Sendmail: Maillog is not verbose enough

Question

I use sendmail to send through Mandrill SMTP as requested by the web application. I have been noticing that there is weird activity in /var/log/maillog such as:

Mar 17 08:29:12 misc sendmail[34684]: u2C9wjxD053642: to=<dwasd@dddd.com>, delay=4+22:30:23, xdelay=00:00:23, mailer=esmtp, pri=10835166, relay=dddd.com. [119.28.2.127], dsn=4.0.0, stat=Deferred: Connection refused by dddd.com. [dev@misc mail]$ sudo tail /var/log/maillog -n 50 | grep dddd Mar 16 16:44:10 misc sendmail[53280]: u2C9wjxD053642: to=<dwasd@dddd.com>, delay=4+06:45:21, xdelay=00:00:19, mailer=esmtp, pri=9395166, relay=dddd.com. [119.28.2.127], dsn=4.0.0, stat=Deferred: Connection refused by dddd.com. Mar 16 17:44:05 misc sendmail[56180]: u2C9wjxD053642: to=<dwasd@dddd.com>, delay=4+07:45:16, xdelay=00:00:20, mailer=esmtp, pri=9485166, relay=dddd.com. [119.28.2.127], dsn=4.0.0, stat=Deferred: Connection refused by dddd.com. Mar 16 18:43:45 misc sendmail[59065]: u2C9wjxD053642: to=<dwasd@dddd.com>, delay=4+08:44:56, xdelay=00:00:07, mailer=esmtp, pri=9575166, relay=dddd.com. [119.28.2.127], dsn=4.0.0, stat=Deferred: Connection refused by dddd.com. Mar 16 19:44:05 misc sendmail[61964]: u2C9wjxD053642: to=<dwasd@dddd.com>, delay=4+09:45:16, xdelay=00:00:20, mailer=esmtp, pri=9665166, relay=dddd.com. [119.28.2.127], dsn=4.0.0, stat=Deferred: Connection refused by dddd.com.

It is an hourly job, and there is no information about who is requesting this to be sent. How can I debug this thoroughly?

Search the logs for the other entries with the same message ID. — Michael Hampton, Mar 17 '16 at 08:43
I have just grepped through /var/log, but found nothing for u2C9wjxD053642 or dddd. — zed, Mar 17 '16 at 08:47
Look at last week's logs. That message was sent on the 12th March. — Michael Hampton, Mar 17 '16 at 09:18
@zed how exactly are you searching? `grep` and QIDs are case sensitive. Also, how far back do your maillogs go? — Mike B, Mar 17 '16 at 16:10

score 0 · Answer 1 · answered May 25 '19 at 17:54

I recommend looking for your syslog or rsyslog (What's the difference?)

For example, I have Debian 9 which had a default rsyslog.conf like...

    71 # Logging for the mail system.  Split it up so that                                                                         
    72 # it is easy to write scripts to parse these files.                                                                         
    73 #                                                                                                                           
    74 mail.info           -/var/log/mail.info                                                                                     
    75 mail.warn           -/var/log/mail.warn                                                                                     
    76 mail.err            /var/log/mail.err                                                                                       
    77                                                                                                                             
    78 #                                                                                                                           
    79 # Some "catch-all" log files.                                                                                               
    80 #                                                                                                                           
    81 *.=debug;\                                                                                                                  
    82     auth,authpriv.none;\                                                                                                    
    83     news.none;mail.none -/var/log/debug                                                                                     
    84 *.=info;*.=notice;*.=warn;\                                                                                                 
    85     auth,authpriv.none;\                                                                                                    
    86     cron,daemon.none;\                                                                                                      
    87     mail,news.none      -/var/log/messages

In my case, mail.log doesn't show errors, they're in mail.err! You can get extra verbosity just by looking at these additional files.

It seems there's a way to increase verbosity further by editing your syslog "log level" but I didn't get that far. If you figure that out, feel free to edit this answer.

Sendmail: Maillog is not verbose enough

1 Answers1