How to troubleshoot spam issues with Exim

Check amount of mail in queue

# exim -bpc
186

As you can see, we have a pretty decent amount of mail in our Exim queue.

Now, let’s list all messages in the queue and pick a random message ID to check its’ header.

 # exim -bp
 4d       1cuyBm-0000Cu-3h <root@server.example.com>
          root@server.example.com
 208P Received: from $user by server.example.com with local (Exim 4.82)
(envelope-from <$user@server.example.com>
id 1cuyBm-0000Cu-3h
for test@server.com Sat, 21 Mar 2015 21:03:06 -0400
027T To: mail@server.com
019 Subject: Hello!
091 X-PHP-Script: domain.com/uploads/page.php for "$IPADDRESS"
023 X-Priority: 3 (Normal)

Analysing mail log

# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

     10 /home/bcmgth/public_html/polmassickvineyard.co.uk
     16 /home/nhti/public_html
     23 /home/shjh/public_html
     28 /home/host2/public_html/ompathy.com
     30 /home/nhti/wordpress
     47 /home/bcts3/public_html/onlinemark.com

Now, you can check folders with the most amount of outgoing mail for spam scripts.

Leave a Reply