> -----Original Message-----
> From: exim-users-bounces@???
> [mailto:exim-users-bounces@exim.org] On Behalf Of Dean Brooks
> Sent: Sunday, January 27, 2008 1:27 PM
> To: exim-users@???
> Subject: Re: [exim] Logging more information
>
> On Sun, Jan 27, 2008 at 12:56:08PM -0600, Craig Jackson wrote:
>
> > (Using Exim 4.67) Under certain spam fighting circumstances mail is
> > delayed. Much of that mail disconnects and Exim logs "unexpected
> > disconnection from <host> <IP address>". Unfortunately, the
> host and IP
> > address isn't really enough to tell me anything meaningful,
> like whether
> > or not the mail was a ham. I need to know if it was a ham.
> Is there a
> > way to make Exim tell me more information, like
> $sender_address_domain,
> > should the disconnect occur during the Rcpt acl (which is where the
> > majority of these disconnects occur)?
>
> You can turn on the "smtp_incomplete_transaction" flag for logging
> and it will log more detail about incomplete transactions.
>
> Use this in your Exim config file:
>
> log_selector = +smtp_incomplete_transaction
>
> You can find out about all the other logging options in section 49.15
> of the Exim manual.
>
> --
> Dean Brooks
> dean@???
>
Hi,
I wrote this little script that greps the Exim log for incomplete
transaction, removes duplicate domains, displays the last 250 with line
numbers and updates every 15 seconds.
#!/bin/bash
while true
do
grep "incomplete transaction" /var/spool/exim/log/mainlog |
egrep -o "<.*>" | sed "s/[<>]//g" | nl > incomplete_transaction
sort -u -t @ -k 2 incomplete_transaction > file
sort -n -k 1 file > incomplete_transaction
tail -n 250 incomplete_transaction
sleep 15
done
Hope that might help somebody. If you see an improvement please comment.
Craig