How to get a SMTP session log in Exim

eximsmtp

Sometimes when debugging SMTP issues the standard maillog is not enough and I need to see the full SMTP session. In postfix I add the problematic IP to "debug_peer_list" which will enable the session log and other debug information for only that IP.

Is there a similar thing in exim? I have only found references to "running exim in debug mode" which apparently causes ALL sessions to be logged which I fear will quickly write tons of unnecessary logs, cause heavy disk I/O, and make it hard to find the transaction in question

TL;DR: What is the best way to get a full SMTP transaction log from a specific IP (or sender address) ?

I'm running exim 4.80 (a cpanel server).

Best Answer

You can easily look at the commands received from the remote system with a few ACL additions:

# Global hosts setting, list of IP addresses you want to see SMTP commands
hostlist debug_hosts = xxx.xxx.xxx.xxx : yyy.yyy.yyy.yyy

# early in acl_smtp_helo
warn hosts     = +debug_hosts
     log_write = DEBUG: $smtp_command

# early in acl_smtp_mail
warn hosts     = +debug_hosts
     log_write = DEBUG: $smtp_command

# early in acl_smtp_rcpt
warn hosts     = +debug_hosts
     log_write = DEBUG: $smtp_command

But if you want to see in the logs what your side is saying too, that's not possible inside exim. Your options are then constrained to any system provided network debugging tools, such as tcpdump, tshark, or (my favorite) ngrep.

As an example, if you have a customer who complains they cannot send mail through your server. Here's a simple entry that shows why they are unable to send:

# ngrep -q port 25 host 208.54.85.254
<snip>
T 208.54.85.254:15084 -> 208.89.138.22:25 [AP]
  AUTH PLAIN kkvdsoirDSAasdfrASDF4swSD23DAGAG6893Mgss==..                            

T 208.89.138.22:25 -> 208.54.85.254:15084 [AP]
  535 Incorrect authentication data..

I hope that one of these proves to be useful for you.

Related Topic