Commands:


We’ll go over a lot of commonly used commands and we’ll start with exigrep since it’s (my) most used and I think most useful exim specific command. Similar to grep but for exim.

exigrep – this is defined in its man page as follows:

The exigrep utility is a Perl script that searches one or more main log files for entries that match a given pattern. When it finds a match, it extracts all the log entries for the relevant message, not just those that match the pattern. Thus, exigrep can extract complete log entries for a given message, or all mail for a given user, or for a given host, for example.


Examples:


Find a specific message by message ID (MID)

Code:

exigrep /var/log/exim_mainlog

(If you’re not sure how to get the Message ID I’ll show you how to do that later on)

You can also use exigrep to search for a user or domain:

Code:

exigrep [email protected] /var/log/exim_mainlog

You get a little more advanced with this and look for just outgoing mail for one specific user:

Code:

exigrep "<= .*[email protected]" /var/log/exim_mainlog

- Keep in mind exigrep gives you the log data for the message ID and related log entries, not just the exact matches as you’d get with using grep.

exiqgrep – Similar to exigrep exiqgrep is another search function defined here as follows:

The exiqgrep utility is a Perl script which offers possibilities to grep in the exim queue output. Unlike exiqsumm, it invokes exim -bpu itself and does not need to be invoked in a pipe.

Examples:

If I want to search the entire exim queue (not log but the queue meaning messages waiting in queue) for messages that originated from the [email protected] user I’d use the -f flag

Code:

exiqgrep -f [email protected]

If I wanted to search for messages that have the recipient of [email protected] I would use the -r flag:

Code:

exiqgrep -r [email protected]

This could be useful if you’re for whatever reason unable to use the Mail Queue Manager and looking for a potential spammer, you might want to know how many messages you have in queue right now that [email protected] has sent. To do that you’d run something like this:

Code:

exiqgrep -f [email protected]| wc -l

You might find after running that, [email protected] has 1000000000 messages in the queue. Yea maybe that’s too many, but lets say you’re wanting to remove those. You could then run something like:

Code:

exiqgrep -i -f [email protected] |xargs exim -Mrm

The -i flag is to just list message ID’s the -f flag is to only look at messages [email protected] sent. This command builds the list then pipes it to exim -Mrm which deletes the messages

exiwhat – What the heck is exim even doing right now? (not the formal definition but it does the trick)

Examples:

Code:

exiwhat 535 daemon(4.91): -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)

Exim Flags:



exim -bp** – print all messages in queue. This is helpful when you want so see something like all the messages in queue for one specific user or destination:

Code:

exim -bp |grep [email protected]

exim -bpc – count all messages in the queue. In other words how many messages is exim trying to manage right now?

Code:

exim -bpc 1000

exim -Mvh – This will get you the headers of a message in the queue

e**xim -Mvb** – This will get you the body of a message in the queue

exim -bh – run a fake SMTP transaction as though it were originating from the given IP address. What happens when exim receives a message from this IP (optionally from this IP on this port)

Code:

exim -bh 111.111.111.100

Optionally with the port:

Code:

exim -bh 111.111.111.100.25

Note: if you do include the port number note that it needs to be included after a ‘.’ not a ‘:’

exim -bt – test how exim will route an address

Code:

exim -bt [email protected]


exim -d - run exim with debug options. This can be run with any of the flags given to output debug information – be warned it’s a lot of data but can be extremely useful.

Code:

exim -d -bt [email protected]

exim –Mrm – remove a single message from the queue by Message ID. You can also remove multiple emails with this flag. I would recommend though, that you don’t do this through the CLI on cPanel/WHM servers but rather go to WHM>>Email>>Mail Queue Manager to remove them if they must be removed.

For more information on reading and understanding the exim log we also have this resource Tutorial – Reading and Understanding the exim main_log

Did this answer your question?