How to read exim log?

Good afternoon.
Tell me how to read exim log?
Brain, I don't understand.
2019-12-17 06:35:24 no host name found for IP address 185.234.218.210
2019-12-17 06:35:27 dovecot_login authenticator failed for (User) [185.234.218.210]: 535 Incorrect authentication data (set_id=jamie@gbnhost.com)
2019-12-17 06:35:55 1ih3ba-0006Zy-CM H=okorderclub.com [204.11.56.48] Connection timed out
2019-12-17 06:35:59 1ih3ba-0006Zy-CM == mail@okorderclub.com <no-reply@mysite.com> R=dnslookup T=remote_smtp defer (110): Connection timed out
2019-12-17 06:36:01 1ih3ba-0006Zy-CM => info@mid.nl <no-reply@mysite.com> R=dnslookup T=remote_smtp H=mid-nl.mail.protection.outlook.com [104.47.0.36] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=yes C="250 2.6.0 <226101d5b470$9eb9c810$1f05e064@itpokvw> [InternalId=21247203214440, Hostname=VI1PR08MB3280.eurprd08.prod.outlook.com] 174960 bytes in 0.384, 444.537 KB/sec Queued mail for delivery"
2019-12-17 06:36:03 1ih3ba-0006Zy-CM H=postduif.natuurpark.nl [212.79.243.200] Connection timed out
2019-12-17 06:36:04 1ih3ba-0006Zy-CM == info@filmy.nl <no-reply@mysite.com> R=dnslookup T=remote_smtp defer (110): Connection timed out
2019-12-17 06:36:04 1ih3ba-0006Zy-CM ** info@FILMY.nl <no-reply@mysite.com>: retry timeout exceeded
2019-12-17 06:36:04 1ih3ba-0006Zy-CM ** mail@okorderclub.com <no-reply@mysite.com>: retry timeout exceeded
2019-12-17 06:36:04 1ih3ba-0006Zy-CM ** info@czyan.ru <no-reply@mysite.com>: retry timeout exceeded
2019-12-17 06:36:04 WARNING: purging the environment.
 Suggested action: use keep_environment and add_environment.
April 3rd 20 at 18:39
1 answer
April 3rd 20 at 18:41
Solution
https://www.lissyara.su/doc/exim/4.62/log_files/ there's even a Russian description is
Read. Zero sense, don't understand. - Delta.Gerhold commented on April 3rd 20 at 18:44
@Delta.Gerhold, explaining I'm really not, but let's try to start with a simpler string:
2019-12-17 06:35:59 1ih3ba-0006Zy-CM == mail@okorderclub.com R=dnslookup T=remote_smtp defer (110): Connection timed out

  1. time - 2019-12-17 06:35:59
  2. message ID - 1ih3ba-0006Zy-CM
  3. flag line log ( https://www.lissyara.su/doc/exim/4.62/log_files/#48.5 ) - ==
    If no flag, then the string simply contains a more detailed error message (and if desired, this line can be disabled in the config)
  4. the recipient email address - mail@okorderclub.com
  5. the address of the message sender - no-reply@mysite.com
  6. used a router (R) - R=dnslookup
  7. the transport used (T) T=remote_smtp

What is not clear? What issues remain? - dudley26 commented on April 3rd 20 at 18:47
@dudley26, thank you. It is not clear the value
==
it is interpreted as an attempt to send or receive emails?
Further indicator 1ih3ba-0006Zy-CM is specified multiple times on different lines
For example here
1ih3ba-0006Zy-CM => info@mid.nl - I understand that as sending us messages to this address.
And then go to other addresses, as they understand where it came from for example this one info@filmy.nl
2019-12-17 06:36:04 1ih3ba-0006Zy-CM == info@filmy.nl <no-reply@mysite.com> R=dnslookup T=remote_smtp defer (110): Connection timed out
2019-12-17 06:36:04 1ih3ba-0006Zy-CM ** info@FILMY.nl <no-reply@mysite.com>: retry timeout exceeded


And this line is not clear
dovecot_login authenticator failed for (User) [185.234.218.210]: 535 Incorrect authentication data (set_id=jamie@gbnhost.com)

User c ip addresses 185.234.218.210 could not log into the mail server, right?
And set_id=jamie@gbnhost.com where is this from and why? - gbnhost.com here the hosting mail server is

there is still rejectlog
I understand it says that we are unable to send to these addresses, because ip addresses in the spam list, but those ip is not a match to our server ip. Or is it something else?
And what is the difference of addresses in parentheses and square? here dovecot_login authenticator failed for (185.234.219.98) [185.234.219.74]
2019-12-16 06:29:39 dovecot_login authenticator failed for (185.234.219.98) [185.234.219.74]: 535 Incorrect authentication data (set_id=scanner)
2019-12-16 06:34:46 H=(mail.axily.ru) [77.221.144.107] X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256 CV=no F=<sagorovoi@axily.ru> rejected RCPT <zakaz@mysite.com>: Rejected because 77.221.144.107 is in a black list at bl.spamcop.net
2019-12-16 06:35:03 H=(mail.xopih.ru) [162.247.13.7] X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256 CV=no F=<evalux@xopih.ru> rejected RCPT <inbox@mysite.com>: Rejected because 162.247.13.7 is in a black list at bl.spamcop.net
2019-12-16 06:35:07 H=(mail.xopih.ru) [162.247.13.7] X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256 CV=no F=<krasnyllc@xopih.ru> rejected RCPT <mail@mysite.com>: Rejected because 162.247.13.7 is in a black list at bl.spamcop.net
2019-12-16 06:37:16 H=(powerducks.net) [80.254.121.138] sender verify fail for <dr_alexandrova@aht.lt>: all relevant MX records point to non-existent hosts
2019-12-16 06:37:16 H=(powerducks.net) [80.254.121.138] X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256 CV=no F=<dr_alexandrova@aht.lt> rejected RCPT <office@mysite.com>: Sender verify failed
- Delta.Gerhold commented on April 3rd 20 at 18:50
@Delta.Gerhold,
it is interpreted as an attempt to send or receive emails?

Can be both. Look at the sender. In this case sending.


For example here
1ih3ba-0006Zy-CM => info@mid.nl - I understand that as sending us messages to this address.
And then go to other addresses, as they understand where it came from for example this one info@filmy.nl

In the message was specified multiple recipients, for each recipient a separate line of delivery.

And this line is not clear

Unsuccessful authentication. I don't know what is there to explain.
For subsequent rows is irrelevant. - dudley26 commented on April 3rd 20 at 18:53
Unsuccessful authentication. I don't know what is there to explain.

That line is not clear
(set_id=jamie@gbnhost.com)

and the difference ip addresses in brackets
authenticator failed for (185.234.219.98) [185.234.219.74]
- Delta.Gerhold commented on April 3rd 20 at 18:56
@Delta.Gerhold,
(set_id=jamie@gbnhost.com)

jamie@gbnhost.com is the username with which you tried to enter

and the difference ip addresses in brackets

If not mistaken, in parentheses HELO there, you can draw anything - dudley26 commented on April 3rd 20 at 18:59
@dudley26, one more question
H=(mail.xopih.ru) [162.247.13.7] X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256 CV=no F=<evalux@xopih.ru> rejected RCPT <inbox@mysite.com>: Rejected because 162.247.13.7 is in a black list at bl.spamcop.net

Specifies that the message with the ip address 162.247.13.7 and mailbox inbox@mysite.com rejected because the ip address in the spam list? - Delta.Gerhold commented on April 3rd 20 at 19:02
@Delta.Gerhold,
F means FROM, so
the message with the ip address 162.247.13.7 and mailbox evalux@xopih.ru on inbox@mysite.com rejected because spamcop.

PS by the Way should not block messages just because of the fact that the server was in some kind of blacklist, because these blacklist work pretty bad. To use as one of the factors - approx. - dudley26 commented on April 3rd 20 at 19:05

Find more questions by tags EximMail serverE-mail