Find Spam Mail in Cpanel server:Exim
Find Spam Mail in Cpanel server:Exim
====================================
====================================
#summary of mails in the mail queue.
exim -bpr | exiqsumm -c | head
#To get all Message-ids of a Particular user
exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}'
Provide username in above script
#Print message header
exim -Mvh <message id>
#Print message's body
exim -Mvb <message-id>
#To Delete all mail queue of a user by Message-id
exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}' |xargs exim -Mrm
===================================================================
#To check the script that will originate spam mails:
tail -f /var/log/exim_mainlog | grep cwd
grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n
awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg
#To find exact spamming script currently running
ps auxwwwe | grep <user> | grep --color=always "<location of script>" | head
Provide username and location of script in above script
#Once you find the script ,following script will help you to find the ip address which is reponsable for the spamming.You can block the IP address
in firewall
grep "<script_name>" /home/username/access-logs/domain.com | awk '{print $1}' | sort -n | uniq -c | sort -n
Provide Scriptname,username and domainname in above script
========================================================================
#In order to find “nobody” spamming, use the following command
ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print $i}}' | sort | uniq -c | grep PWD | sort -n
#To remove all frozen mails in the queue
exim -bp | grep frozen | awk '{ print $3 }' | xargs exim -Mrm
#To remove a message from the queue
exim -Mrm <message-id>
Comments
Post a comment