exim mail commands and finding spammer

Here are some useful exim commands.  They’re useful if you have an overloaded queue and need to clear it out, or find out why the messagse are being piled up.

exim -M id      #Try to send the message with id id

exim -qf       #Tell exim to process the entire queue again
exim -qff      #same as qf, but it will flush the frozen messages

exim -Mvl id    #view the message log for message id
exim -Mvh id    #view message id‘s headers
exim -Mvb id    #view message id‘s body
exim -Mrm id    #remove message id from the queue
exim -Mg id     #fail and send a bounce to the sender
exim -bp | exiqsumm    #Print summary of the messages in the queue
exiwhat        #show what exim is doing right now
exim -bpc      #show number of messages in the queue
exim -bp       #print list of messages in the queue

The manual way to remove the entire queue is as follows

cd /var/spool
mv exim exim.old
mkdir -p exim/input
mkdir -p exim/msglog
mkdir -p exim/db
chown -R mail:mail exim

Then restart exim.



Run exim in debug mode, in the foreground to test incoming smtp connections:

exim -bd -d

https://help.directadmin.com/item.php?id=81

For finding spamming

We can simply find out the details spammers from mail queue itself. Some simple Exim commands for check spams are below.
The first login tho the server via SSH,
ssh root@IP then run the following commands

exim -bpc
This command shows the total number of mails in the queue. If the result is high(eg:2000) you can confirm spamming.
Example
[root@EcLinux]# exim -bpc
52
exim -bp
This command gives some close look of mails in queue. It will give the message ID, sender, Recipient, size, and age of mail. From this, the message ID is useful to find out the details like header, body, and log. That will be discussed in detail later.
Example

[root@india ~]# exim -bp 

 2h  9.3K 1i6Uqr-0000ck-1U <> *** frozen ***
noreply@gem.gov.in

2h 6.1K 1i6UrY-0000hl-U4 <> *** frozen ***
statement.mail@hdfcbank.com

2h 6.1K 1i6Uri-0000iV-GR <> *** frozen ***
statement.mail@hdfcbank.com

Mails sent to invalid, non existent mail accounts which are undelivered to the recipient & still sit in the mail queue are frozen emails. When an email is sent & undelivered the MTA (Mail Transfer Agent) will try to deliver it a couple of times.
exim -Mvh ID
This command displays the message header. From the output displayed we can check from address, to address, subject, date, script etc.
exim -Mvb ID
Displays the message body
exim -Mvl ID
Displays the log of mail. From this log get the original user details logged in for sending mail.
exim -bpr|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -n
This command list number of mails and the user who sent the mail. Example
[root@EcLinux]# exim -bpr|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -n
3 sender@sender.com
1
exiqgrep -f sendername|grep "<"|wc -l
This command displays the total count of mails that send by a particular user. Example
[root@EcLinux]# exiqgrep -f sender@sender.com|grep "<"|wc -l
3
Similarly -r switch with exiqgrep is using for recipient. exiqgrep -f recipient|grep “<”|wc -l
exim -bpr| grep sendername| awk '{print $3}'|xargs exim -Mrm
To delete all mails from queue for a particular sender.
exim -bp|grep frozen|wc -l
Displays the total count of frozen mails in queue.
exim -bp|grep frozen|awk {'print $3'}
Displays the IDs of frozen mails
exim -bp|grep frozen|awk {'print $3'}|xargs exim -Mrm
Command to remove all frozen mails in queue.
exim -bp|exiqsumm
This command will print the summary of mails in queue. Example
[root@EcLinux]# exim -bp|exiqsumm
Count Volume Oldest Newest Domain
----- ------ ------ ------ ------
1 6041 11h 11h facebook.com
1 763 45h 45h interia.pl
---------------------------------------------------------------
2 6804 45h 11h TOTAL
exiwhat
It displays, what exim is doing right now.
[root@EcLinux]# exiwhat
1923 daemon: -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
exim -Mrm
Is for deleting mails from queue.
[root@EcLinux]# exim -Mrm will remove that particular mail.

Leave a Comment

Your email address will not be published. Required fields are marked *

To Resolve this issue at just 5$ from ServerExpert

https://serverexpert.io/

For Hosting please visit Hostingwebsite.io

You have Successfully Subscribed!

Open chat