exigrep - finding message information in the logsFlags
exiqgrep - finding message information in the queue
exiwhat - what is exim doing?
Counting messages in the queueWhy:
Headers/Body of messages in the queue
Testing mail transactions
Debugging mail transactions
Removal of messages in the queue
There are countless times when information on how to use/manage exim as well as the exim mail queue is helpful and hopefully shedding some light on the subject helps someone out there struggling! We'll go over specific commands first then use some flags with the exim command second.
We'll go over a lot of commonly used commands and we'll start with exigrep since it's (my) most used and I think most useful exim specific command. Similar to grep but for exim.
exigrep - this is defined in its man page as follows:Examples:
Find a specific message by message ID (MID)
(If you're not sure how to get the Message ID I'll show you how to do that later on)Code:exigrep <messageID> /var/log/exim_mainlog
You can also use exigrep to search for a user or domain:
You get a little more advanced with this and look for just outgoing mail for one specific user:Code:exigrep [email protected] /var/log/exim_mainlog
Code:exigrep "<= .*[email protected]" /var/log/exim_mainlog
- Keep in mind exigrep gives you the log data for the message ID and related log entries, not just the exact matches as you'd get with using grep.
exiqgrep - Similar to exigrep exiqgrep is another search function defined here as follows:
If I want to search the entire exim queue (not log but the queue meaning messages waiting in queue) for messages that originated from the [email protected] user I'd use the -f flag
If I wanted to search for messages that have the recipient of [email protected] I would use the -r flag:Code:exiqgrep -f [email protected]
This could be useful if you're for whatever reason unable to use the Mail Queue Manager and looking for a potential spammer, you might want to know how many messages you have in queue right now that [email protected] has sent. To do that you'd run something like this:Code:exiqgrep -r [email protected]
You might find after running that, [email protected] has 1000000000 messages in the queue. Yea maybe that's too many, but lets say you're wanting to remove those. You could then run something like:Code:exiqgrep -f [email protected]| wc -l
The -i flag is to just list message ID's the -f flag is to only look at messages [email protected] sent. This command builds the list then pipes it to exim -Mrm which deletes the messagesCode:exiqgrep -i -f [email protected] |xargs exim -Mrm
exiwhat - What the heck is exim even doing right now? (not the formal definition but it does the trick)
Code:exiwhat 535 daemon(4.91): -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
exim -bp - print all messages in queue. This is helpful when you want so see something like all the messages in queue for one specific user or destination:
exim -bpc - count all messages in the queue. In other words how many messages is exim trying to manage right now?Code:exim -bp |grep [email protected]
Code:exim -bpc 1000
exim -Mvh <MessageID> - This will get you the headers of a message in the queue
exim -Mvb <MessageID> - This will get you the body of a message in the queue
exim -bh <IPAddress> - run a fake SMTP transaction as though it were originating from the given IP address. What happens when exim receives a message from this IP (optionally from this IP on this port)
Optionally with the port:Code:exim -bh 188.8.131.52
Note: if you do include the port number note that it needs to be included after a '.' not a ':'Code:exim -bh 184.108.40.206.25
exim -bt - test how exim will route an address
Code:exim -bt [email protected]
exim -d - run exim with debug options. This can be run with any of the flags given to output debug information - be warned it's a lot of data but can be extremely useful.
Code:exim -d -bt [email protected]
exim -Mrm <MessageID> - remove a single message from the queue by Message ID. You can also remove multiple emails with this flag. I would recommend though, that you don't do this through the CLI on cPanel/WHM servers but rather go to WHM>>Email>>Mail Queue Manager to remove them if they must be removed.
For more information on reading and understanding the exim log we also have this resource Tutorial - Reading and Understanding the exim main_log
If there's an exim command or flag you think is helpful or you use often and it isn't represented here let us know!!
Contributed by: @cPanelLauren
Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!