Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Exim Reference

Discussion in 'Workarounds and Optimization' started by JesusS., Dec 23, 2014.

  1. JesusS.

    JesusS. Registered

    Joined:
    Jan 8, 2013
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Basic Exim commands


    View all messages in the exim queue:
    Code:
    exim -bp
    View only undelivered messages in the exim queue:
    Code:
    exim -bpu
    View the amount of messages in the exim queue:
    Code:
    exim -bpc
    Viewing information about a message

    The -M flag for exim by itself tells exim to attempt to deliver the specified message ID's, however, when used with the flags below, it is a useful tool for viewing information about the message

    View the headers of an individual message:
    Code:
    exim -Mvh <exim-ID>
    View the body of an individual message:
    Code:
    exim -Mvb <exim-ID>
    View both the headers and body of a message:
    Code:
    exim -Mvc <exim-ID>
    Test if messages to an address will be delivered locally, or routed remotely:
    Code:
    exim -bt <address>
    This is determined by the files /etc/remotedomains and /etc/localdomains. If a domain is present in localdomains, exim will automatically attempt routing the domain to a local mailbox. If it's not in localdomains, then it will check /etc/remotedomains and then attempt delivering to the MX host.

    Exigrep
    If you want to view log entries related to a transaction, you can use the Exigrep command to do so. It will not only search for the pattern you give it, but it will also return related transactions

    Code:
    exigrep <pattern> <log-file> <log-file> ...
    Exiqsumm
    Exiqsumm is a rather simple utility that outputs the amount of messages and age of newest and oldest messages per domain in the following format:

    Code:
    Count  Volume  Oldest  Newest  Domain
    -----  ------  ------  ------  ------
     
        2   109KB      9h      5h  cent6-64.cptechs.com
    ---------------------------------------------------------------
        2   109KB      9h      5h  TOTAL
    To invoke it, you must pipe the output of exim -bp or exim -bpu to it:

    Code:
    exim -bp | exiqsumm
    Exiqgrep
    Exiqgrep is a standalone utility that allows you to search for specific information from the exim queue without having to use pipes. From its man page, the available flags are:

    Code:
    -f <regexp>
    Match sender address (field is lq< >rq wrapped)
    -r <regexp>
    Match recipient address
    -s <regexp>
    Match against the site field from long output
    -y <seconds>
    Message younger than
    -o <seconds>
    Message older than
    -z
    Frozen messages only (exclude non-frozen)
    -x
    Non-frozen messages only (exclude frozen)
    -c
    Display match count
    -l
    Long Format [Default]
    -i
    Message IDs only
    -b
    Brief Format
    -R
    So in order to check the exim queue for messages originating from jsmith@domain.net, you'd use:

    Code:
    exiqgrep -f [EMAIL]jsmith@domain.net[/EMAIL]
    You can also check for messages destined towards a certain recipient:

    Code:
    exiqgrep -r [EMAIL]jsmith@domain.net[/EMAIL]
    Or just return a list of Exim ID's:

    Code:
    exiqgrep -i
    Eximstats
    Eximstats is yet another useful utility, which will gather hourly statistics for you, it's quite handy for tracking which times you have the most mail traffic:

    Code:
    eximstats -nr /var/log/exim_mainlog
    eximstats -bydomain /var/log/exim_mainlog
    eximstats -byhost /var/log/exim_mainlog
    Sample Output:
    Code:
    root@cent6-64 [~]# eximstats -bydomain /var/log/exim_mainlog
    
    Exim statistics from 2014-12-22 00:53:36 to 2014-12-23 08:00:02
    
    Grand total summary
    -------------------
                                                                      At least one address
      TOTAL               Volume   Messages Addresses   Domains      Delayed       Failed
      Received             901KB         36                   1       0  0.0%      6 16.7%
      Delivered             56KB         30        30         1
    
    Deliveries by transport
    -----------------------
                          Volume    Messages
      remote_smtp           56KB          30
    
    Messages received per hour (each dot is 1 message)
    --------------------------------------------------
    
    00-01      2 ..
    01-02      2 ..
    02-03      0
    03-04      2 ..
    04-05      0
    05-06      0
    06-07      0
    07-08      0
    08-09      2 ..
    09-10      0
    10-11      0
    11-12      0
    12-13      0
    13-14      0
    14-15      0
    15-16      0
    16-17      0
    17-18      0
    18-19     26 ..........................
    19-20      2 ..
    20-21      0
    21-22      0
    22-23      0
    23-24      0
    
    Deliveries per hour (each dot is 1 delivery)
    --------------------------------------------
    
    00-01      0
    01-02      2 ..
    02-03      0
    03-04      0
    04-05      0
    05-06      0
    06-07      0
    07-08      0
    08-09      0
    09-10      0
    10-11      0
    11-12      0
    12-13      0
    13-14      0
    14-15      0
    15-16      0
    16-17      0
    17-18      0
    18-19     26 ..........................
    19-20      2 ..
    20-21      0
    21-22      0
    22-23      0
    23-24      0
    
    Time spent on the queue: all messages
    -------------------------------------
    Under   1m       33  94.3%   94.3%
    Over    1d        2   5.7%  100.0%
    
    
    Time spent on the queue: messages with at least one remote delivery
    -------------------------------------------------------------------
    Under   1m       30 100.0%  100.0%
    
    
    No relayed messages
    -------------------
    Top 50 sending domains by message count
    ---------------------------------------
      Messages      Bytes    Average   Sending domain
            36      901KB       25KB   localdomain
    
    Top 50 sending domains by volume
    --------------------------------
      Messages      Bytes    Average   Sending domain
            36      901KB       25KB   localdomain
    Top 50 local senders by message count
    -------------------------------------
      Messages      Bytes    Average   Local sender
            32      685KB       21KB   root
             3      214KB       71KB   mailnull
             1       1522       1522   mailman
    
    Top 50 local senders by volume
    ------------------------------
      Messages      Bytes    Average   Local sender
            32      685KB       21KB   root
             3      214KB       71KB   mailnull
             1       1522       1522   mailman
    
    Top 50 domain destinations by message count
    -------------------------------------------
      Messages  Addresses      Bytes    Average   Domain destination
            30         30       56KB       1911   cpanel.net
    
    Top 50 domain destinations by volume
    ------------------------------------
      Messages  Addresses      Bytes    Average   Domain destination
            30         30       56KB       1911   cpanel.net
    
    List of errors
    --------------
        1 [EMAIL]postmaster@cent6-64.cptechs.com[/EMAIL] R=fail_remote_domains:
            The mail server could not deliver mail to [EMAIL]postmaster@cent6-64.cptechs.com[/EMAIL].
            The account or domain may not exist, they may be blacklisted,
            or missing the proper dns entries.
    
        7 [EMAIL]root@cent6-64.cptechs.com[/EMAIL] R=fail_remote_domains: The
            mail server could not deliver mail to [EMAIL]root@cent6-64.cptechs.com[/EMAIL].
            The account or domain may not exist, they may be blacklisted,
            or missing the proper dns entries.
    
    Errors encountered: 8
    ---------------------
    You can find more flags in the man page at eximstats(8) - Linux man page

    Manipulating messages in the queue

    Remove messages from the queue:
    Code:
    exim -Mrm <exim-ID> <exim-ID> ...
    Thaw frozen messages
    Code:
    exim Mt <exim-ID> <exim-ID> ...
    Attempt delivery of messages
    Code:
    exim -M <exim-ID> <exim-ID> ...
    One-liners for managing Exim:

    Process and attempt delivery of all unfrozen messages in the queue:
    Code:
    exim -qv
    Clearing the Exim Queue
    Clearing a moderate queue with exim -Mrm
    This command takes the current exim queue in its entirety, extracts the exim message ID's, and outputs them to exim -Mrm, which is the command for removing messages from the queue

    Code:
    exim -bp | exiqgrep -i | xargs exim -Mrm
    Clearing an extremely large exim queue

    This one-liner stops exim, kills all remaining exim processes, cleans out the mail queue and mail DB at the file level, then starts exim:

    Code:
    touch /etc/eximdisable; echo Stopping Exim...; service exim stop; sleep 10; killall exim; sleep 5; killall -9 exim; echo Clearing out the Exim spool...; find /var/spool/exim/{db,input,msglog} -type f -delete; echo Starting Exim...; rm -f /etc/eximdisable; /scripts/restartsrv_exim; echo Done.;
    
    Source: Cpanel Exim How To Clear The Mail Queue | Server Sitters

    Investigating large amounts of mail

    Find amount of emails sent per login:

    Code:
    grep -oP  "(?<=A=dovecot_(login|plain):)\S+|(?<= U=)\S+" /var/log/exim_mainlog | sort | uniq -c|awk '{print $2,$1}'|sort -k2n|column -t
    
    When there's an extraordinarily large amount of SMTP authenticated concentrated within 1 to 5 email accounts, this is usually indicative of a password compromise. It would be advisable to change the affected email account's password, as well as the cPanel user's for good measure.
    In cases where the queue is extremely large, this may be of better use:

    Code:
    grep auth_id /var/spool/exim/input/*/*
    Find amount of emails sent per CWD:

    When there aren't many SMTP Authenticated emails, it's usually a script that is sending messages out. It could be something as innocuous as a Tell-A-Friend script that is unprotected against automation, or it could be a compromised script, usually as a result of an unpatched or outdated CMS or plugin. You'll want to analyze the timestamps in the affected directory, though sometimes the headers will tell you the filename of the script.

    Code:
    awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr
    Note: Extended logging should be enabled in exim for best results,

    Print out all headers in the exim queue
    Only do this on small to moderately sized queues - Otherwise you'll end up with a high load

    Code:
    for i in `exiqgrep -i`; do exim -Mvh $i;done

    Miscellaneous

    Fix eximstats db
    Code:
    mysqlcheck -r --use-frm eximstats
    You would do this typically when the Mail Delivery Reports in WHM is not returning any results.

    Recreate eximstats db:
    Code:
    /usr/local/cpanel/bin/updateeximstats
    Smart hosts / SMTP Relay:
    If you're seeing errors like this in the exim logs, and you can not telnet to any mail servers on port 25, the service provider may be blocking the connection. One common example is GoDaddy, which has its own SMTP Relay servers that must be added to exim as smart hosts.:

    Code:
    retry time not reached for any host after a long failure period
    Connection timed out
    retry timeout exceeded
    GoDaddy has a set of instructions for configuring this:
    http://support.godaddy.com/help/article/5378/configuring-the-smtp-relay-server-on-your-linux-server-using-cpanel?locale=en

    Our own documentation, however, may be more reliable:
    http://documentation.cpanel.net/display/1144Docs/Exim+Mail#EximMail-Smarthostsupport

    Exim logging / log_selector:
    You can change the logging settings, or log_selector, in WHM >> Service Configuration >> Exim Configuration Manager >> Advanced Editor >> Config
    This option can be used to reduce or increase the number of things that Exim writes to its log files. Its argument is made up of names preceded by plus or minus characters. For example:
    Code:
    +arguments -retry_defer
    A list of possible names and what they control is given in the chapter on logging, in section 51.15 of the exim documentation: 51. Log files

    Note that cPanel will always enable these mandatory options in your configuration.
    Code:
    +incoming_port +smtp_connection +all_parents
    The following default options will also be enabled except when you specify a negative form.
    Code:
    -retry_defer +subject +arguments +received_recipients
    This is the default setting set by cPanel:
    Code:
    +incoming_port +smtp_connection +all_parents -retry_defer +subject +arguments +received_recipients
    
    The following is the recommended setting for extended logging:

    Code:
    +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
     
  2. danrussell

    danrussell Well-Known Member

    Joined:
    Nov 5, 2014
    Messages:
    61
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi : ),

    Very useful information. Thank you for sharing.
     
  3. John Schmerold

    John Schmerold Well-Known Member

    Joined:
    Apr 21, 2004
    Messages:
    57
    Likes Received:
    3
    Trophy Points:
    158
    Location:
    st. louis
    cPanel Access Level:
    Root Administrator
    +1 Thank you.
     
Loading...

Share This Page