We can simply find out the details spammers from mail queue itself. Some simple Exim commands for check spams are below.
The first login tho the server via SSH,
ssh [email protected] then run the following commands
exim -bpc
This commands shows the total number of mails in the queue. If the result is high(eg:2000) you can confirm spamming.
Example
[[email protected]]# exim -bpc
52
exim -bp
This command gives some close look of mails in queue. It will give the message ID, sender, Recipient, size and age of mail. From this, the message ID is useful to find out the details like header, body and log. That will be discussed in detail later.
Example
[[email protected]]# exim -bp
44h 763 1VGaIo-0002ec-RM <[email protected]>
[email protected]10h 5.9K 1VH6AW-0001Um-Rz <> *** frozen ***
[email protected]0m 502 1VHFNl-0003bf-GB <[email protected]>
[email protected]0m 568 1VHFNl-0003bn-Tq <[email protected]>
[email protected]
1st field: Age
2nd field: Size
3rd field: Message ID
4th field: Sender
5th field: Recipient
By using the ID we can find the header, body and the log of the message.
exim -Mvh ID
This command displays the message header. From the output displayed we can check from address, to address, subject, date, script etc.
exim -Mvb ID
Displays the message body
exim -Mvl ID
Displays the log of mail. From this log get the original user details logged in for sending mail.
exim -bpr|grep “<“|awk {‘print $4’}|cut -d”<” -f2|cut -d”>” -f1|sort -n|uniq -c|sort -n
This command list number of mails and the user who sent the mail.
Example
[[email protected]]# exim -bpr|grep “<“|awk {‘print $4’}|cut -d”<” -f2|cut -d”>” -f1|sort -n|uniq -c|sort -n
3 [email protected]
1
exiqgrep -f sendername|grep “<“|wc -l
This command displays the total count of mails that send by a particular user.
Example
[[email protected]]# exiqgrep -f [email protected]|grep “<“|wc -l
3
Similarly -r switch with exiqgrep is using for recipient.
exiqgrep -f recipient|grep “<”|wc -l
exim -bpr| grep sendername| awk ‘{print $3}’|xargs exim -Mrm
To delete all mails from queue for a particular sender.
exim -bp|grep frozen|wc -l
Displays the total count of frozen mails in queue.
exim -bp|grep frozen|awk {‘print $3’}
Displays the IDs of frozen mails
exim -bp|grep frozen|awk {‘print $3’}|xargs exim -Mrm
Command to remove all frozen mails in queue.
exim -bp|exiqsumm
This command will print the summary of mails in queue.
Example
[[email protected]]# exim -bp|exiqsumm
Count Volume Oldest Newest Domain
—– —— —— —— ——
1 6041 11h 11h facebook.com
1 763 45h 45h interia.pl
—————————————————————
2 6804 45h 11h TOTAL
exiwhat
It displays, what exim is doing right now.
[[email protected]]# exiwhat1923 daemon: -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
exim -Mrm
Is for deleting mails from queue.
[[email protected]]# exim -Mrm will remove that particular mail.