Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the copy-the-code domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/pcx3.com/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the pb-seo-friendly-images domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/pcx3.com/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the johannes domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/pcx3.com/wp-includes/functions.php on line 6121
Working with emails in cPanel/Exim from the terminal - PC✗3
Are you a 🤖?
Search
Search
Working with emails in cPanel/Exim from the terminal
Add comment
Share:XRedditLinkedIn

Working with emails in cPanel/Exim from the terminal

April 5, 2021

Is there exim at all?

yum list installed |grep -i exim

———————— WHO DID IT ————————

WHO deleted email account

grep execute/Email/delete_pop /usr/local/cpanel/logs/access_log

WHO suspended email account

grep suspend_incoming /usr/local/cpanel/logs/access_log

OR

grep "uapi_module=Email&uapi_func=suspend_login&uapi_data" /usr/local/cpanel/logs/access_log

———————— SINGLE MSG / ADDRESS ————————

Check a single message by exim ID

exim -Mvl message-id-here

List all FAILED Logins on email address

grep DOMAIN.com /var/log/maillog | grep failed

ALL logins/messages for an email address

grep dovecot_login:user@domain.com /var/log/exim_mainlog

REJECTED EMAILS FOR A SINGLE E-ADDRESS

exigrep user@domain.com /var/log/exim_rejectlog*

———————— EXIM QUEUE ————————

Show all messages in queue

exim -bp

Queued messages from a specific sender

exiqgrep -f user@domain.com

Output Exim IDs for that specific sender

exiqgrep -i -r user@domain.com

Print a count of the messages in the queue

exim -bpc

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals

exim -bp | exiqsumm | more

Queue summary

exim -bp | exiqsumm

Count frozen msgs in queue

exim -bpr | grep frozen | wc -l

Force single msg delivery

exim -M email-id-here

Force queue run

exim -qf

Force queue run with frozen messages

exim -qff

Delete all frozen messages

exim -bpr | grep frozen | awk {‘print $3’} | xargs exim -Mrm

Clear all emails in the current queue

exiqgrep -i | xargs exim -Mrm

———————— EXIM STATISTICS ————————

Exim stats

eximstats /var/log/exim_mainlog | less

Top dovecot_logins

egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1

EMAILS sort emails by number of logins

head -1 /var/log/exim_mainlog | awk '{print $1}' ; egrep -o 'dovecot_login[^ ]+|dovecot_plain[^ ]+' /var/log/exim_mainlog | cut -f2 -d":" | sort|uniq -c|sort -nk 1 ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'2020-12-25

Top email senders

grep "<=.*P=local" /var/log/exim_mainlog | awk '{print $6}' | sort | uniq -c | sort -nr | head -5


OR

eximstats /var/log/exim_mainlog | grep -A7 "Top 5 local senders by message count" | tail -5 | awk '{print $1,$NF}'

Sort IPs by number of SMTP connections

tail -n1000 /var/log/exim_mainlog |grep SMTP|cut -d[ -f2|cut -d] -f1|sort -n |uniq -c

Search for messages sent via a script

grep -hoP "(?<=cwd=)/[^ ]+" /var/log/exim_mainlog | sort | uniq -c | sort -nr


OR

grep cwd=/ /var/log/exim_mainlog | cut -d = -f 2 | cut -d " " -f 1 | sort | uniq -c | sort -n

Search for messages sent with SMTP from localhost (without authentication)

grep authenticated_local_user /var/log/exim_mainlog|grep -oP '(?<=U=)[^ ]+'|sort|uniq -c|sort -nr

———————— CHECK EXIM CONF ————————

Display all of Exim’s configuration settings

exim -bP

———————— ADVANCED / LISTS ————————

GET ALL EMAIL ADDRESSES ON a WHM SERVER

cat /etc/userdomains | sed "s/://g" | awk {'system("ls -1d /home/"$2"/mail/"$1"/* 2> /dev/null")'} | sed "s/\// /g" | awk {'print $5"@"$4'}

Share:XRedditLinkedIn
whoami
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.

You may also like

Menu