Tuesday , 24 January 2017
Home » Server Managment » Find out the spam mailing script’s location – Exim

Find out the spam mailing script’s location – Exim

The Exim mail server has a lot of options/commands to find out the details of spammers easily from the command line. Click this link “Spam Check” to get more ideas.
We can find out the mail queue details, spam mail sender details, spam mail counts etc from the link I mentioned above.
Here is a script/piped-command to find out the spam mailing script’s location/folder in the server. It would be more helpful for us to identify the spam mail sending script and we can nullify it easily to stop spamming activity.

Steps to find the spam mailing script location?

Step 1 : SSH to your server as root user.
Step 2 : Execute the command pasted below:

# grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n

The above command will displays the total count of emails sent and the corresponding directory/location which generate the spam mails actually.
Example:

# grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n
     ...........
     ...........
    370 /home/$USER1/public_html
    386 /home/$USER2/public_html
    415 /home/$USER3/public_html
    470 /home/$USER4/public_html
    620 /root
   1409 /home/$USER5/public_html/link
   6340 /home/$USER6/public_html
  63898 /etc/csf

That’s it.

About admin

I have been working with Linux based systems since 2002. I hope the article published on this site will be useful to those new to server administration.
  • user

    useless details this command wont worl