Table of Contents

Exim

About logs:

Configuration

Exim check run time configuration:

# exim -bV

Exim check configuration values:

# exim -bP

OR

# grep -r 'PARAM' /etc/exim*

Log analysis

Search spammer by subject:

grep -o 'T=.*>' /var/log/exim/mainlog | sort | uniq -c | sort -n

Search who spam to hotmail, outlook, live.com:

#DirectAdmin
egrep 'hotmail|outlook|live.com' /var/log/exim/mainlog | grep 'Queued mail for delivery' | grep -o 'F=<[^>]*' | sort | uniq -c | sort -n
#cpanel / whm
egrep 'hotmail|outlook|live.com' /var/log/exim_mainlog | grep 'Queued mail for deliver' | grep -o '=>.* R'

Search who mostly send to remote servers:

grep 'T=remote_smtp' /var/log/exim/mainlog | grep -o 'F=<.*>' | sort | uniq -c | sort -n

Usefull commands

Remove messages from queue by domain:

# exim -bp | awk /domain/{'print $3'} | xargs exim -Mrm

Remove all messages from queue:

# exim -bp | exiqgrep -i | xargs exim -Mrm

Debug exim

service exim stop; /usr/sbin/exim -bd -d+all
exim -be 'string'

Exim LOG summ

eximstats /var/log/exim/mainlog | less

Testing mail send with swaks

Install swaks (yum, apt, sources, etc…)

swaks --to receiver@remotedomain.tld \
   --from=test@domain.tld \
   --auth \
   --auth-user=test@domain.tld \
   --auth-password=no-way:P \
   --server mail.domain.tld

Email sub-addressing (plus-signs as in Gmail)

To router definition add:

local_part_suffix = +* : -* : _*
local_part_suffix_optional

More info: https://wiki.debian.org/Exim#Email_Sub-addressing_.28plus_signs_like_Gmail.29