If you are an email server admin then you have most likely needed to open log files to determine if a message was received, or why a message was not sent. Today I hope to make searching for messages a much easier process.
Where does MDaemon store it’s log files?
A default installation of MDaemon will place the MDaemon folder on the root of C drive, but the admin can choose to install MDaemon in any location. If you have a default installation of MDaemon then log files are found in the C:\MDaemon\Logs\ folder.
Not sure where MDaemon is storing your log files? Finding out the storage location of logs can be done by opening the MDaemon GUI and clicking Setup | Server Settings | Logging | Log Mode. This is also the location where you can change where log files are stored.
What log file should I look at?
For the inexperienced simply searching the MDaemon-all.log file is ideal. The “-all” portion of the file name indicates to us that this log file holds all types of logging, except for web server logging. So you will see SMTP, POP3, and IMAP sessions, content filter activity, AV scanning, where messages get routed, etc. If you are not sure what log to look at, and it’s not web server related (i.e. WorldClient) then you are best to just open the MDaemon-all.log file. MDaemon does have separate logs that only contain, for example, SMTP inbound traffic, SMTP outbound traffic, or antivirus logging if you would prefer searching specific logging.
If you are not completely comfortable looking at text based log files you may find MDaemon’s “Queue and Statistics Manager” handy for looking at SMTP/POP3/IMAP logging. I wrote a blog article on this very handy MDaemon tool.
What information is best to search by?
Hands down this would be the Message-ID value. Each email has it’s own unique ID called a Message-ID. You can always find out the value of the Message-ID if you have a copy of the message. Just view the headers of the email. Below is an example of what you are looking for.
Date: Wed, 27 May 2015 16:42:05 -0400 From: "Mike Gordon" <email@example.com> To: "Mike" <Mike@robobak.ca> Subject: Test Message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="0527-2042-05-03-PART_BREAK" Message-ID: <WC20150527204205.0400F8@ccsoftware.ca> X-Mailer: WorldClient 15.0.1
Here we can see the Message-ID header value is WC20150527204205.400F8@ccsoftware.ca. Again this Message-ID is unique to this specific message.
As a message is arriving to MDaemon the Message-ID value is shown at each step of the process. You will see the Message-ID value in the inbound SMTP session, AV and content filtering, right down to the routing entry that shows exactly where MDaemon placed the message. Click the image below to see how the complete session, from start to finish looks in the logs. The Message-ID we’re searching for in bold.
What should I search for if I don’t have a Message-ID?
There will be times where you don’t have a Message-ID to look for. As an admin it’s not uncommon to get vague questions from users about why their message was not received or maybe why they are not receiving a certain message. The only information they have may be the date and who the email was coming from.
You can only search for the information you have been given so start by opening the MDaemon-all.log file on the date specified by your user and searching for the sender’s email address. If I don’t get a hit on the sender’s IP address then I’ll also search the MDaemon-all.log files for the day before and after the date the user specified. Your user may have been given bad information.
In some cases where your user is not receiving a certain message from a sender see if the sender received a bounce back message and request a copy of the information. The bounce back should show the exact error the sender received and what server returned the error. You may find out that it wasn’t actually your server to reject the message.
OK I’ve followed everything in this article and I’m still not finding any clues in my MDaemon log files. What can I do?
If you see no indication in any of the MDaemon-all.log files about a message that was not received then it’s possible that MDaemon blocked the initial SMTP session based on IP address. If MDaemon blocks a connection based on IP address then the session is blocked right away and there is nothing to enter in the MDaemon-all.log about the session. In this case the only indication you can find will be in MDaemon’s Screening.log file. This log records any time MDaemon blocks a connection based on IP address. The IP address that was blocked is noted in this log file and a short description of why it was blocked.
Smaller sites typically send and receive using the same IP address. So you may be able to do a MX lookup on the senders domain, resolve their MX record to an IP address, and see if the IP address is listed in the Screening.log file. You can search for MX records using our favourite web site for everything DNS related called MXToolbox. Below is example entry from the Screening.log file.
START Event Log / MDaemon PRO v15.0.1, Screening log information
Event Time/Date Event Description
Wed 2015-05-27 12:32:39.336: Dynamic screening added 188.8.131.52 for 10 minutes; tried sending to 3 unknown recipients
This entry shows it was “Dynamic screening” that blocked the IP address. The other possibility would be “IP Screen”. Both of these options are found by opening the MDaemon GUI and clicking Security | Security Settings, and look under the Screening sub menu.
This type of search gets harder for big sites or sites that host email for many domains. These sites may send and receive email using completely different IP addresses.
I’m still not finding any traces of the email coming into my MDaemon server. What are my next steps?
At this point chances are that the email didn’t actually make it to your MDaemon server. This is where getting information on if the sending user received a bounce message or getting in touch with the admin of the sending email server is needed.
Have any questions? Send us an email to firstname.lastname@example.org.