In this article I’m going to walk you through using the Exim mail logs on your VPS (Virtual Private Server) or dedicated server to track down the delivery times for a specified email address.
A good example of when you might want to do this, is lets say that you are expecting an email from [email protected], you wait and wait, and the message still hasn’t shown up in your Inbox yet, even though they swore they’ve sent it already. Using the Exim mail logs on your server you can double check to ensure that a message from that user actually even attempted to be delivered to your server.
Please note that for you to follow along with the steps below, you would have to already have root access on either your VPS or dedicated server, so that you have access to the Exim mail logs.
Find all delivery times for an incoming message
Following from our example above, we’re going to check for incoming messages as far back as our Exim mail logs go for the [email protected] address. Use the steps below to accomplish this.
- Login to your server via SSH as the root user.
- Run the following command to get all of the incoming mail activity for [email protected] and store it in a file called EMAIL_LOG:
zgrep "<= [email protected]" /var/log/exim_mainlog* > EMAIL_LOG
This could take some time to complete depending on how large your mail logs are.
- Now to check the time stamps when those incoming messages happened, you can use this pretty long one-liner of code:
cat EMAIL_LOG | awk '{ gsub(":"," "); print $2,$3,$4}' | awk '{ gsub("-"," "); print $0}' |
sort -nk2 -nk3 -nk4 -nk5 | awk '{print $2"/"$3"/"$1" "$4":"$5}'
Code breakdown:cat EMAIL_LOG Read from the EMAIL_LOG file that we created. awk ‘{ gsub(“:”,” “); print $2,$3,$4}’ Use the awk command along with its gsub function to globally substitute all of the colons : with blank spaces. Then print out the $2nd column which is the date, the $3rd column which is the hour, and the $4th column which is the minute from the mail log. awk ‘{ gsub(“-“,” “); print $0}’ Use the awk command again with its gsub function to globally substitue all of the hyphens – with blank spaces, and then print out everything with the $0 variable. sort -nk2 -nk3 -nk4 -nk5 Sort numerically first by the 2nd column which is the month, followed by the 3rd column which is the day, then the 4th column which is the hour, and finally the 5th column which is the minute from the logs. awk ‘{print $2″/”$3″/”$1″ “$4”:”$5}’ Use the awk command to format the timestamps to make them easier to read. This will give you back something like this:
01/03/2013 12:06
01/03/2013 12:07
01/03/2013 12:18
01/16/2013 17:41
01/17/2013 15:35
01/17/2013 15:54
You can now go ahead and delete the EMAIL_LOG file that we created with the following command:
rm -rf EMAIL_LOG
Now you know what times the [email protected] address attempted to deliver a message to your server. If they said they sent you a message and the date and time they said they sent it at isn’t showing up in this list. More than likely they had a delivery failure, such as they typed in your email address wrong, so it didn’t attempt to go to your server.
Find all delivery times for an outgoing message
Now we can do the same thing to also track down the delivery times for outgoing messages from a certain user.
- Run the following command to get all of the outgoing mail activity for [email protected] and store it in a file called EMAIL_LOG:
zgrep "=> [email protected]" /var/log/exim_mainlog* > EMAIL_LOG
This could take some time to complete depending on how large your mail logs are.
- Now to check the time stamps when those outgoing messages happened, you can use the same long one-liner of code from above:
cat EMAIL_LOG | awk '{ gsub(":"," "); print $2,$3,$4}' | awk '{ gsub("-"," "); print $0}' |
sort -nk2 -nk3 -nk4 -nk5 | awk '{print $2"/"$3"/"$1" "$4":"$5}'
This will give you back something like this:01/12/2013 23:24
01/13/2013 10:42
01/13/2013 11:06
01/14/2013 12:39
01/16/2013 17:41
01/17/2013 12:48
You can go ahead and delete the EMAIL_LOG file that we created with the following command:
rm -rf EMAIL_LOG
Now you know what times the [email protected] address delivered a message from your server.
You should now know how to track down incoming and outgoing email delivery times from your Exim mail logs to help verify messages are actually being sent.