Find Spam Mail in Cpanel server:Exim

-
                                                                           
Find Spam Mail in Cpanel server:Exim
====================================
====================================


#summary of mails in the mail queue.

 exim -bpr | exiqsumm -c | head

#To get all Message-ids of a Particular user

 exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}'

 Provide username in above script

#Print message header

 exim -Mvh <message id>

#Print message's body

 exim -Mvb <message-id>

#To Delete all mail queue of a user by Message-id

exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}' |xargs exim -Mrm

===================================================================
#To check the script that will originate spam mails:

 tail -f /var/log/exim_mainlog | grep cwd

 grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n

 awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1

 grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg

#To find exact spamming script currently running

  ps auxwwwe | grep <user> | grep --color=always "<location of script>" | head

  Provide username and location of script in above script

#Once you find the script ,following script will help you to find the ip address which is reponsable for the spamming.You can block the IP address 
 in  firewall

 grep "<script_name>" /home/username/access-logs/domain.com | awk '{print $1}' | sort -n | uniq -c | sort -n

 Provide Scriptname,username and domainname in above script

========================================================================

#In order to find “nobody” spamming, use the following command

 ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print $i}}' | sort | uniq -c | grep PWD | sort -n

#To remove all frozen mails in the queue

 exim -bp | grep frozen | awk '{ print $3 }' | xargs exim -Mrm


#To remove a message from the queue

 exim -Mrm <message-id>

Comments

Post a comment

Popular posts from this blog

Datastax Error : Cassandra - Saved cluster name Test Cluster != configured name

-
Image
While changing existing cluster name in datastax, i got name mismatch exception in log file. Process i followed was changed the cluster name in cassandra.yaml configuration file. $ nano /etc/dse/cassandra/cassandra.yaml     cluster_name: 'Test Cluster1' Solution :  Change the cluster name  to "New Cluster Name" : $ cqlsh `hostname -I` cqlsh> UPDATE system.local SET cluster_name = 'New Cluster Name' where key='local'; cqlsh> exit; $ nodetool flush system Stop the cluster : $ sudo service dse stop;sudo service datastax-agent stop Edit the file : $ sudo vi /etc/dse/cassandra/cassandra.yaml     cluster_name: ' New Cluster Name ' Start the cluster : $ sudo service dse start;sudo service datastax-agent start Check Installation log :  $ cat /var/log/cassandra/output.log Reference  : https://support.datastax.com/hc/en-us/articles/205289825-Change-Cluster-Name-
Continue Reading »»»»

Datastax Error : Cannot start node if snitch's data center (dc1) differs from previous data center (dc2)

-
Image
This error occurs when the node try to start and see it has snitch information which differ from previous data center. In my case, i was using DseSimpleSnitch which name the datacenter based on workload type. Previously i had enabled solr in dse default configuration file ( /etc/default/dse ) and datasenter name was Solr. Now i tried to start the dse with graph enabled, which change the name to datacenter SearchGraph which is default workload type name. CassandraDaemon.java:698 - Cannot start node if snitch's data center (Solr) differs from previous data center (SearchGraph). Please fix the snitch configuration, decommission and rebootstrap this node or use the flag -Dcassandra.ignore_dc=true Solution : 1) In the last line of  cassandra-env.sh  set in the jvm opts as given below : JVM_OPTS="$JVM_OPTS -Dcassandra.ignore_dc=true" 2) If it starts successfully, execute: nodetool repair nodetool cleanup
Continue Reading »»»»

Configure Nagios plugin " check_logfiles " for scanning log file

-
I was checking for a nagios plugin which could filter the specified log file which i had mentioned and notify me whenever a warning or error appeared in log. Finally i get in hand check_logfile created by Gerhard Lausser. Check_logfiles is used to scan the lines of a file for regular expressions. Install the plugin on client system :  $ wget https://labs.consol.de/assets/downloads/nagios/check_logfiles-3.8.0.2.tar.gz $ tar xvzf check_logfiles-3.8.0.2.tar.gz $ cd check_logfiles-3.8.0.2/ $ ./configure $ make $ make install check_logfiles executable file will get installed on location "/usr/local/nagios/libexec" Configure Check Pattern : $ nano  /etc/nagios-plugins/config/check_log.cfg @searches = (   {     tag => 'Error',     logfile => '/var/logs/error.log',     criticalpatterns => 'Error',   } ); Here i am filtering pattern "Error" from log file which i had mentioned in logfile parameter section C
Continue Reading »»»»

Popular posts from this blog

Datastax Error : Cassandra - Saved cluster name Test Cluster != configured name

-
Image
While changing existing cluster name in datastax, i got name mismatch exception in log file. Process i followed was changed the cluster name in cassandra.yaml configuration file. $ nano /etc/dse/cassandra/cassandra.yaml     cluster_name: 'Test Cluster1' Solution :  Change the cluster name  to "New Cluster Name" : $ cqlsh `hostname -I` cqlsh> UPDATE system.local SET cluster_name = 'New Cluster Name' where key='local'; cqlsh> exit; $ nodetool flush system Stop the cluster : $ sudo service dse stop;sudo service datastax-agent stop Edit the file : $ sudo vi /etc/dse/cassandra/cassandra.yaml     cluster_name: ' New Cluster Name ' Start the cluster : $ sudo service dse start;sudo service datastax-agent start Check Installation log :  $ cat /var/log/cassandra/output.log Reference  : https://support.datastax.com/hc/en-us/articles/205289825-Change-Cluster-Name-
Continue Reading »»»»

Datastax Error : Cannot start node if snitch's data center (dc1) differs from previous data center (dc2)

-
Image
This error occurs when the node try to start and see it has snitch information which differ from previous data center. In my case, i was using DseSimpleSnitch which name the datacenter based on workload type. Previously i had enabled solr in dse default configuration file ( /etc/default/dse ) and datasenter name was Solr. Now i tried to start the dse with graph enabled, which change the name to datacenter SearchGraph which is default workload type name. CassandraDaemon.java:698 - Cannot start node if snitch's data center (Solr) differs from previous data center (SearchGraph). Please fix the snitch configuration, decommission and rebootstrap this node or use the flag -Dcassandra.ignore_dc=true Solution : 1) In the last line of  cassandra-env.sh  set in the jvm opts as given below : JVM_OPTS="$JVM_OPTS -Dcassandra.ignore_dc=true" 2) If it starts successfully, execute: nodetool repair nodetool cleanup
Continue Reading »»»»

Configure Nagios plugin " check_logfiles " for scanning log file

-
I was checking for a nagios plugin which could filter the specified log file which i had mentioned and notify me whenever a warning or error appeared in log. Finally i get in hand check_logfile created by Gerhard Lausser. Check_logfiles is used to scan the lines of a file for regular expressions. Install the plugin on client system :  $ wget https://labs.consol.de/assets/downloads/nagios/check_logfiles-3.8.0.2.tar.gz $ tar xvzf check_logfiles-3.8.0.2.tar.gz $ cd check_logfiles-3.8.0.2/ $ ./configure $ make $ make install check_logfiles executable file will get installed on location "/usr/local/nagios/libexec" Configure Check Pattern : $ nano  /etc/nagios-plugins/config/check_log.cfg @searches = (   {     tag => 'Error',     logfile => '/var/logs/error.log',     criticalpatterns => 'Error',   } ); Here i am filtering pattern "Error" from log file which i had mentioned in logfile parameter section C
Continue Reading »»»»