Exim commands used to locate Spamming in cPanel server:
================================
1.To shows the domain name and the no of emails sent by that domain
exim -bp | exiqsumm | more
2.Following command will show path to the script being utilized to send mail
ps -C exim -fH eww
ps -C exim -fH eww | grep home
3.Check for spamming if anybody is using php script for sending mail through home
tail -f /var/log/exim_mainlog | grep home
4. If anyone is spamming from /tmp
tail -f /var/log/exim_mainlog | grep /tmp
5. To display the IP and no of tries done by the IP to send mail but rejected by the server.
tail -3000 /var/log/exim_mainlog |grep ‘rejected RCPT’ |awk ‘{print$4}’|awk -F\[ '{print $2} '|awk -F\] ‘{print $1} ‘|sort | uniq -c | sort -k 1 -nr | head -n 5
6.Shows the connections from a certain ip to the SMTP server
netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1
7.If spamming from outside domain then you can block that domain or email id on the server
pico /etc/antivirus.exim
Add the following lines:
if $header_from: contains “name@domain.com”
then
seen finish
endif
8.Check if any php script is causing the mass mailing with
cd /var/spool/exim/input
egrep “X-PHP-Script” * -R
9.
Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n
================
Regards,
Vinod T K
