The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Exim Reference

Discussion in 'Workarounds and Optimization' started by cPJesus, Dec 23, 2014.

  1. cPJesus

    cPJesus Registered
    Staff Member

    Jan 8, 2013
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Basic Exim commands

    View all messages in the exim queue:
    View only undelivered messages in the exim queue:
    View the amount of messages in the exim queue:
    Viewing information about a message

    The -M flag for exim by itself tells exim to attempt to deliver the specified message ID's, however, when used with the flags below, it is a useful tool for viewing information about the message

    View the headers of an individual message:
    View the body of an individual message:
    View both the headers and body of a message:
    Test if messages to an address will be delivered locally, or routed remotely:
    This is determined by the files /etc/remotedomains and /etc/localdomains. If a domain is present in localdomains, exim will automatically attempt routing the domain to a local mailbox. If it's not in localdomains, then it will check /etc/remotedomains and then attempt delivering to the MX host.

    If you want to view log entries related to a transaction, you can use the Exigrep command to do so. It will not only search for the pattern you give it, but it will also return related transactions

    Exiqsumm is a rather simple utility that outputs the amount of messages and age of newest and oldest messages per domain in the following format:

    To invoke it, you must pipe the output of exim -bp or exim -bpu to it:

    Exiqgrep is a standalone utility that allows you to search for specific information from the exim queue without having to use pipes. From its man page, the available flags are:

    So in order to check the exim queue for messages originating from, you'd use:

    You can also check for messages destined towards a certain recipient:

    Or just return a list of Exim ID's:

    Eximstats is yet another useful utility, which will gather hourly statistics for you, it's quite handy for tracking which times you have the most mail traffic:

    Sample Output:
    You can find more flags in the man page at eximstats(8) - Linux man page

    Manipulating messages in the queue

    Remove messages from the queue:
    Thaw frozen messages
    Attempt delivery of messages
    One-liners for managing Exim:

    Process and attempt delivery of all unfrozen messages in the queue:
    Clearing the Exim Queue
    Clearing a moderate queue with exim -Mrm
    This command takes the current exim queue in its entirety, extracts the exim message ID's, and outputs them to exim -Mrm, which is the command for removing messages from the queue

    Clearing an extremely large exim queue

    This one-liner stops exim, kills all remaining exim processes, cleans out the mail queue and mail DB at the file level, then starts exim:

    Source: Cpanel Exim How To Clear The Mail Queue | Server Sitters

    Investigating large amounts of mail

    Find amount of emails sent per login:

    When there's an extraordinarily large amount of SMTP authenticated concentrated within 1 to 5 email accounts, this is usually indicative of a password compromise. It would be advisable to change the affected email account's password, as well as the cPanel user's for good measure.
    In cases where the queue is extremely large, this may be of better use:

    Find amount of emails sent per CWD:

    When there aren't many SMTP Authenticated emails, it's usually a script that is sending messages out. It could be something as innocuous as a Tell-A-Friend script that is unprotected against automation, or it could be a compromised script, usually as a result of an unpatched or outdated CMS or plugin. You'll want to analyze the timestamps in the affected directory, though sometimes the headers will tell you the filename of the script.

    Note: Extended logging should be enabled in exim for best results,

    Print out all headers in the exim queue
    Only do this on small to moderately sized queues - Otherwise you'll end up with a high load


    Fix eximstats db
    You would do this typically when the Mail Delivery Reports in WHM is not returning any results.

    Recreate eximstats db:
    Smart hosts / SMTP Relay:
    If you're seeing errors like this in the exim logs, and you can not telnet to any mail servers on port 25, the service provider may be blocking the connection. One common example is GoDaddy, which has its own SMTP Relay servers that must be added to exim as smart hosts.:

    GoDaddy has a set of instructions for configuring this:

    Our own documentation, however, may be more reliable:

    Exim logging / log_selector:
    You can change the logging settings, or log_selector, in WHM >> Service Configuration >> Exim Configuration Manager >> Advanced Editor >> Config
    This option can be used to reduce or increase the number of things that Exim writes to its log files. Its argument is made up of names preceded by plus or minus characters. For example:
    A list of possible names and what they control is given in the chapter on logging, in section 51.15 of the exim documentation: 51. Log files

    Note that cPanel will always enable these mandatory options in your configuration.
    The following default options will also be enabled except when you specify a negative form.
    This is the default setting set by cPanel:
    The following is the recommended setting for extended logging:

  2. danrussell

    danrussell Well-Known Member

    Nov 5, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hi : ),

    Very useful information. Thank you for sharing.
  3. John Schmerold

    John Schmerold Active Member

    Apr 21, 2004
    Likes Received:
    Trophy Points:
    st. louis
    cPanel Access Level:
    Root Administrator
    +1 Thank you.

Share This Page