[exim] Inpsecting the log to see what happened

Top Page
Delete this message
Reply to this message
Author: Yuri Kanivetsky
Date:  
To: exim-users
Subject: [exim] Inpsecting the log to see what happened
Hi,

On my server I set up exim for users to be able to send their complains to
feedback@???. These mails are redirected to manager's mailboxes
through /etc/aliases file: manager1@??? and manager2@???. Also,
I have postmaster@??? redirected to my.email@???. And here's
the message I got recently:



Received: by 10.52.34.73 with SMTP id ...;
        Sun, 27 Apr 2014 03:37:39 -0700 (PDT)
...
Received: from myhost (... [16.19.64.110])
        by mx.google.com with ESMTPS id ...
        for <my.email@???>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Sun, 27 Apr 2014 03:37:39 -0700 (PDT)
...
Received: from Debian-exim by myhost with local (Exim 4.72)
    id ...
    for postmaster@???; Fri, 25 Apr 2014 13:17:05 +0300
...
Date: Fri, 25 Apr 2014 13:17:05 +0300
...
To: postmaster@???


Message frozen

Message 1WddBb-0007hU-1l has been frozen (delivery error message).
The sender is <>.

The following address(es) have yet to be delivered:
manager1@??? <feedback@???>: SMTP error from remote mail
server after MAIL FROM:<> SIZE=1558: host
gmail-smtp-in.l.google.com[74.125.201.108]: 530-5.5.1 Authentication
Required. Learn more at\n530
5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257h7sm7285577igy.2
- gsmtp
manager2@??? <feedback@???>: SMTP error from remote mail
server after MAIL FROM:<> SIZE=1558: host
gmail-smtp-in.l.google.com[74.125.201.108]: 530-5.5.1 Authentication
Required. Learn more at\n530
5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257h7sm7285577igy.2
- gsmtp



Then I did:



# exigrep -l 1WddBb-0007hU-1l $(find /var/log/exim4 -name 'mainlog*' | sort
-rn -t . -k2,2)
2014-04-25 13:17:02 1WddBb-0007hU-1l <= <> H=(115.78.92.64)
[118.69.183.136] P=smtp S=522
2014-04-25 13:17:02 1WddBb-0007hU-1l
gmail-smtp-in.l.google.com[2a00:1450:4013:c01::1a] Network is
unreachable
2014-04-25 13:17:03 1WddBb-0007hU-1l SMTP error from remote mail server
after end of data: host gmail-smtp-in.l.google.com [74.125.136.26]:
421-4.7.0 [16.19.64.110      15] Our system has detected an unusual rate
of\n421-4.7.0 unsolicited mail originating from your IP address. To protect
our\n421-4.7.0 users from spam, mail sent from your IP address has been
temporarily\n421-4.7.0 rate limited. Please visit
http://www.google.com/mail/help/bulk_mail.\n421 4.7.0 html to review our
Bulk Email Senders Guidelines. t3si12446024eeg.301 - gsmtp
2014-04-25 13:17:03 1WddBb-0007hU-1l SMTP error from remote mail server
after end of data: host gmail-smtp-in.l.google.com [74.125.136.27]:
421-4.7.0 [16.19.64.110      15] Our system has detected an unusual rate
of\n421-4.7.0 unsolicited mail originating from your IP address. To protect
our\n421-4.7.0 users from spam, mail sent from your IP address has been
temporarily\n421-4.7.0 rate limited. Please visit
http://www.google.com/mail/help/bulk_mail.\n421 4.7.0 html to review our
Bulk Email Senders Guidelines. x46si12473877eea.209 - gsmtp
2014-04-25 13:17:05 1WddBb-0007hU-1l ** manager2@??? <
feedback@???> R=dnslookup T=remote_smtp: SMTP error from remote mail
server after MAIL FROM:<> SIZE=1558: host
gmail-smtp-in.l.google.com[74.125.201.108]: 530-5.5.1 Authentication
Required. Learn more at\n530
5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257h7sm7285577igy.2
- gsmtp
2014-04-25 13:17:05 1WddBb-0007hU-1l ** manager1@??? <
feedback@???> R=dnslookup T=remote_smtp: SMTP error from remote mail
server after MAIL FROM:<> SIZE=1558: host
gmail-smtp-in.l.google.com[74.125.201.108]: 530-5.5.1 Authentication
Required. Learn more at\n530
5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257h7sm7285577igy.2
- gsmtp
2014-04-25 13:17:05 1WddBb-0007hU-1l Frozen (delivery error message)
2014-04-25 13:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 14:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 14:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 15:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 15:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 16:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 16:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 17:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 17:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 18:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 18:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 19:07:58 1WddBb-0007hU-1l Message is frozen
2014-04-25 19:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 20:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 20:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 21:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 21:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 22:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 22:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 23:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-25 23:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 00:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 00:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 01:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 01:37:58 1WddBb-0007hU-1l Message is frozen
2014-04-26 02:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 02:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 03:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 03:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 04:07:38 1WddBb-0007hU-1l Message is frozen
2014-04-26 04:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 05:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 05:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 06:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 06:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 07:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 07:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 08:07:58 1WddBb-0007hU-1l Message is frozen
2014-04-26 08:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 09:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 09:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 10:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 10:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 11:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 11:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 12:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 12:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 13:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 13:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 14:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 14:37:58 1WddBb-0007hU-1l Message is frozen
2014-04-26 15:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 15:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 16:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 16:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 17:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 17:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 18:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 18:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 19:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 19:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 20:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 20:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 21:07:58 1WddBb-0007hU-1l Message is frozen
2014-04-26 21:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 22:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 22:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 23:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-26 23:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 00:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 00:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 01:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 01:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 02:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 02:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 03:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 03:37:58 1WddBb-0007hU-1l Message is frozen
2014-04-27 04:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 04:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 05:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 05:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 06:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 06:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 07:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 07:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 08:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 08:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 09:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 09:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 10:07:58 1WddBb-0007hU-1l Message is frozen
2014-04-27 10:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 11:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 11:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 12:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 12:37:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 13:07:37 1WddBb-0007hU-1l Message is frozen
2014-04-27 13:37:37 1WddBb-0007hU-1l Unfrozen by errmsg timer
2014-04-27 13:37:38 1WddBb-0007hU-1l => manager2@??? <
feedback@???> R=dnslookup T=remote_smtp
H=gmail-smtp-in.l.google.com[74.125.136.27]
X=TLS1.0:RSA_ARCFOUR_SHA1:16
DN="C=US,ST=California,L=Mountain View,O=Google Inc,CN=mx.google.com"
2014-04-27 13:37:38 1WddBb-0007hU-1l -> manager1@??? <
feedback@???> R=dnslookup T=remote_smtp
H=gmail-smtp-in.l.google.com[74.125.136.27]
X=TLS1.0:RSA_ARCFOUR_SHA1:16
DN="C=US,ST=California,L=Mountain View,O=Google Inc,CN=mx.google.com"
2014-04-27 13:37:38 1WddBb-0007hU-1l Completed


2014-04-25 13:17:05 1WddBd-0007hk-1p <= <> R=1WddBb-0007hU-1l U=Debian-exim
P=local S=1111
2014-04-25 13:17:06 1WddBd-0007hk-1p ** my.email@??? <
postmaster@???> R=dnslookup T=remote_smtp: SMTP error from remote
mail server after MAIL FROM:<> SIZE=2150: host
gmail-smtp-in.l.google.com[74.125.201.109]: 530-5.5.1 Authentication
Required. Learn more at\n530
5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257p7sm7216866igg.15
- gsmtp
2014-04-25 13:17:06 1WddBd-0007hk-1p Frozen (delivery error message)
2014-04-25 13:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 14:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 14:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 15:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 15:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 16:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 16:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 17:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 17:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 18:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 18:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 19:07:58 1WddBd-0007hk-1p Message is frozen
2014-04-25 19:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 20:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 20:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 21:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 21:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 22:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 22:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 23:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-25 23:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 00:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 00:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 01:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 01:37:58 1WddBd-0007hk-1p Message is frozen
2014-04-26 02:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 02:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 03:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 03:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 04:07:38 1WddBd-0007hk-1p Message is frozen
2014-04-26 04:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 05:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 05:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 06:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 06:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 07:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 07:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 08:07:58 1WddBd-0007hk-1p Message is frozen
2014-04-26 08:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 09:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 09:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 10:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 10:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 11:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 11:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 12:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 12:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 13:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 13:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 14:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 14:37:58 1WddBd-0007hk-1p Message is frozen
2014-04-26 15:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 15:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 16:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 16:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 17:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 17:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 18:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 18:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 19:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 19:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 20:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 20:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 21:07:58 1WddBd-0007hk-1p Message is frozen
2014-04-26 21:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 22:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 22:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 23:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-26 23:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 00:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 00:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 01:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 01:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 02:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 02:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 03:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 03:37:58 1WddBd-0007hk-1p Message is frozen
2014-04-27 04:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 04:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 05:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 05:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 06:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 06:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 07:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 07:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 08:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 08:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 09:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 09:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 10:07:58 1WddBd-0007hk-1p Message is frozen
2014-04-27 10:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 11:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 11:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 12:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 12:37:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 13:07:37 1WddBd-0007hk-1p Message is frozen
2014-04-27 13:37:38 1WddBd-0007hk-1p Unfrozen by errmsg timer
2014-04-27 13:37:39 1WddBd-0007hk-1p => my.email@??? <
postmaster@???> R=dnslookup T=remote_smtp H=
gmail-smtp-in.l.google.com [74.125.136.27] X=TLS1.0:RSA_ARCFOUR_SHA1:16
DN="C=US,ST=California,L=Mountain View,O=Google Inc,CN=mx.google.com"
2014-04-27 13:37:39 1WddBd-0007hk-1p Completed



I don't have much experience with exim, and someone's help with
interpreting it is greatly appreciated.

All in all, google complains about too much mail coming from my server. But
what is the first message (1WddBb-0007hU-1l) all about? It's a bounce
message, I take it. But for which other email? Is there a way to find it
out? If google starts rate limiting mail, it's the users who should receive
bounces, isn't it?

Also, why do I get authentication error in the second message? And how many
messages are taking part in this "conversation"? I'm not sure if I can
count them correctly.

In addtion, I'm told that not relying on google servers is a better way,
which would avoid such problems:
http://serverfault.com/questions/591856/unusual-rate-of-unsolicited-mail-originating-from-your-ip-address
But
still, I'd like to figure out what happened. Thanks in advance for your
replies.

Best regards,
Yuri Kanivetsky