The Exim mail server has a lot of options/commands to find out the details of spammers easily and i details from the command line itself. Please refer to the blog post “Spam Check” to get more ideas about Exim spam trouble shooting.

We can find out the mail queue details, spam mail sender details, spam mail counts etc from the link I mentioned above. As a Linux SysAdmin, that should be helpful for your daily tasks.

Here is a script/piped-command to find out the spam mailing script’s location/folder in the server. It would be more helpful for us to identify the spam mail sending script and we can null-route it easily to mitigate spamming activity on server.

Here we go!

Steps to find the spam mailing script location?

Step 1 : SSH to your server as root user.

Step 2 : Execute the command pasted below:

# grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n

The above command will displays the total count of emails sent and the corresponding directory/location which is responsible for those spam emails. You can also refer this topic, Command line tips & tricks to find out Spam emailing scripts location!

Example

# grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n
     ...........
     ...........
    370 /home/$USER1/public_html
    386 /home/$USER2/public_html
    415 /home/$USER3/public_html
    470 /home/$USER4/public_html
    620 /root
   1409 /home/$USER5/public_html/link
   6340 /home/$USER6/public_html
  63898 /etc/csf

The above command check all details from the email log /var/log/exim_mainlog and lists the result. If you only need the recently active Spamming script details, you can grep the email log with current date.

The command below will find out scripts which are sending emails most recently!

grep cwd /var/log/exim_mainlog  | grep $(date +%Y-%m-%d) | grep sendmail | grep public_html | awk '{print $3}' | sort | uniq -c | sort -n

That’s it! Please try it and let me know if you have any questions.

 

Related Links:
Check spamming – Exim.
Remove all frozen emails from mail queue.
Delete locked mails from mail queue.
Exim Log line flags.
Exim log file paths in WHM/cPanel & Directadmin.