[root]#exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n
the below script will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
[root]#exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -f “@” ‘{ print $2}’ | sort | uniq -c | sort -n
that will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.
also you can try following command that will show you the script which is using script to send the email. if it is from php then use
[root]#/var/spool/exim/input egrep “x-php-script” * -r
just cat the id that you get and you will be able to check which script is here causing problem for you.
* to check a spammer on the server use following command. this will count the number of mails send by user specified.
[root]#exigrep -u /var/log/exim_mainlog | wc -l
* to check whether nobody spamming is going on the server
[root]#awk ‘{ if ($0 ~ “cwd” && $0 ~ “home”) {print $3} }’ /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
or
[root]#grep ‘cwd=/home’ /var/log/exim_mainlog | awk ‘{print $3}’ | cut -d / -f 3 | sort -bg | uniq -c | sort -bg
outgoing spam:
[root]#ps -c exim -fh ewww | grep home
[root]#awk ‘{ if ($0 ~ “cwd” && $0 ~ “home”) {print $3} }’ /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
[root]#grep ‘cwd=/home’ /var/log/exim_mainlog | awk ‘{print $3}’ | cut -d / -f 3 | sort -bg | uniq -c | sort -bg
load in exim:
[root]#tail -1000 /var/log/exim_mainlog |grep ‘\[‘ |cut -d[ -f2 |cut -d] -f1|sort -n |uniq -c |sort -nk 1
block the ip that makes more connections.
to remove nobody mails from exim queue:
[root]#exim -bp | grep “nobody” |awk ‘{print $3}’ | xargs exim -mrm
or
[root]#exiqgrep -i -f nobody@hostname | xargs exim -mrm (use -f to search the queue for messages from a specific sender)
or
[root]#exiqgrep -i -r nobody@hostname | xargs exim -mrm (use -r to search the queue for messages for a specific recipient/domain)