How to Check Spam on EXIM Mail Server

Check Spam on EXIM Mail Server

We can simply find out the details spammers from mail queue itself. Some simple Exim commands for check spams are below.

First login tho the server via SSH:-
ssh root@IP

then run the following commands:
exim -bpc

This command shows the total number of mails in the queue. If the result is high(eg:2000) you can confirm spamming.
[root@EcLinux]# exim -bpc

exim -bp
This command give some close look of mails in queue. It will give the message ID,sender,Recipient,size and age of mail. From this the message ID is useful to find out the details like header,body and log. That will discussed in detail later.
[root@EcLinux]# exim -bp
44h 763 1VGaIo-0002ec-RM <>

10h 5.9K 1VH6AW-0001Um-Rz <> *** frozen ***

0m 502 1VHFNl-0003bf-GB <>

0m 568 1VHFNl-0003bn-Tq <>
1st field: Age
2nd field: Size
3rd field: Message ID
4th field: Sender
5th field: Recipient

By using the ID we can find the header,body and the log of message.

exim -Mvh ID
This command displays the message header. From the output displayed we can check from address, to address, subject, date, script etc.

exim -Mvb ID
Displays the message body

exim -Mvl ID
Displays the log of mail. From this log get the original user details logged in for sending mail.

exim -bpr|grep “<“|awk {‘print $4’}|cut -d”<” -f2|cut -d”>” -f1|sort -n|uniq -c|sort -n
This command list number of mails and the user who sent the mail.
[root@EcLinux]# exim -bpr|grep “<“|awk {‘print $4’}|cut -d”<” -f2|cut -d”>” -f1|sort -n|uniq -c|sort -n

exiqgrep -f sendername|grep “<“|wc -l
This command displays the total count of mails that send by a particular user.
[root@EcLinux]# exiqgrep -f|grep “<“|wc -l

Similarly -r switch with exiqgrep is using for recipient.
exiqgrep -f recipient|grep “<”|wc -l

exim -bpr| grep sendername| awk ‘{print $3}’|xargs exim -Mrm
To delete all mails from queue for a particular sender.

exim -bp|grep frozen|wc -l
Displays the total count of frozen mails in queue.

exim -bp|grep frozen|awk {‘print $3’}
Displays the IDs of frozen mails

exim -bp|grep frozen|awk {‘print $3’}|xargs exim -Mrm
Command to remove all frozen mails in queue.

exim -bp|exiqsumm
This command will print the summary of mails in queue.
[root@EcLinux]# exim -bp|exiqsumm
Count Volume Oldest Newest Domain
—– —— —— —— ——
1 6041 11h 11h
1 763 45h 45h
2 6804 45h 11h TOTAL

It displays, what exim is doing right now.
[root@EcLinux]# exiwhat
1923 daemon: -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)

exim -Mrm
Is for deleting mails from queue.

[root@EcLinux]# exim -Mrm will remove that particular mail.