1

I'm new at some of the server stuff and need a bit of help understanding what the /var/log/maillog file is saying.

I've sent 200 emails for an email newsletter I'm running. In the "maillog" file I show some emails that say "status=sent", "status=deferred", "status=Accepted for delivery", "status=sent (Message Qued for delivery)", "status=sent (Message Accepted).

What do these status really mean? In other words, I assume a message that says "Message Accepted" means the recipient actually read the email, correct?, however an email that just has "sent", or "qued for delivery" did not actually get to the recipient yet?

How can I find out how to interpret these status and learn if my emails have actually been read, or are at the recipient's mailserver waiting for them to download and read, etc. is there somewhere that will explain these for me? I'd like to know if my email program really is doing its job sending the emails out, and of the emails that got out, which ones actually got delivered to the recipient.

Thanks for any tips or advice.

JdeBP
  • 3,990
  • 18
  • 17
Ronedog
  • 135
  • 3
  • 6

2 Answers2

6

The status value itself isn't as valuable as the data in parenthesis that directly follows it, which gives a better description of what's going on.

"Message queued for delivery" - This means the transaction between your server and the target server has yet to transpire for that particular message, this usually means something just sent the message, and your SMTP server is acknowledging it's existence

"Message Accepted" - This means the destiantion server acknowledges that the message has been received on it's end. (It doesn't indicate read)

"Bounced" - This typically means that something went wrong - either the email was rejected from the target email server because the email address didn't exist, OR it could be rejected due to being on an RBL. This also means the email will NOT be delivered, nor handled anymore by the server. AKA: The message is dead in the water.

"Deferred" - This means that something temporary has happened to cause the message to not be delivered, but the server (yours) hasn't given up and will try again later. This is also common to see when the target SMTP server uses an anti-spam technique known as 'greylisting'.

Other things, here's an example of a log line from my mail.log:

postfix/qmgr[32131]: 3858792A80: from=<foo@domain.com>, size=757, nrcpt=1 (queue active)
postfix/smtp[32135]: 3858792A80: to=<foo@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.91.27]:25], delay=8, delays=8/0.01/0.4/1.5, dsn=2.0.0, status=sent (250 2.0.0 OK
 1307169606 6si4629303qcd.120)

relay=gmail-smtp-in.l.google.com[74.125.91.27]:25] = Target SMTP server for the 'to' email address

delays=0.08/0.01/0.4/1.5 =

  • 0.08s = time from message arrival to last active queue entry
  • 0.01s = time from last active queue entry to connection setup
  • 0.4s = time to negotiate connection (EHLO, etc)
  • 1.5s = time spent transferring entire message

A good way to learn is to simply tail your mail log and send emails in various ways - watch what happens when you send to bad accounts; or to a server that uses greylisting. block the outbound port and send one.

thinice
  • 4,716
  • 21
  • 38
  • Thank you for your explanation. This has really helped me understand it better! – Ronedog Jun 04 '11 at 14:10
  • 1
    The message in the parenthises is the message the remote server said during the attempt to send it. Status=sent with message queued for delivery in patens is the remote server saying it accepted your message. Hence status=sent. Your other explanations are off as well but since this is just a comment I'll post an answer to explain them correctly. – The Real Bill Jun 07 '11 at 06:08
  • To be honest I had a difficult time understanding why those messages were listed; so I translated them loosely to the question. I think this user would be well suited learning what each postfix component does as well. – thinice Jun 07 '11 at 23:09
2

Rovangju's answer is incorrect in some significant parts.

The status entry of sent means the remote server accepted the message. Anything else means it is still on your server or not going anywhere. Deferred means a temporary error seems to have occurred, bounced means the message isn't going anywhere but a notification is or will be sent to the original sender. There is an additional status of hold but you wil only see that if you have told your postfix instance to take the hold action and that requires configuration changes.

The comments in the parentheses of a status entry is the reply given by the remote server when sending the email. It is useful for seeing why a message was rejected, deferred, or held. If it is sent it is of no value beyond curiosity. Well, mostly. There are rare circumstances where it can prove useful to the admin of the server that accepted the message form your server, or in special cases of log relay mail tracing. Outside of thstthey are just informational in a status=sent entry.

The remote server accepting it has no bearing on the message being read or not. That would be a "read receipt" and would actually be a different email coming back to the sender informing them. And that will only happen if the remote server that handles displaying mail to the user (which may not be the server you deliver it to) is able and configured for those, and the client the reader uses allows it.

In many years of running postfix mail relays I've never seen a status of message accepted. Thus I suspect that is an inbound message and the message was accepted for local delivery, not for relaying to another destination. I would expect a status=sent (message accepted for delivery) from a postfix relay. and like above this would be message from the remote server. If hour postfix system does not have local mailboxes that you are sending to I would be concerned.

The reason for this is that postfix status messages themselves are a single word, not sentences. Perhaps you mistyped or misread it? If not if you can paste the actual line I may be able to help further.

Status lines are logged by the stmp client in postfix, message acceptance by postfix is done by smtpd. You can also easily tell the difference by looking for postfix/smtp or postfix/smtpd in the log entry. The former is postfix sending the message and the latter is postfix accepting it.

The status message is the higher priority with regards to importance as it indicates the status. The rest is merely explanation or additional information regarding the status. If you just want to know what the status for a given transaction is then the word after status= is all you need to know. Note however that if a particular email has recipients that go to different destinations such as one recipient at yahoo and another at gmail, then each delivery attempt will have a status entry. Also, a message that is deferred will have a minimum of two status entries - the initial deferral and the final result. It may result in dozens of delivery attempts.

In this sense it is important to keep in mind that the status entry in the log simply tells you the result of that transaction.

If you are going to be operating a postfix relay it would be a wise idea to visit postfix.org and the postfix resources such as the mailing list and/or The Book of Postfix. There are easy pitfalls you can encounter when you are trying to send bulk email. While keeping an eye on your logs is a good idea, the best way to learn is to make use of the postfix community, as well as the log analysis community. Learning how postfix works will spare you many questions about the logs. This will be of far more use to you than simply watching what is going on as you will then be able to look at the logs and either know what is wrong or know where to start. And something will go wrong.

Cheers

The Real Bill
  • 176
  • 3