Log Locations¶
Complete reference of Mailborder log file locations and their purposes.
Log Directory Structure¶
/var/log/mailborder/
├── rpcd.log # RPC daemon (web backend)
├── filter.log # Email scanning
├── virtuoso.log # Queue management
├── milter.log # SMTP policy hooks
├── eval.log # Policy evaluation
├── scribe.log # Logging service
├── cron.log # Scheduled tasks
├── guardian.log # Service watchdog
├── backup.log # Backup operations
├── install.log # Installation log
├── postfix.log # Mail transfer (symlink)
└── auth.log # Authentication events
/var/log/
├── mail.log # System mail log (Postfix)
├── mail.err # Mail errors only
├── syslog # System log
├── auth.log # System authentication
├── clamav/
│ └── clamav.log # ClamAV antivirus
├── rspamd/
│ └── rspamd.log # Rspamd spam filter
└── nginx/
├── access.log # Web access
└── error.log # Web errors
Mailborder Service Logs¶
mb-rpcd.log¶
Location: /var/log/mailborder/rpcd.log
Purpose: RPC daemon activity (web interface backend)
Contents: - Web interface requests - API calls - Authentication attempts - Configuration changes - Database queries - Errors and warnings
Example Entries:
2025-01-15 10:23:45 [INFO] RPC request: login_admin_id_submit from 192.168.1.50
2025-01-15 10:23:46 [INFO] User admin@example.com authenticated successfully
2025-01-15 10:25:12 [INFO] Configuration changed: spam.threshold.pass = 6.0
2025-01-15 10:30:15 [ERROR] Database query failed: Connection timeout
Log Level: - DEBUG: Detailed debugging information - INFO: Normal operations - WARNING: Non-critical issues - ERROR: Errors requiring attention - CRITICAL: Serious failures
Rotation: - Daily rotation - Compressed after 7 days - Deleted after 30 days
mb-filter.log¶
Location: /var/log/mailborder/filter.log
Purpose: Email scanning and filtering
Contents: - Spam scores - Virus detections - RBL results - SPF/DKIM/DMARC validation - Scan times - Filter decisions
Example Entries:
2025-01-15 10:45:32 [INFO] Scanning email from sender@example.com to user@yourdomain.com
2025-01-15 10:45:33 [INFO] Rspamd score: 3.2/6.0 (pass)
2025-01-15 10:45:33 [INFO] ClamAV: clean
2025-01-15 10:45:33 [INFO] SPF: pass, DKIM: pass, DMARC: pass
2025-01-15 10:45:33 [INFO] Action: deliver (scan_time: 1.2s)
2025-01-15 10:48:15 [WARNING] Spam detected: score 12.5/6.0
2025-01-15 10:48:15 [INFO] Action: quarantine
2025-01-15 10:52:40 [ERROR] Virus detected: Eicar-Test-Signature
2025-01-15 10:52:40 [INFO] Action: quarantine
Useful for: - Debugging false positives/negatives - Performance monitoring - Virus outbreak detection - Spam pattern analysis
mb-virtuoso.log¶
Location: /var/log/mailborder/virtuoso.log
Purpose: Queue management and email delivery
Contents: - Queue operations - Delivery attempts - Retry logic - Relay connections - Delivery failures
Example Entries:
2025-01-15 11:05:10 [INFO] Processing queue: 15 messages
2025-01-15 11:05:11 [INFO] Delivering to relay: mail.example.com:25
2025-01-15 11:05:12 [INFO] Delivered: Message-ID <abc123@sender.com> to user@example.com
2025-01-15 11:05:15 [WARNING] Temporary failure: Connection timeout to mail.example.com
2025-01-15 11:05:15 [INFO] Deferred: Will retry in 5 minutes
Useful for: - Tracking email delivery - Diagnosing delivery failures - Monitoring relay host connectivity - Queue backup troubleshooting
mb-milter.log¶
Location: /var/log/mailborder/milter.log
Purpose: SMTP policy decisions
Contents: - Connection attempts - Early policy enforcement - Sender/recipient validation - Rate limiting - Greylisting
Example Entries:
2025-01-15 11:15:20 [INFO] Connection from 203.0.113.50
2025-01-15 11:15:21 [INFO] HELO: mail.sender.com
2025-01-15 11:15:21 [INFO] MAIL FROM: <sender@example.com>
2025-01-15 11:15:22 [INFO] RCPT TO: <user@yourdomain.com> - accepted
2025-01-15 11:15:23 [INFO] Policy: accept
2025-01-15 11:20:45 [WARNING] Rate limit exceeded for 198.51.100.10
2025-01-15 11:20:45 [INFO] Action: tempfail (421)
Useful for: - Monitoring connection patterns - Debugging rejected email - Rate limiting analysis - Greylisting effectiveness
mb-eval.log¶
Location: /var/log/mailborder/eval.log
Purpose: Policy evaluation engine
Contents: - Policy rule evaluation - Whitelist/blacklist checks - GeoIP filtering - Custom policy execution
Example Entries:
2025-01-15 11:30:10 [INFO] Evaluating sender: sender@example.com
2025-01-15 11:30:10 [INFO] Whitelist check: not found
2025-01-15 11:30:10 [INFO] Blacklist check: not found
2025-01-15 11:30:10 [INFO] GeoIP: US (allowed)
2025-01-15 11:30:10 [INFO] Policy result: pass
mb-scribe.log¶
Location: /var/log/mailborder/scribe.log
Purpose: Logging service itself
Contents: - Log collection activity - Database writes - Statistics generation - Log rotation events
Example Entries:
2025-01-15 11:40:00 [INFO] Collected 250 log entries from all services
2025-01-15 11:40:01 [INFO] Written to database: email_logs table
2025-01-15 11:40:02 [INFO] Statistics updated
mb-cron.log¶
Location: /var/log/mailborder/cron.log
Purpose: Scheduled tasks
Contents: - Task execution - Signature updates - Database maintenance - Backup operations - Cleanup tasks
Example Entries:
2025-01-15 02:00:00 [INFO] Starting scheduled tasks
2025-01-15 02:00:01 [INFO] Task: signature-update started
2025-01-15 02:01:15 [INFO] Task: signature-update completed (74s)
2025-01-15 02:01:16 [INFO] Task: db-optimize started
2025-01-15 02:05:30 [INFO] Task: db-optimize completed (254s)
2025-01-15 02:05:31 [INFO] Task: log-cleanup started
2025-01-15 02:06:00 [INFO] Deleted 1,250 old log entries
2025-01-15 02:06:00 [INFO] Task: log-cleanup completed (29s)
mb-guardian.log¶
Location: /var/log/mailborder/guardian.log
Purpose: Service health monitoring
Contents: - Service checks - Restart events - Resource monitoring - Alerts
Example Entries:
2025-01-15 12:00:00 [INFO] Health check: all services OK
2025-01-15 12:00:30 [INFO] Health check: all services OK
2025-01-15 12:01:00 [WARNING] Service mb-filter not responding
2025-01-15 12:01:05 [INFO] Restarting mb-filter
2025-01-15 12:01:10 [INFO] Service mb-filter restarted successfully
2025-01-15 12:01:15 [INFO] Alert sent to admin@example.com
backup.log¶
Location: /var/log/mailborder/backup.log
Purpose: Backup operations
Contents: - Backup start/completion - Files backed up - Backup size - Backup location - Errors
Example Entries:
2025-01-15 02:00:00 [INFO] Starting backup: full
2025-01-15 02:00:01 [INFO] Backing up configuration files
2025-01-15 02:00:02 [INFO] Backing up database (mailborder)
2025-01-15 02:03:45 [INFO] Backing up quarantine (2,450 messages)
2025-01-15 02:07:20 [INFO] Compressing backup
2025-01-15 02:08:15 [INFO] Backup completed successfully
2025-01-15 02:08:15 [INFO] Size: 2.5 GB
2025-01-15 02:08:15 [INFO] Location: /var/backups/mailborder/mailborder-20250115-020000.tar.gz
2025-01-15 02:08:16 [INFO] Duration: 8m 16s
System Logs¶
mail.log¶
Location: /var/log/mail.log or /var/log/mailborder/postfix.log
Purpose: Postfix SMTP transactions
Contents: - All SMTP activity - Connections, deliveries, rejections - Queue operations - TLS negotiation
Example Entries:
Jan 15 12:30:10 mailborder postfix/smtpd[1234]: connect from sender.example.com[203.0.113.50]
Jan 15 12:30:11 mailborder postfix/smtpd[1234]: ABC123DEF456: client=sender.example.com[203.0.113.50]
Jan 15 12:30:12 mailborder postfix/cleanup[1235]: ABC123DEF456: message-id=<test@sender.com>
Jan 15 12:30:13 mailborder postfix/qmgr[1001]: ABC123DEF456: from=<sender@example.com>, size=1234, nrcpt=1
Jan 15 12:30:15 mailborder postfix/smtp[1236]: ABC123DEF456: to=<user@example.com>, relay=mail.example.com[192.168.1.10]:25, delay=3.2, status=sent (250 OK)
Jan 15 12:30:15 mailborder postfix/qmgr[1001]: ABC123DEF456: removed
Useful for: - Email flow tracking - Delivery verification - SMTP troubleshooting - Connection debugging
clamav.log¶
Location: /var/log/clamav/clamav.log
Purpose: ClamAV antivirus activity
Contents: - Virus detections - Database updates - Scan statistics - Errors
Example Entries:
Mon Jan 15 12:45:30 2025 -> /tmp/email.eml: Eicar-Test-Signature FOUND
Mon Jan 15 13:00:15 2025 -> SelfCheck: Database status OK.
Mon Jan 15 14:00:00 2025 -> Database updated (version: 27250)
rspamd.log¶
Location: /var/log/rspamd/rspamd.log
Purpose: Rspamd spam filter activity
Contents: - Spam scoring details - Bayesian learning - Fuzzy hash checks - Neural network activity
Example Entries:
2025-01-15 13:10:20 #1234(normal) <abc123>; task; rspamd_task_write_log: id: <test@sender.com>, qid: <ABC123DEF>, ip: 203.0.113.50, from: <sender@example.com>, (default: F (add header): [5.50/15.00]), len: 1234, time: 235.2ms, dns req: 5
nginx/access.log¶
Location: /var/log/nginx/access.log
Purpose: Web interface access
Contents: - HTTP requests - Response codes - User agents - Response times
Example Format:
192.168.1.50 - - [15/Jan/2025:13:20:45 +0000] "GET /dashboard.php HTTP/1.1" 200 5432 "-" "Mozilla/5.0..."
192.168.1.50 - - [15/Jan/2025:13:20:46 +0000] "POST /ado/process.php HTTP/1.1" 200 1234 "https://mailborder.example.com/dashboard.php" "Mozilla/5.0..."
nginx/error.log¶
Location: /var/log/nginx/error.log
Purpose: Web server errors
Contents: - HTTP errors - PHP errors - Upstream connection failures - SSL errors
Example Entries:
2025/01/15 13:25:30 [error] 1234#1234: *5 connect() failed (111: Connection refused) while connecting to upstream
2025/01/15 13:25:35 [error] 1234#1234: *6 FastCGI sent in stderr: "PHP message: PHP Fatal error:..."
Viewing Logs¶
Tail Logs (Real-time)¶
# Follow mailborder filter log
sudo tail -f /var/log/mailborder/filter.log
# Follow multiple logs
sudo tail -f /var/log/mailborder/{filter,virtuoso,rpcd}.log
# Follow with grep filter
sudo tail -f /var/log/mail.log | grep "status=deferred"
View Recent Entries¶
# Last 50 lines
sudo tail -n 50 /var/log/mailborder/filter.log
# Last 100 lines
sudo head -n 100 /var/log/mailborder/filter.log
Search Logs¶
# Search for specific email
sudo grep "user@example.com" /var/log/mail.log
# Search for errors
sudo grep ERROR /var/log/mailborder/*.log
# Search with context
sudo grep -B 5 -A 5 "virus" /var/log/mailborder/filter.log
journalctl (SystemD)¶
# Service-specific logs
sudo journalctl -u mb-filter
# Recent entries
sudo journalctl -u mb-filter -n 50
# Follow in real-time
sudo journalctl -u mb-filter -f
# Time range
sudo journalctl -u mb-filter --since "2025-01-15 10:00" --until "2025-01-15 11:00"
# All Mailborder services
sudo journalctl -u "mb-*"
Log Rotation¶
Rotation Configuration¶
Location: /etc/logrotate.d/mailborder
/var/log/mailborder/*.log {
daily
rotate 30
compress
delaycompress
missingok
notifempty
create 0640 mailborder mailborder
sharedscripts
postrotate
/usr/bin/systemctl reload mb-scribe > /dev/null 2>&1 || true
endscript
}
Settings: - daily - Rotate daily - rotate 30 - Keep 30 days of logs - compress - Compress old logs (gzip) - delaycompress - Don't compress most recent rotation - create 0640 - New file permissions
Manual Rotation¶
# Force log rotation
sudo logrotate -f /etc/logrotate.d/mailborder
# Test rotation (dry run)
sudo logrotate -d /etc/logrotate.d/mailborder
Log Analysis¶
Common Queries¶
Count spam by score range:
Top senders:
grep "from=" /var/log/mail.log | \
sed 's/.*from=<\([^>]*\)>.*/\1/' | \
sort | \
uniq -c | \
sort -rn | \
head -20
Delivery failure reasons:
grep "status=deferred" /var/log/mail.log | \
sed 's/.*status=deferred (\(.*\))/\1/' | \
sort | \
uniq -c | \
sort -rn
Virus detections:
grep "Virus detected" /var/log/mailborder/filter.log | \
sed 's/.*Virus detected: \([^ ]*\).*/\1/' | \
sort | \
uniq -c | \
sort -rn
Log Monitoring Tools¶
Logwatch:
GoAccess (for web logs):
Custom Monitoring Script:
#!/bin/bash
# Alert on errors
ERROR_COUNT=$(grep -c ERROR /var/log/mailborder/*.log)
if [ "$ERROR_COUNT" -gt 10 ]; then
echo "$ERROR_COUNT errors in last scan" | \
mail -s "Mailborder Errors" admin@example.com
fi
Troubleshooting with Logs¶
Email Not Delivered¶
-
Check Postfix logs:
-
Look for status:
status=sent- Delivered successfullystatus=deferred- Temporary failure, will retry-
status=bounced- Permanent failure -
Check virtuoso logs:
High Spam Scores¶
-
Check filter logs:
-
Look for score breakdown:
Service Crashes¶
-
Check guardian logs:
-
Check SystemD journal:
See Also¶
- Log Analysis - Detailed log analysis guide
- Common Issues - Troubleshooting with logs
- CLI Commands - Commands for log viewing