Deciphering Log Files
Please contact us,
if you want us to add to this page :-)
Firstly, it should be noted that, in general, the log files are there
for when things go wrong. As such, they need to contain enough specific
information that DMail support staff can track down what has gone wrong.
This is unfortunately what tends to make them unreadable :-)
This page has a few pointers and a few strings that are useful for working
your way through a DMail server's log file, looking to see if a message
has been delivered, etc.
The daily summary logs which DSMTP creates, i.e. dmddmm.log,
dm0304.log, are far more useful for finding out this sort of
information, but we appreciate that at times the information in the
log file is very useful to System Administrators as well.
The other useful tools are the status commands for both
tellsmtp and
tellpop. Probably the biggest thing
to watch is the pending count. A rough guide is, on a small system in
the 10s, medium system 100s, large system maybe into the thousands. A better
guide is to take note of what is normal for your system and if it increases
by an order of magnitude . . . panic :-)
Searching for:
Search dsmtp.log (or dsmtp1.log, etc. for older messages) for
the string '(failed)'
It will be on the end of a line like,
** Could not deliver message from <bob@domain1.com> to
<julie@domain2.com> (failed)
This will only have been logged if you were running DSMTP on
info log level.
You will need to search upwards in the log from this line to find
out the reason for the failed delivery.
> 18/03 10:36:45 *** Warning *** sock: (Error on channel) The virtual
> circuit was reset by the remote side.
This is a normal glitch in the TCPIP protocol.
> 18/03 10:36:45 *** Error *** In tcp_write (error) cant write 220
> domainx.com DSMTP ESMTP Server v2.4f
The consequence of the above.
> 18/03 10:38:16 ** Lookup domain for channel 0 is domainx.com
>
> 18/03 10:38:24 *** Error *** tcp: Channel closed or didn't open [2] 156
This means that the other end of the TCPIP channel did not respond, the
server may be temporarily down. The line above it is probably not
related. Again it is almost certainly nothing to worry about.
> 12/01 13:39:37 *** Warning *** socket: EINPROGRESS The open is pending
This is just TCPIP level socket information which we accidently made into a warning message.
It is nothing to worry about, and in later versions (2.7n I think)
it becomes a debug level only message.
This message was mistakenly set as an ERROR: message in the past, but more recently has been put back to a Debug: level
message.
It is a normal TCPIP socket operation message which basically means that the program cannot write the next chunk of
data to the socket (out to the user's email client) when it wants to.
It can be an indicator of a slow link, but is not proof of any problem on its own, as for example even a very fast link may not be as
fast as the disk access and processing speed on your machine.
This message indicates that a person has tried to login but failed too many times in the last 10 minutes.
The message that the user sees is,
-ERR too many guesses - wait 10 minutes then try again
This may indicate that someone is trying to guess passwords on your system, or it may be that a user is having a problem
remembering their password.
This is a fairly new feature in DPOP that was added to its other 'password guessing' mechanisms in order to help make password
guessing difficult. The log line shows the ip address which the user making the guess was connecting from as well as the username
whose password they were trying to guess.