Check Spam on EXIM Mail Server

We can simply find out the details spammers from mail queue itself. Some simple exim commands for check spams are below.
First login tho the server via SSH,
ssh root@IP then run the following commands

exim -bpc

This commands shows the total number of mails in the queue. If the result is high(eg:2000) you can confirm spamming.
Example

[root@EcLinux]# exim -bpc
52

exim -bp

This command give some close look of mails in queue. It will give the message ID,sender,Recipient,size and age of mail. From this the message ID is usefull to find out te details like header,body and log. That will discussed in detail later.
Example

[root@EcLinux]# exim -bp
44h 763 1VGaIo-0002ec-RM <sender@sender.com>
recipient@gmail.com

10h 5.9K 1VH6AW-0001Um-Rz <> *** frozen ***
no-reply@facebook.com

0m 502 1VHFNl-0003bf-GB <sender@sender.com>
recipient@gmail.com

0m 568 1VHFNl-0003bn-Tq <sender@sender.com>
recipient@gmail.com
1st field: Age
2nd field: Size
3rd field: Message ID
4th field: Sender
5th field: Recipient

By using the ID we can find the header,body and the log of message.

exim -Mvh ID

This command displays the message header. From the output displayed we can check from address, to address, subject, date, script etc.

exim -Mvb ID

Displays the message body

exim -Mvl ID

Displays the log of mail. From this log get the original user details logged in for sending mail.

exim -bpr|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -n

This command list number of mails and the user who sent the mail.
Example

[root@EcLinux]# exim -bpr|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -n
3 sender@sender.com
1

exiqgrep -f sendername|grep "<"|wc -l

This command displays the total count of mails that send by a particular user.
Example

[root@EcLinux]# exiqgrep -f sender@sender.com|grep "<"|wc -l
3

Similarly -r switch with exiqgrep is using for recipient.
exiqgrep -f recipient|grep “<”|wc -l

exim -bpr| grep sendername| awk '{print $3}'|xargs exim -Mrm

To delete all mails from queue for a particular sender.

exim -bp|grep frozen|wc -l

Displays the total count of frozen mails in queue.

exim -bp|grep frozen|awk {'print $3'}

Displays the IDs of frozen mails

exim -bp|grep frozen|awk {'print $3'}|xargs exim -Mrm

Command to remove all frozen mails in queue.

exim -bp|exiqsumm

This command will print the summary of mails in queue.
Example

[root@EcLinux]# exim -bp|exiqsumm
Count Volume Oldest Newest Domain
----- ------ ------ ------ ------
1 6041 11h 11h facebook.com
1 763 45h 45h interia.pl
---------------------------------------------------------------
2 6804 45h 11h TOTAL

exiwhat

It displays, what exim is doing right now.

[root@EcLinux]# exiwhat
1923 daemon: -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)

exim -Mrm

Is for deleting mails from queue.

[root@EcLinux]# exim -Mrm will remove that particular mail.

Originally posted 2016-02-13 21:53:00.