When troubleshooting email delivery issues with Sendmail, the first step is finding the relevant log files. Here are the most common locations across different Unix-like systems:
# For most Linux distributions (using syslog):
/var/log/maillog
/var/log/mail.log
/var/log/mail.err
# For BSD systems:
/var/log/maillog
# Systemd-based systems (journalctl):
journalctl -u sendmail -f
If default logs don't provide enough detail, increase Sendmail's logging level by editing /etc/mail/sendmail.cf:
# Modify the LogLevel parameter (0-15, higher means more verbose)
O LogLevel=12
# Alternative method for newer versions using mc files:
define(`confLOG_LEVEL', `12')dnl
After changing the configuration, restart Sendmail:
# System V style:
/etc/init.d/sendmail restart
# Systemd style:
systemctl restart sendmail
Here's how to extract useful information from Sendmail logs:
# View recent mail delivery attempts:
grep "to=" /var/log/maillog | tail -50
# Check for deferred messages:
grep "deferred" /var/log/maillog
# Find rejected connections:
grep "reject=" /var/log/maillog
# Monitor real-time mail activity:
tail -f /var/log/maillog | grep -E 'to=|from='
These patterns in logs indicate specific problems:
# Connection refused (network/firewall issue)
Apr 10 15:23:01 server sendmail[1234]: NOQUEUE: connect to example.com[192.0.2.1]: Connection refused
# Authentication failure
Apr 10 15:24:05 server sendmail[5678]: AUTH=server, relay=client.example.com, authfail
# DNS lookup failure
Apr 10 15:25:12 server sendmail[9012]: host map: lookup (example.com): DNS lookup error
For complex mail server environments, consider these tools:
# Use swatch for real-time monitoring:
swatch --config-file=/etc/swatch.conf --tail-file=/var/log/maillog
# Process logs with logstash:
input {
file {
path => "/var/log/maillog"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:hostname} %{DATA:process}$$%{NUMBER:pid}$$: %{GREEDYDATA:message}" }
}
}
When troubleshooting email delivery problems with sendmail, the first step is to examine the logs. On most Linux systems, sendmail logs are typically found in:
/var/log/maillog
/var/log/mail.log
/var/log/mail.err
To monitor sendmail activity as it happens, use tail with the -f flag:
tail -f /var/log/maillogHere are some typical log patterns you might encounter:
# Successful delivery
Apr 10 14:23:01 server1 sendmail[1234]: xA12345: to=user@domain.com, ctladdr=user (1000/1000), delay=00:00:05, xdelay=00:00:03, mailer=esmtp, pri=32123, relay=mail.domain.com. [1.2.3.4], dsn=2.0.0, stat=Sent (OK id=1a2b3c-000000-00)
# Failed delivery
Apr 10 14:25:01 server1 sendmail[5678]: xB67890: to=nonexistent@domain.com, ctladdr=user (1000/1000), delay=00:00:10, xdelay=00:00:08, mailer=esmtp, pri=42123, relay=mail.domain.com. [1.2.3.4], dsn=5.1.1, stat=User unknownIf default logs aren't detailed enough, edit sendmail.mc to increase log level:
# Add to sendmail.mc before rebuilding
define(`confLOG_LEVEL', `15')dnlThen rebuild and restart sendmail:
make -C /etc/mail
service sendmail restartExtract specific information from logs using grep patterns:
# Find all failed deliveries
grep "stat=User unknown" /var/log/maillog
# Check for specific message IDs
grep "xA12345" /var/log/maillogFor regular monitoring, create a script to parse logs:
#!/bin/bash
LOG_FILE="/var/log/maillog"
FAILED=$(grep -c "stat=User unknown" $LOG_FILE)
DEFERRED=$(grep -c "stat=Deferred" $LOG_FILE)
echo "Email delivery report:"
echo "Failed: $FAILED"
echo "Deferred: $DEFERRED"