🚀 Introduction: My Journey Begins

Hi there! I'm currently working in a technical support role where I help customers solve common hosting and email issues. More complex server-level problems are usually escalated to the admins, but I'm on a mission to bridge that gap.

Recently, I took my first deep dive into email logs and Exim on AlmaLinux 9 and CentOS 7. This blog documents the key things I learned over a few intensive days of self-practice, study, and diagnosis.

📦 Module 1: Understanding the Mail Flow

In the first stage of my journey, I learned that:

Emails are sent using Exim (Mail Transfer Agent or MTA)
Emails are received and stored via dovecot (Mail Delivery Agent or MDA)
Mail logs are stored in:
- /var/log/exim_mainlog
- /var/log/maillog

If you're dealing with cPanel/WHM, these locations are very relevant for mail delivery troubleshooting.

🧰 Module 2: Reading Mail Queues and Logs

Once I understood the agents, I started exploring logs and queues using:

exim -bp              # Shows the mail queue
exiqgrep -r user@domain.com  # Filter queue by recipient
exim -Mvl <messageID>  # View headers
exim -Mvb <messageID>  # View message body

To tail real-time email logs:

tail -f /var/log/exim_mainlog

This is where the magic happens!

📁 Module 3: Learning Mail Storage Types - Maildir vs. mdbox

I explored the two major types of email storage formats:

Maildir: Stores each message as a separate file under new/, cur/, tmp/
mbox/mdbox: Stores all emails in a single file (or batched files)

In Maildir:

cur/ = emails that have been read
new/ = unread emails
tmp/ = temporary area before email is saved fully

🧠 Module 4: Deciphering Real Logs

I reviewed real logs, like this one:

2025-07-28 01:25:58.055 SMTP connection from [80.94.95.229]:45090
no host name found for IP address
list matching forced to fail

🔍 What I Understood:

If the hostname for the sender IP can't be resolved, Exim forces RBL checks to fail (anti-spam measure)
MAIL in SMTP connection line missing = email was not sent fully
=> user@domain.com = email delivered to user
=> /dev/null = email discarded (used for filtering)
R=virtual_user T=virtual_userdelivery = email successfully routed to a mailbox

📌 Log structure revealed a lot:

Timestamps
SMTP connection info
Message delivery status
Filters in action

These gave me insight into what happens behind the scenes when an email is received or bounced.

🧩 Bonus: Diagnosing a Real Customer Case

From a real customer interaction, I traced an email's journey using its Exim ID. Here's a breakdown:

Found delivery failure from IP due to hostname not found
Used grep to match Exim ID and trace the mail path
Realized it failed at RBL (blacklist) checks

This helped me understand why the email failed, and what logs to check when debugging.

👤 About Me

I'm a technical support engineer working directly with customers. Curious and eager to learn, I'm focusing on server administration, especially around email systems, logs, security, and automation.

My goal: become the go-to person for diagnosing issues without escalating.()🔗 Useful Commands for Starters

exim -bp               # Check mail queue
exiqgrep -r user@domain.com  # Filter by recipient
exiqgrep -f sender@domain.com # Filter by sender
exim -Mvl <msg-id>     # View headers
exim -Mvb <msg-id>     # View body
exim -Mrm <msg-id>     # Remove from queue

🧵 Final Thoughts

This is just the beginning of my path “off the box” — diving deep into the core of Linux servers. Email logging may seem scary, but it’s pure logic, and every log is a breadcrumb.

If you’re like me and want to move from basic support to backend pro — just follow the logs. 🧠

My First Dive into Mail Logs on a Linux Server (Alma Linux 9 & CentOS 7)

Table of contents