How to troubleshoot spam issues with Exim

Check amount of mail in queue

# exim -bpc

As you can see, we have a pretty decent amount of mail in our Exim queue.

Now, let’s list all messages in the queue and pick a random message ID to check its’ header.

 # exim -bp
 4d       1cuyBm-0000Cu-3h <>

 208P Received: from $user by with local (Exim 4.82)
(envelope-from <$>
id 1cuyBm-0000Cu-3h
for Sat, 21 Mar 2015 21:03:06 -0400
027T To:
019 Subject: Hello!
091 X-PHP-Script: for "$IPADDRESS"
023 X-Priority: 3 (Normal)

Analysing mail log

# grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n

     10 /home/bcmgth/public_html/
     16 /home/nhti/public_html
     23 /home/shjh/public_html
     28 /home/host2/public_html/
     30 /home/nhti/wordpress
     47 /home/bcts3/public_html/

Now, you can check folders with the most amount of outgoing mail for spam scripts.

Leave a Reply