Exim

Spammers Finding

aca8089 Leave a comment

To find the email accounts sending most emails

# exigrep @ /var/log/exim_mainlog | grep _login | sed -n 's/.*_login:\(.*\)S=.*/\1/p' | sort | uniq -c | sort -nr -k1

To find the scripts locations [php spamming scripts]

grep "cwd=" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort |uniq -c| grep cwd | sort -n | grep /home/

 

Advertisement

Exim Commands

aca8089 Leave a comment

>> Count the number of messages in the queue.
exim -bpc

>> Listing the messages in the queue (time queued, size, message-id, sender, recipient).
exim -bp

>> Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals).
exim -bp | exiqsumm

>> Check what Exim is doing right now.
exiwhat

>> Test how exim will route a given address.
exim -bt user@localdomain.com

>> Display Exim’s configuration settings.
exim -bP

>> Search the queue for messages from a specific sender.
exiqgrep -f [luser]@domain

>> Search the queue for messages for a specific recipient/domain.
exiqgrep -r [luser]@domain

>> Print messages older than the specified number of seconds.
Eg: messages older than 1 hour.
exiqgrep -o 3600 […]

>> Print messages younger than the specified number of seconds.
Eg: messages less than an hour old.
exiqgrep -y 3600 […]

>> Match the size of a message with a regex. Eg: Messages between 500-599 bytes.
exiqgrep -s ‘^5..$’ […]

>> Match only frozen messages.
exiqgrep -z

>> Match only frozen messages.
exiqgrep -x

>> Print just the message-id of the entire queue.
exiqgrep -i

>> Start a queue run.
exim -q -v

>> Start a queue run for just local deliveries.
exim -ql -v

>> Remove a message from the queue.
exim -Mrm <message-id> [ <message-id> … ]

>> Freeze a message.
exim -Mf <message-id> [ <message-id> … ]

>> Thaw a message.
exim -Mt <message-id> [ <message-id> … ]

>> Deliver a message, whether it’s frozen or not, whether the retry time has been reached or not.
exim -M <message-id> [ <message-id> … ]

>> Deliver a message, but only if the retry time has been reached.
exim -Mc <message-id> [ <message-id> … ]

>> Force a message to fail and bounce as “cancelled by administrator”.
exim -Mg <message-id> [ <message-id> … ]

>> Remove all frozen messages.
exiqgrep -z -i | xargs exim -Mrm

>> Remove all messages older than five days (86400 * 2 = 172800 seconds).
exiqgrep -o 172800 -i | xargs exim -Mrm

>> Freeze all queued mail from a given sender.
exiqgrep -i -f user@example.com | xargs exim -Mf

>> View a message’s headers.
exim -Mvh <message-id>

>> View a message’s body.
exim -Mvb <message-id>

>> View a message’s logs.
exim -Mvl <message-id>

>> Add a recipient to a message.
exim -Mar <message-id> <address> [ <address> … ]

>> Edit the sender of a message.
exim -Mes <message-id> <address>