Find Spam Mail in Cpanel server:Exim

-
                                                                           
Find Spam Mail in Cpanel server:Exim
====================================
====================================


#summary of mails in the mail queue.

 exim -bpr | exiqsumm -c | head

#To get all Message-ids of a Particular user

 exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}'

 Provide username in above script

#Print message header

 exim -Mvh <message id>

#Print message's body

 exim -Mvb <message-id>

#To Delete all mail queue of a user by Message-id

exiqgrep -f <userid@mail.com>| grep '<' |cut -d"<" -f1 |awk '{print $3}' |xargs exim -Mrm

===================================================================
#To check the script that will originate spam mails:

 tail -f /var/log/exim_mainlog | grep cwd

 grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n

 awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1

 grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg

#To find exact spamming script currently running

  ps auxwwwe | grep <user> | grep --color=always "<location of script>" | head

  Provide username and location of script in above script

#Once you find the script ,following script will help you to find the ip address which is reponsable for the spamming.You can block the IP address 
 in  firewall

 grep "<script_name>" /home/username/access-logs/domain.com | awk '{print $1}' | sort -n | uniq -c | sort -n

 Provide Scriptname,username and domainname in above script

========================================================================

#In order to find “nobody” spamming, use the following command

 ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print $i}}' | sort | uniq -c | grep PWD | sort -n

#To remove all frozen mails in the queue

 exim -bp | grep frozen | awk '{ print $3 }' | xargs exim -Mrm


#To remove a message from the queue

 exim -Mrm <message-id>

Comments

Post a Comment

Popular posts from this blog

Datastax Error : Cassandra - Saved cluster name Test Cluster != configured name

-
Image
While changing existing cluster name in datastax, i got name mismatch exception in log file. Process i followed was changed the cluster name in cassandra.yaml configuration file. $ nano /etc/dse/cassandra/cassandra.yaml     cluster_name: 'Test Cluster1' Solution :  Change the cluster name  to "New Cluster Name" : $ cqlsh `hostname -I` cqlsh> UPDATE system.local SET cluster_name = 'New Cluster Name' where key='local'; cqlsh> exit; $ nodetool flush system Stop the cluster : $ sudo service dse stop;sudo service datastax-agent stop Edit the file : $ sudo vi /etc/dse/cassandra/cassandra.yaml     cluster_name: ' New Cluster Name ' Start the cluster : $ sudo service dse start;sudo service datastax-agent start Check Installation log :  $ cat /var/log/cassandra/output.log Reference  : https://support.datastax.com/hc/en-us/articles/205289825-Change-Cluster-Name-
Continue Reading »»»»

Datastax Error : Cannot start node if snitch's data center (dc1) differs from previous data center (dc2)

-
Image
This error occurs when the node try to start and see it has snitch information which differ from previous data center. In my case, i was using DseSimpleSnitch which name the datacenter based on workload type. Previously i had enabled solr in dse default configuration file ( /etc/default/dse ) and datasenter name was Solr. Now i tried to start the dse with graph enabled, which change the name to datacenter SearchGraph which is default workload type name. CassandraDaemon.java:698 - Cannot start node if snitch's data center (Solr) differs from previous data center (SearchGraph). Please fix the snitch configuration, decommission and rebootstrap this node or use the flag -Dcassandra.ignore_dc=true Solution : 1) In the last line of  cassandra-env.sh  set in the jvm opts as given below : JVM_OPTS="$JVM_OPTS -Dcassandra.ignore_dc=true" 2) If it starts successfully, execute: nodetool repair nodetool cleanup
Continue Reading »»»»

Datastax Error : Error initializing cluster data

-
Image
I was getting the following error in Opscenter continuously and it get resolved automatically after some time. Error initializing cluster data: The request to /APP_Live/keyspaces?ksfields=column_families%2Creplica_placement_strategy%2Cstrategy_options%2Cis_system%2Cdurable_writes%2Cskip_repair%2Cuser_types%2Cuser_functions%2Cuser_aggregates&cffields=solr_core%2Ccreate_query%2Cis_in_memory%2Ctiers timed out after 10 seconds.. If you continue to see this error message, you can workaround this timeout by setting [ui].default_api_timeout to a value larger than 10 in opscenterd.conf and restarting opscenterd. Note that this is a workaround and you should also contact DataStax Support to follow up. Solution : Workaround of this timeout is by setting [ui].default_api_timeout to a value larger than 10 in opscenterd.conf and restarting opscenterd. 
Continue Reading »»»»

Popular posts from this blog

Datastax Error : Cassandra - Saved cluster name Test Cluster != configured name

-
Image
While changing existing cluster name in datastax, i got name mismatch exception in log file. Process i followed was changed the cluster name in cassandra.yaml configuration file. $ nano /etc/dse/cassandra/cassandra.yaml     cluster_name: 'Test Cluster1' Solution :  Change the cluster name  to "New Cluster Name" : $ cqlsh `hostname -I` cqlsh> UPDATE system.local SET cluster_name = 'New Cluster Name' where key='local'; cqlsh> exit; $ nodetool flush system Stop the cluster : $ sudo service dse stop;sudo service datastax-agent stop Edit the file : $ sudo vi /etc/dse/cassandra/cassandra.yaml     cluster_name: ' New Cluster Name ' Start the cluster : $ sudo service dse start;sudo service datastax-agent start Check Installation log :  $ cat /var/log/cassandra/output.log Reference  : https://support.datastax.com/hc/en-us/articles/205289825-Change-Cluster-Name-
Continue Reading »»»»

Datastax Error : Cannot start node if snitch's data center (dc1) differs from previous data center (dc2)

-
Image
This error occurs when the node try to start and see it has snitch information which differ from previous data center. In my case, i was using DseSimpleSnitch which name the datacenter based on workload type. Previously i had enabled solr in dse default configuration file ( /etc/default/dse ) and datasenter name was Solr. Now i tried to start the dse with graph enabled, which change the name to datacenter SearchGraph which is default workload type name. CassandraDaemon.java:698 - Cannot start node if snitch's data center (Solr) differs from previous data center (SearchGraph). Please fix the snitch configuration, decommission and rebootstrap this node or use the flag -Dcassandra.ignore_dc=true Solution : 1) In the last line of  cassandra-env.sh  set in the jvm opts as given below : JVM_OPTS="$JVM_OPTS -Dcassandra.ignore_dc=true" 2) If it starts successfully, execute: nodetool repair nodetool cleanup
Continue Reading »»»»

Datastax Error : Error initializing cluster data

-
Image
I was getting the following error in Opscenter continuously and it get resolved automatically after some time. Error initializing cluster data: The request to /APP_Live/keyspaces?ksfields=column_families%2Creplica_placement_strategy%2Cstrategy_options%2Cis_system%2Cdurable_writes%2Cskip_repair%2Cuser_types%2Cuser_functions%2Cuser_aggregates&cffields=solr_core%2Ccreate_query%2Cis_in_memory%2Ctiers timed out after 10 seconds.. If you continue to see this error message, you can workaround this timeout by setting [ui].default_api_timeout to a value larger than 10 in opscenterd.conf and restarting opscenterd. Note that this is a workaround and you should also contact DataStax Support to follow up. Solution : Workaround of this timeout is by setting [ui].default_api_timeout to a value larger than 10 in opscenterd.conf and restarting opscenterd. 
Continue Reading »»»»