In this article we are going to go over how to quickly review the entire mail log for your VPS or dedicated server in order to find delivery failures that are occurring.

Email delivery failures can happen for a large number of reasons, for a more in-depth explanation on these types of issues you can check out my article on why does email bounce?

In order to follow the steps below you'll need root access to your server.

Locating email delivery failed messages

  1. Login to your server via SSH as the root user.
  2. Run the following command to get a sorted report of the users with the highest amounts of delivery failures:

    grep "for .*@.*" /var/log/exim_mainlog | grep "<= <>" | awk -F"T=" '{print $2}' | awk '{print $NF,$0}' | awk -F" for" '{print $1}' | sort | uniq -c | sort -n

    Code breakdown:

    grep "for .*@.*" /var/log/exim_mainlog Locate lines in the Exim mail log that include any variation of "for user@domain.com"
    grep "<= <>" Locate lines that are being sent from a null sender, which indicates a bounce back
    awk -F"T=" '{print $2}' Use the awk command with the Field seperator set to T= which is the subject line in the mail log, then only print the $2nd column of data.
    awk '{print $NF,$0}' | awk -F" for" '{print $1}' Use awk to print $NF which is the very last column, which is the email address. Then run awk again with the Field seperator set to for and then print out only the $1st colum of data (this strips the email user off of the end of the line).
    sort | uniq -c | sort -n Sort all of the data by the email users, then uniquely count them, and finally sort those counts by lowest to highest.

    This will give you back data looking like this:

    573 support@example.com "Mail delivery failed: returning message to sender
    663 user@example.com "Mail delivery failed: returning message to sender
    871 test@example.com "Mail delivery failed: returning message to sender
    1282 help@example.com "Mail delivery failed: returning message to sender

Investigate cause of delivery failures

Now that you know one user in particular help@example.com had the most delivery errors, you can use the steps below to investigate the cause of these problems.

  1. Run the following command to find the latest delivery failure:

    grep "Mail delivery failed:" /var/log/exim_mainlog | grep help@example.com | tail -1

    This should give you back the full line from the Exim mail log that contains that error:

    2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012 T="Mail delivery failed: returning message to sender" for help@example.com

    Copy the messaged ID following R=, so in this case it would be 1TvYvW-00069r-Au

  2. Using the message ID you copied, run the following command:

    exigrep -I -l 1TvYvW-00069r-Au /var/log/exim_mainlog

    This will display the full message transaction for the message that bounced:

    2013-01-16 14:45:34 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TvYvW-00069r-Au
    2013-01-16 14:45:34 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1TvYvW-00069r-Au

    2013-01-16 14:45:34 1TvYvW-00069r-Au <= help@example.com H=localhost (secure103.inmotionhosting.com) [127.0.0.1]:40726 P=esmtpa A=courier_login:help@example.com S=1172 id=f25ddf5d4e8c56e73ab82081c9011a34@atomlabs.net T="Test" for no-reply@example.com
    2013-01-16 14:45:34 1TvYvW-00069r-Au ** no-reply@example.com R=virtual_aliases: No Such User Here"
    2013-01-16 14:45:34 1TvYvW-00069r-Au Completed

    2013-01-16 14:45:34 1TvYvW-0006AC-ER <= <> R=1TvYvW-00069r-Au U=mailnull P=local S=2012 T="Mail delivery failed: returning message to sender" for help@example.com
    2013-01-16 14:45:34 1TvYvW-0006AC-ER => help <help@example.com> R=virtual_user T=virtual_userdelivery
    2013-01-16 14:45:34 1TvYvW-0006AC-ER Completed

    So in this case we can see the reason the message bounced was ** no-reply@example.com R=virtual_aliases: No Such User Here. Basically, help@example.com had tried to send a message to an email address that didn't exist so it bounced.

  3. You can repeat the sames steps to investigate other bounces that user has been generating. Or an alternative method would be to directly look at the user's mail with the following commands:

    grep "Mail delivery failed" /home/userna5/mail/example.com/help/{cur,new} -R

    This gives back something like:

    /home/userna5/mail/example.com/help/cur/1358366803.H952383P10133.ecbiz103.inmotionhosting.com,S=2120:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366759.H640077P7532.ecbiz103.inmotionhosting.com,S=2115:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358365534.H479296P23705.ecbiz103.inmotionhosting.com,S=2107:2,:Subject: Mail delivery failed: returning message to sender
    /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,:Subject: Mail delivery failed: returning message to sender

    You can then read one of the bounce backs for further details with this command:

    less /home/userna5/mail/example.com/help/cur/1358366776.H336048P8578.ecbiz103.inmotionhosting.com,S=2123:2,

    When you're done looking at the file, you can hit q to quit and get back to the command line.

You should now understand how to locate users on your server that are generating a large amount of delivery failures, and also how to investigate those bounces to see the root cause of those issues.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-05-11 9:29 am

I've found a douzen messages not sent because of a "No user here" error.

I've fixed it by creating the user; but can I somehow resend the messages?

The messages were generated by a web-page contact form on the same domain, practically I see the errors on the WHM Mail Delivery Status; but I'm not sure how to resend them.

P.S. The messages are 1-2 days old.

Thanks for your time, and help.

Mr. Byte

Staff
9,525 Points
2014-05-12 9:12 am
Hello Mr. Byte,

Thank you for your question. If the form was sending the emails from PHP, it is possible there is a copy if the message on the server. If that is the case, you may be able to view them by logging into Webmail with your cPanel username and password.

If the contact form was attempting to send from the email account that was not created, then it most likely failed before hitting the server, and there will be no log available.

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

2 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!