Is there exim at all?
yum list installed |grep -i exim———————— WHO DID IT ————————
WHO deleted email account
grep execute/Email/delete_pop /usr/local/cpanel/logs/access_logWHO suspended email account
grep suspend_incoming /usr/local/cpanel/logs/access_log
OR
grep "uapi_module=Email&uapi_func=suspend_login&uapi_data" /usr/local/cpanel/logs/access_log———————— SINGLE MSG / ADDRESS ————————
Check a single message by exim ID
exim -Mvl message-id-hereList all FAILED Logins on email address
grep DOMAIN.com /var/log/maillog | grep failedALL logins/messages for an email address
grep dovecot_login:user@domain.com /var/log/exim_mainlogREJECTED EMAILS FOR A SINGLE E-ADDRESS
exigrep user@domain.com /var/log/exim_rejectlog*———————— EXIM QUEUE ————————
Show all messages in queue
exim -bpQueued messages from a specific sender
exiqgrep -f user@domain.comOutput Exim IDs for that specific sender
exiqgrep -i -r user@domain.comPrint a count of the messages in the queue
exim -bpcPrint a summary of messages in the queue (count, volume, oldest, newest, domain, and totals
exim -bp | exiqsumm | moreQueue summary
exim -bp | exiqsummCount frozen msgs in queue
exim -bpr | grep frozen | wc -lForce single msg delivery
exim -M email-id-hereForce queue run
exim -qfForce queue run with frozen messages
exim -qffDelete all frozen messages
exim -bpr | grep frozen | awk {‘print $3’} | xargs exim -MrmClear all emails in the current queue
exiqgrep -i | xargs exim -Mrm———————— EXIM STATISTICS ————————
Exim stats
eximstats /var/log/exim_mainlog | less
Top dovecot_logins
egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1EMAILS sort emails by number of logins
head -1 /var/log/exim_mainlog | awk '{print $1}' ; egrep -o 'dovecot_login[^ ]+|dovecot_plain[^ ]+' /var/log/exim_mainlog | cut -f2 -d":" | sort|uniq -c|sort -nk 1 ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'2020-12-25Top email senders
grep "<=.*P=local" /var/log/exim_mainlog | awk '{print $6}' | sort | uniq -c | sort -nr | head -5
OR
eximstats /var/log/exim_mainlog | grep -A7 "Top 5 local senders by message count" | tail -5 | awk '{print $1,$NF}'Sort IPs by number of SMTP connections
tail -n1000 /var/log/exim_mainlog |grep SMTP|cut -d[ -f2|cut -d] -f1|sort -n |uniq -cSearch for messages sent via a script
grep -hoP "(?<=cwd=)/[^ ]+" /var/log/exim_mainlog | sort | uniq -c | sort -nr
OR
grep cwd=/ /var/log/exim_mainlog | cut -d = -f 2 | cut -d " " -f 1 | sort | uniq -c | sort -nSearch for messages sent with SMTP from localhost (without authentication)
grep authenticated_local_user /var/log/exim_mainlog|grep -oP '(?<=U=)[^ ]+'|sort|uniq -c|sort -nr———————— CHECK EXIM CONF ————————
Display all of Exim’s configuration settings
exim -bP———————— ADVANCED / LISTS ————————
GET ALL EMAIL ADDRESSES ON a WHM SERVER
cat /etc/userdomains | sed "s/://g" | awk {'system("ls -1d /home/"$2"/mail/"$1"/* 2> /dev/null")'} | sed "s/\// /g" | awk {'print $5"@"$4'}