Exim_mainlog analysis

Post Reply
a24uall
Site Admin
Posts: 166
Joined: Sun Jul 01, 2012 9:07 am

Exim_mainlog analysis

Post by a24uall »

1 ) Email send from [email protected] to [email protected]
Email Subject : TEST159
When user logged in via webmail, squirrelmail
/var/log/maillog
Mar 22 10:25:13 server dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Mar 22 10:25:13 server dovecot: IMAP([email protected]): Connection closed bytes=0/294
When the email was send from squirrelmail
2013-03-22 10:28:38 SMTP connection from [127.0.0.1]:44595 (TCP/IP connection count = 1)
2013-03-22 10:28:38 SMTP connection identification H=localhost A=127.0.0.1 P=44595 U=arnavaru ID=507 S=arnavaru B=identify_local_connection
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq <= [email protected] H=localhost.localdomain (server.attez.com) [127.0.0.1]:44595 P=esmtpa A=dovecot_login:[email protected] S=786 id=f0800f272976e6ad17e9a4a30d249cea.[email protected] T="TEST159" for [email protected]
2013-03-22 10:28:39 SMTP connection from localhost.localdomain (server.attez.com) [127.0.0.1]:44595 closed by QUIT
2013-03-22 10:28:39 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UIu3q-0007bJ-Vq
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq SMTP connection outbound 1363928319 1UIu3q-0007bJ-Vq arnavarun.com [email protected]
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq gmail-smtp-in.l.google.com [2607:f8b0:4001:c02::1a] Network is unreachable
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [74.125.133.27] X=TLSv1:RC4-SHA:128
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq Completed
exigrep of the email ID
2013-03-22 10:28:39 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UIu3q-0007bJ-Vq
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq <= [email protected] H=localhost.localdomain (server.attez.com) [127.0.0.1]:44595 P=esmtpa A=dovecot_login:[email protected] S=786 id=f0800f272976e6ad17e9a4a30d249cea.[email protected] T="TEST159" for [email protected]
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq SMTP connection outbound 1363928319 1UIu3q-0007bJ-Vq arnavarun.com [email protected]
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq gmail-smtp-in.l.google.com [2607:f8b0:4001:c02::1a] Network is unreachable
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq => [email protected] R=dkim_lookuphost T=dkim_remote_smtp H=gmail-smtp-in.l.google.com [74.125.133.27] X=TLSv1:RC4-SHA:128
2013-03-22 10:28:39 1UIu3q-0007bJ-Vq Completed

2 ) Email send from t[email protected] to [email protected]
/var/log/exim_mainlog

2013-03-22 10:45:13 SMTP connection from [209.85.214.175]:57246 (TCP/IP connection count = 1)
2013-03-22 10:45:14 1UIuJu-0007lb-0B <= [email protected] H=mail-ob0-f175.google.com [209.85.214.175]:57246 P=esmtps X=TLSv1:RC4-SHA:128 S=2586 id=CAAB0Xtd4UK93ssTdTWPscRKmqaZyVGLKVoa+X=[email protected] T="Re: TEST159" for [email protected]
2013-03-22 10:45:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UIuJu-0007lb-0B
2013-03-22 10:45:14 SMTP connection from mail-ob0-f175.google.com [209.85.214.175]:57246 closed by QUIT
2013-03-22 10:45:14 1UIuJu-0007lb-0B => arnav <[email protected]> R=virtual_user T=virtual_userdelivery
2013-03-22 10:45:14 1UIuJu-0007lb-0B Completed
Exigrep output
2013-03-22 10:45:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UIuJu-0007lb-0B

2013-03-22 10:45:14 1UIuJu-0007lb-0B <= [email protected] H=mail-ob0-f175.google.com [209.85.214.175]:57246 P=esmtps X=TLSv1:RC4-SHA:128 S=2586 id=CAAB0Xtd4UK93ssTdTWPscRKmqaZyVGLKVoa+X=[email protected] T="Re: TEST159" for [email protected]
2013-03-22 10:45:14 1UIuJu-0007lb-0B => arnav <[email protected]> R=virtual_user T=virtual_userdelivery
2013-03-22 10:45:14 1UIuJu-0007lb-0B Completed

3 ) Changing reply to address
Email send to [email protected] from [email protected] and set the reply to address as [email protected]
2013-03-22 10:59:22 SMTP connection from [209.85.219.54]:49719 (TCP/IP connection count = 1)
2013-03-22 10:59:23 1UIuXb-00080D-AD <= [email protected] H=mail-oa0-f54.google.com [209.85.219.54]:49719 P=esmtps X=TLSv1:RC4-SHA:128 S=2665 id=CAAB0XtcmtzqRK-1mw_d3zq=FEVa=[email protected] T="Re: test2" for [email protected]
2013-03-22 10:59:23 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1UIuXb-00080D-AD
2013-03-22 10:59:23 SMTP connection from mail-oa0-f54.google.com [209.85.219.54]:49719 closed by QUIT
2013-03-22 10:59:23 1UIuXb-00080D-AD => arnav <[email protected]> R=virtual_user T=virtual_userdelivery
2013-03-22 10:59:23 1UIuXb-00080D-AD Completed
Arun
WebhostingDevelopment.com
Post Reply

Return to “LOG ANALYSIS”