Email / Exim server troubleshooting techniques. You can use the following email server troubleshooting options in your cpanel. Mostly used this command to find spam emails and bulk email senders. You can also refer mostly used exim commands, also you can refer options in WHM – > Tweak Settings – > mail

Exim Configuration Editor

Email server troubleshooting technique

To get exim mail stats

eximstats -ne -nr /var/log/exim_mainlog >> eximstats.txt

open eximstats.txt file and check details.

Get the details of scripts that are used to send out spam emails :

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i teststats

Script to know the mail count by various accounts

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

List number of mails by a domain

exigrep @domain.com /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l

List the number of mails send by each one.

exim -bpr | grep “<” | awk {‘print $4′} | cut -d “” -f 1 | sort -n | uniq -c | sort -n

Show the list from which user’s home the mail is going, so that you can easily trace it and block it if needed.

ps -C exim -fH ewww |grep home

Show the top 50 domains using mail server with options.

eximstats -ne -nr /var/log/exim_mainlog
Show the list of main domains receiving and sending mails on the server.

exim -bp | exiqsumm

Show the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.

netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1

List the  “nobody” ownership spamming emails

ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}’|sort|uniq -c|grep PWD|sort -n

The above command will show the spamming is currently in progress. If the spamming has happened some hours before, use the following command.

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

This will result in something like :
47 cwd=/root
8393 cwd=/home/sample/public_html/test

Exim server files location and logs

/etc/exim.conf – exim main configuration file

/etc/localdomains – list of domains allowed to relay mail

/etc/remotedomains – list of remote MX record domains.

/var/log/exim_mainlog – incoming/outgoing mails are logged here

/var/log/exim_rejectlog – exim rejected mails are reported here

/var/log/exim_paniclog – exim errors are logged here

/var/spool/exim/input – Mail queue

/scripts/restartsrv_exim – Cpanel script to restart exim

/etc/valiases/domainname.com – Email forwarders and catchall address file

/etc/vfilters/domainname.com – Email filters file

/home/username/etc/domainname/passwd – POP user authentication file

/home/username/mail/inbox – catchall inbox

/home/username/mail/domainname/popusername/inbox – POP user inbox

/home/username/mail/domainname/popusername/spam – POP user spambox