We’ll go over a lot of commonly used commands and we’ll start with exigrep since it’s (my) most used and I think most useful exim specific command. Similar to grep but for exim.
exigrep – this is defined in its man page as follows:
The exigrep utility is a Perl script that searches one or more main log files for entries that match a given pattern. When it finds a match, it extracts all the log entries for the relevant message, not just those that match the pattern. Thus, exigrep can extract complete log entries for a given message, or all mail for a given user, or for a given host, for example.
Find a specific message by message ID (MID)
(If you’re not sure how to get the Message ID I’ll show you how to do that later on)
You can also use exigrep to search for a user or domain:
exigrep [email protected] /var/log/exim_mainlog
You get a little more advanced with this and look for just outgoing mail for one specific user:
exigrep "<= .*[email protected]" /var/log/exim_mainlog
- Keep in mind exigrep gives you the log data for the message ID and related log entries, not just the exact matches as you’d get with using grep.
exiqgrep – Similar to exigrep exiqgrep is another search function defined here as follows:
The exiqgrep utility is a Perl script which offers possibilities to grep in the exim queue output. Unlike exiqsumm, it invokes exim -bpu itself and does not need to be invoked in a pipe.
If I want to search the entire exim queue (not log but the queue meaning messages waiting in queue) for messages that originated from the [email protected] user I’d use the -f flag
exiqgrep -f [email protected]
If I wanted to search for messages that have the recipient of [email protected] I would use the -r flag:
exiqgrep -r [email protected]
This could be useful if you’re for whatever reason unable to use the Mail Queue Manager and looking for a potential spammer, you might want to know how many messages you have in queue right now that [email protected] has sent. To do that you’d run something like this:
exiqgrep -f [email protected]| wc -l
You might find after running that, [email protected] has 1000000000 messages in the queue. Yea maybe that’s too many, but lets say you’re wanting to remove those. You could then run something like:
exiqgrep -i -f [email protected] |xargs exim -Mrm
The -i flag is to just list message ID’s the -f flag is to only look at messages [email protected] sent. This command builds the list then pipes it to exim -Mrm which deletes the messages
exiwhat – What the heck is exim even doing right now? (not the formal definition but it does the trick)
exiwhat 535 daemon(4.91): -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
exim -bp** – print all messages in queue. This is helpful when you want so see something like all the messages in queue for one specific user or destination:
exim -bp |grep [email protected]
exim -bpc – count all messages in the queue. In other words how many messages is exim trying to manage right now?
exim -bpc 1000
exim -Mvh – This will get you the headers of a message in the queue
exim -Mvb – This will get you the body of a message in the queue
exim -bh – run a fake SMTP transaction as though it were originating from the given IP address. What happens when exim receives a message from this IP (optionally from this IP on this port)
exim -bh 126.96.36.199
Optionally with the port:
exim -bh 188.8.131.52.25
Note: if you do include the port number note that it needs to be included after a ‘.’ not a ‘:’
exim -bt – test how exim will route an address
exim -bt [email protected]
exim -d **- run exim with debug options. This can be run with any of the flags given to output debug information – be warned it’s a lot of data but can be extremely useful.
exim -d -bt [email protected]
exim –Mrm – remove a single message from the queue by Message ID. You can also remove multiple emails with this flag. I would recommend though, that you don’t do this through the CLI on cPanel/WHM servers but rather go to WHM>>Email>>Mail Queue Manager to remove them if they must be removed.
For more information on reading and understanding the exim log we also have this resource Tutorial – Reading and Understanding the exim main_log