How to Trace an Email in the mail log file.

Location of mail log: /var/adm/log/mail.log at all locations except /var/adm/log/mail in AZB Mumbai.

1. Create a Ticket with detailed description and mentioning the reason for the log search and the following information.
• Sender Mail Address:
• Recipient Mail Address:
• Subject:
• Date and Time:
• Message ID <Optional>:

2. Send an email to the client with the template

3. log in to the server which is the first point of contact of the email.

3. Check if the mail log file has the log of the mail use the following command.

 # head -3 /var/adm/log/mail.log 

This will give the stating 3 lines of the mail file If the mail is of a later date than the date( first coloumn) of the first line the logs will be found in this mail file. Example output is given below.

Oct 24 10:14:28 bhairavi.mumbai.starcomsoftware.com sendmail[5933]: l9O4f8N05580: to=, delay=00:08:59,     xdelay=00:00:00, mailer=usenet, pri=122154, dsn=2.0.0, stat=Sent
Oct 24 10:14:28 bhairavi.mumbai.starcomsoftware.com sendmail[5933]: l9O4ewN05577: to=, delay=00:09:09,     xdelay=00:00:00, mailer=usenet, pri=123804, dsn=2.0.0, stat=Sent
Oct 24 10:14:29 bhairavi.mumbai.starcomsoftware.com sendmail[5933]: l9O4k7N05813: to=,     delay=00:04:01, xdelay=00:00:01, mailer=usenet, pri=126079, dsn=2.0.0, stat=Sent

4. If the time of mail is before that of the starting found in the mail then the log file has been rotated and the archived log of mail will be found in /var/adm/log/OLD directory.

5. Change directory to /var/adm/log/OLD using the following command.

 

# cd /var/adm/log/OLD

 

6. List the files sorted to their date and time using the command.

# ls -lrth mail* 

This will give the archived log files sorted according to their date and time.

    -rw-r--r--  1 root root 1.5M 2007-10-04 15:41 mail.log-20071004.gz
    -rw-r--r--  1 root root 1.5M 2007-10-08 09:28 mail.log-20071008.gz
    -rw-r--r--  1 root root 1.3M 2007-10-11 10:10 mail.log-20071011.gz
    -rw-r--r--  1 root root 1.2M 2007-10-15 09:25 mail.log-20071015.gz
    -rw-r--r--  1 root root 1.4M 2007-10-19 10:26 mail.log-20071019.gz
    -rw-r--r--  1 root root 1.4M 2007-10-24 10:11 mail.log-20071024.gz

Suppose in the above output, the mail that is to be traced is of 09-10-2007 then the log file relevent to us is mail.log-20071011.gz

7. If you dont have messageid of the mail then use the following command to trace a mail with subject Re: Sys admin: task list"

# zgrep -i "subject=Re: Sys admin: task list" mail.log-20071011.gz | grep -i "from=shuvam.mishra" 

The out put will be as given below if the mail with that subject exists.

Oct  8 09:30:29 apps1 mfilterd[18156]: from=shuvam.misra@gmail.com to=proj.metroorder@starcomsoftware.com action=LOG ruleno=3 Message-ID=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com> Subject=Re: Sys admin: task list 

From the above example The messageID is the mail is <2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com> and the sender is shuvam.mishra@gmail.com the recipient is proj.metroorder@starcomsoftware.com

8. To get the unique queueID of sendmail and sendmail-rx use the following command

# zgrep -i "2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com" mail.log-20071011.gz 

The output of the above command example is as below.
The unique queueID for sendmail-rx is l9840Pem018157 and l9840Pem018155 there are two separate message with same message id because of the sender's server sent the mail as two different mails with the same messageID.

The unique queueID for sendmail is l9840mvl018197 and l9840pvl018211.

The output here doesnot gives us the final status of the sendmail that if the mail was relayed or not, to get that goto the next step.

 
Oct  8 09:30:27 apps1 sendmail-rx[18157]: l9840Pem018157: from=, size=4114, class=0, nrcpts=1, msgid=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, proto=ESMTP, daemon=MTA-RX, relay=localhost [127.0.0.1]
Oct  8 09:30:27 apps1 sendmail-rx[18155]: l9840Pem018155: from=, size=4159, class=0, nrcpts=1, msgid=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, proto=ESMTP, daemon=MTA-RX, relay=localhost [127.0.0.1]
Oct  8 09:30:29 apps1 mfilterd[18156]: from=shuvam.misra@gmail.com to=proj.metroorder@starcomsoftware.com action=LOG ruleno=3 Message-ID=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com> Subject=Re: Sys admin: task list
Oct  8 09:30:29 apps1 mfilterd[18158]: from=shuvam.misra@gmail.com to=akshay@starcomsoftware.com action=LOG ruleno=3 Message-ID=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com> Subject=Re: Sys admin: task list
Oct  8 09:30:48 apps1 sendmail[18197]: l9840mvl018197: from=, size=4573, class=0, nrcpts=2, msgid=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
Oct  8 09:30:51 apps1 amavis[17399]: (17399-02) Passed CLEAN, [209.85.128.187]  -> ,, Message-ID: <2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, mail_id: 6wmhUo+QekxY, Hits: -2.256, 17887 ms
Oct  8 09:30:51 apps1 sendmail[18211]: l9840pvl018211: from=, size=4519, class=0, nrcpts=2, msgid=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
Oct  8 09:30:51 apps1 amavis[17035]: (17035-03) Passed CLEAN, [209.85.128.188]  -> ,, Message-ID: <2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, mail_id: Q6rUqWk02TLb, Hits: -2.256, 18330 ms
Oct  8 09:30:57 bhairavi.mumbai.starcomsoftware.com sendmail[18229]: l9845sm18229: from=, size=4732, class=0, nrcpts=1, msgid=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, proto=ESMTP, daemon=MTA, relay=[10.1.1.6]

9. To get all the rows of sendmail in the log for a unique queueID. Use the following commands.

    # zgrep -i "l9840mvl018197" mail.log-20071011.gz 

The output of the above command is as below this will contain all the recipients to whoom mail is relayed or deleiverd. From the example the mail was deleivered to akshay,hemant,saurabh,sharad,vaibhav,mailbac Cyrusv2 mailboxes on localhost.
the mail was relayed to intra.starcomsoftware.com [10.1.1.3] for starcom.proj.sparkers.metroorder.usenet@starcomsoftware.com the mail was relayed to uucp-out.starcomsoftware.com for akshay.sysfix@gmail.com,hemantkrsoni@gmail.com,saurabh.hirani@gmail.com,sharadpisal@gmail.com,shraddha,shuvam,vaibhav.bhatkar@gmail.com

Oct  8 09:30:48 apps1 sendmail[18197]: l9840mvl018197: from=, size=4573, class=0, nrcpts=2, msgid=<2dc095ab0710072057y6bb6def9v81dce1c5bcccacc5@mail.gmail.com>, proto=ESMTP, daemon=Daemon0, relay=localhost [127.0.0.1]
Oct  8 09:30:56 apps1 sendmail[18210]: l9840mvl018197: to=akshay,hemant,saurabh,sharad,vaibhav,mailbac , delay=00:00:08, xdelay=00:00:05, mailer=cyrusv2, pri=424722, relay=localhost, dsn=2.0.0, stat=Sent
Oct  8 09:30:57 apps1 sendmail[18210]: l9840mvl018197: to=starcom.proj.sparkers.metroorder.usenet@starcomsoftware.com, delay=00:00:09, xdelay=00:00:01, mailer=esmtp, pri=424722, relay=intra.starcomsoftware.com [10.1.1.3], dsn=2.0.0, stat=Sent (l9845sm18229 Message accepted for delivery)
Oct  8 09:30:57 apps1 sendmail[18210]: l9840mvl018197: to=akshay.sysfix@gmail.com,hemantkrsoni@gmail.com,saurabh.hirani@gmail.com,sharadpisal@gmail.com,shraddha,shuvam,vaibhav.bhatkar@gmail.com, delay=00:00:09, xdelay=00:00:00, mailer=uucp-dom, pri=424722, relay=uucp-out.starcomsoftware.com, dsn=2.0.0, stat=Sent

10. Check for the information given by the user. I.e. the recipient address if the mail has been relayed to that person.

11. Copy a text file having sendmail-rx log and mfilter log and sendmail log the name should be traced-log.txt

12. Send an email using the template --Template-Mail-trace-Complete--

13. Send an email using the template --Template-Mail-task-closure-- and close the ticket.

-----------------------------

Mail Templates

Template-Mail-Task-Creation

From : Support@Starcomsoftware.com
TO: 
CC:  @starcomsoftware.com
Subject: TASK#  Tracing an e-mail, Opened
Dear ,

As per you requirement sent to us over phone/Email to trace an email with the following details.

Sender Mail Address
Recipient Mail Address
Subject:
Date and Time:
Message ID :

Thanks for contacting us, The task for tracing mail will be completed by < expected time >

We will notify you after the completion of the task.

Regards,

Merce Support Group,

------------------------------

Template-Mail-trace-Complete

 From : Support@Starcomsoftware.com
TO: 
CC:  @starcomsoftware.com
Subject: TASK#  Tracing an e-mail, Completed
Dear ,

As per you requirement sent to us over phone/Email to trace an email with the following details.

Sender Mail Address
Recipient Mail Address
Subject:
Date and Time:
Message ID :

The mail was deleivered / not deleivered / relayed to the following recipients.
< Recipient Email Address > on < date and time >. < if the mail is not relayed please input the reason >.

The log of the mail is given below. Please confirm us if if this task has been completed.

Thanks for contacting us, Please contact us for more queries and or information in this regard.

Regards,

Merce Support Group,

--------------Mail Log--------------




----------------------------------------------------------

Template-Mail-task-closure  

From : Support@Starcomsoftware.com
TO: 
CC:  @starcomsoftware.com
Subject: TASK#  Tracing an email , Closed
Dear ,

Ticket for tracing an email with the following details has been closed after confirmation from you.

Sender Mail Address
Recipient Mail Address
Subject:
Date and Time:
Message ID :

Thanks for contacting us.

Regards,

Merce Support Group