlog Locate lines in the Exim mail log that include any variation of "for user@domain.com"
    grep "<= <>" Locate lines that are being sent from a null sender, which indicates a bounce back
    awk -F"T=" '{print $2}' Use the awk command with the Field seperator set to T= which is the subject line in the mail log, then only print the $2nd column of data.
    awk '{print $NF,$0}' | awk -F" for" '{print $1}' Use awk to print $NF which is the very last column, which is the email address. Then run awk again with the Field seperator set to for and then print out only the $1st colum of data (this strips the email user off of the end of the line).
    sort | uniq -c | sort -n Sort all of the data by the email users, then uniquely count them, and finally sort those counts by lowest to highest.

    This will give you back data looking like this:

    573 support@example.com "Mail delivery failed: returning message to sender
    663 user@example.com "Mail delivery failed: returning message to sender
    871 test@example.com "Mail delivery failed: returning message to sender
    1282 help@example.com "Mail delivery failed: returning message to sender

Investigate cause of delivery failures

Now that you know one user in particular help@example.com had the most delivery errors, you can use the steps below to investigate the cause of these problems.

  1. Run the following command to find the latest delivery failure:

    grep "Mail delivery failed:" /var/log/exim_mainlog | grep help@example.com | tail -1

    This should give you back the full line from the Exim mail log that contains that error:

    2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012 T="Mail delivery failed: returning message to sender" for help@example.com

    Copy the messaged ID following R=, so in this case it would be 1TvYvW-00069r-Au

  2. Using the message ID you copied, run the following command:

    exigrep -I -l 1TvYvW-00069r-Au /var/log/exim_mainlog

    This will display the full message transaction for the message that bounced:

    2013-01-16 14:45:34 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TvYvW-00069r-Au
    2013-01-16 14:45:34 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1TvYvW-00069r-Au

    2013-01-16 14:45:34 1TvYvW-00069r-Au <= help@example.com H=localhost (secure103.inmotionhosting.com) [127.0.0.1]:40726 P=esmtpa A=courier_login:help@example.com S=1172 id=f25ddf5d4e8c56e73ab82081c9011a34@atomlabs.net T="Test" for no-reply@example.com
    2013-01-16 14:45:34 1TvYvW-00069r-Au ** no-reply@example.com R=virtual_aliases: No Such User Here"
    2013-01-16 14:45:34 1TvYvW-00069r-Au Completed

    2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012 T="Mail delivery failed: returning message to sender" for help@example.com
    2013-01-16 14:45:34 1TvYvW-0006AC-ER => help <help@example.com> R=virtual_user T=virtual_userdelivery
    2013-01-16 14:45:34 1TvYvW-0006AC-ER Completed

    So in this case we can see the reason the message bounced was ** no-reply@example.com R=virtual_aliases: No Such User Here. Basically, help@example.com had tried to send a message to an email address that didn't exist so it bounced.

  3. You can repeat the sames steps to investigate other bounces that user has been generating. Or an alternative method would be to directly look at the user's mail with the following commands:

    grep "Mail delivery failed" /home/userna5/mail/example.com/help/{cur,new} -R

    This gives back something like:

    /home/userna5/mail/example.com/help/cur/1358366803.H952383P10133.ecbiz103.inmotionhosting.com,S=2120:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366759.H640077P7532.ecbiz103.inmotionhosting.com,S=2115:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358365534.H479296P23705.ecbiz103.inmotionhosting.com,S=2107:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,:Subject: Mail delivery failed: returning message to sender

    You can then read one of the bounce backs for further details with this command:

    less /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,

    When you're done looking at the file, you can hit q to quit and get back to the command line.

You should now understand how to locate users on your server that are generating a large amount of delivery failures, and also how to investigate those bounces to see the root cause of those issues.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Support Center:
Email Address
Optional, but our team may contact you for more information.
Like this Article?

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Write New!
Do you want to publish a tutorial to our support center?

News / Announcements

SSL Certficate Warnings
Updated 2014-04-14 11:34 am EST
Hits: 2015
Heartbleed 0-day OpenSSL security bug
Updated 2014-04-14 04:43 pm EST
Hits: 5308

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!