Exi- Basic but helpfull commands

[Sarika]

What is Exim?

Exim is an MTA. A Simple Message Transport Protocol (SMTP) mail server.

Exim is highly configurable and has many powerful and advanced configuration options including the abiliy to store lists of users, hosts, domains etc. in simple text files, databases, Lightweight Directory Access Protocol (LDAP) directories and “callouts” to other programs or scripts on the same computer. Exim is common in large scale Unix/Linux environments and ISPs (Internet Service Providers), moving millions of messages per day, but is equally suitable for small networks or individual workstations.

Following are few commands helpfull for troubleshoot exim issues.


This is a list of some of the commands I commonly use when troubleshooting exim:

exim -bp|grep $name Will show the mail in queue for $name
exim -Mvh $MSGID View message header
exim -Mvb $MSGID View message body
exim -M $MSGID Force delivery of message
exim -v -M $MSGID View the transact of message

Force delivery of one message

exim -M email-id

Force another queue run

exim -qf

Force another queue run and attempt to flush the frozen message

exim -qff

View the log for the message

exim -Mvl messageID

View the body of the message

exim -Mvb messageID

View the header of the message

exim -Mvh messageID

Remove message without sending any error message

exim -Mrm messageID

Giveup and fail message to bounce the message to the Sender

exim -Mg messageID

How much mail in the queue?

exim -bpr | grep "<" | wc -l

How many Frozen mails in the queue

exim -bpr | grep frozen | wc -l

Deleteing Frozen Messages

exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm

To find out, how many messages are there in the mail queue:

exim -bpc

To check the mails in the queue:

exim -bp

To force exim update:

/scripts/eximup --force

Queues information

1) Print a count of the messages in the queue:
Quote:
root@localhost# exim -bpc
2) Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient):
Quote:
root@localhost# exim -bp
3) Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):
Quote:
root@localhost# exim -bp | exiqsumm
4) Generate and display Exim stats from a logfile:
Quote:
root@localhost# eximstats /path/to/exim_mainlog
5) Generate and display Exim stats from a logfile, with less verbose output:
Quote:
root@localhost# eximstats -ne -nr -nt /path/to/exim_mainlog
6) Generate and display Exim stats from a logfile, for one particular day:
Quote:
root@localhost# fgrep 2007-02-16 /path/to/exim_mainlog | eximstats
7) Print what Exim is doing right now:
Quote:
root@localhost# exiwhat
8) To delete frozen emails
Quote:
exim -bp | awk '$6~"frozen" { print $3 }' | xargs exim -Mrm
9) To deliver emails forcefully
Quote:
exim -qff -v -C /etc/exim.conf &

Remove all messages older than five days (86400 * 5 = 432000 seconds):

root@localhost# exiqgrep -o 432000 -i | xargs exim -Mrm
exiqgrep -o 604800 -i | xargs exim -Mrm
3- days :- exiqgrep -o 259200 -i | xargs exim -Mrm
70 hours:- exiqgrep -o 4200 -i | xargs exim -Mrm

[Sarika]

How to detect a spammer?
There are various methods in exim to detect a spammer either it is from an account inside the server or from the outside. Let's go through some of the methods to prevent spamming. eximstats
/usr/sbin/eximstats -t5 /var/log/exim_mainlog > teststats
(t5 is an option which shows the top 5 count)
The above command gives the following details:

* Top 5 local destinations by volume
* Top 5 local destinations by message count
* Top 5 sending hosts by volume
* Top 5 sending hosts by message count

and other stats such as total number of mails received and delivered...top 5 sender (username) etc...
Click Here to know more about this command

eximstats -nr -ne /var/log/exim_mainlog Shows the stuff without the mess.
Sometimes, the eximstats command wont help us to detect the spamming caused by an account inside our server if that acount use some cron jobs or some php scripts that will execute as nobody. There are various methods to detect 'nobody' spammers. Here I mention some of those techniques

If we like to check the IPs from which emails coming to a non-existant email account or some issues with the domainname in the server, use the command

tail -3000 /var/log/exim_mainlog |grep 'rejected RCPT' |awk '{print$4}'|awk -F\[ '{print $2} '|awk -F\] '{print $1} '|sort | uniq -c | sort -k 1 -nr | head -n 5


If we like to know the IPs from which maximum number of connections occured to our SMTP server, use the commnd

netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
Replace the port number 25 with other ports if you like to know the IP requests to other services (For eg, in the case of apache, use port 80 instead of 25)
/usr/sbin/sendmail The scripts use /usr/sbin/sendmail file to send emails. We could easily detect a nobody spammer if we made some tweakings to sendmail