Working with emails in cPanel/Exim from the terminal

Working with emails in cPanel/Exim from the terminal

Is there exim at all?

yum list installed |grep -i exim

———————— WHO DID IT ————————

WHO deleted email account

grep execute/Email/delete_pop /usr/local/cpanel/logs/access_log

WHO suspended email account

grep suspend_incoming /usr/local/cpanel/logs/access_log

OR

grep "uapi_module=Email&uapi_func=suspend_login&uapi_data" /usr/local/cpanel/logs/access_log

———————— SINGLE MSG / ADDRESS ————————

Check a single message by exim ID

exim -Mvl message-id-here

List all FAILED Logins on email address

grep DOMAIN.com /var/log/maillog | grep failed

ALL logins/messages for an email address

grep dovecot_login:[email protected] /var/log/exim_mainlog

REJECTED EMAILS FOR A SINGLE E-ADDRESS

exigrep [email protected] /var/log/exim_rejectlog*

———————— EXIM QUEUE ————————

Show all messages in queue

exim -bp

Queued messages from a specific sender

exiqgrep -f [email protected]

Output Exim IDs for that specific sender

exiqgrep -i -r [email protected]

Print a count of the messages in the queue

exim -bpc

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals

exim -bp | exiqsumm | more

Queue summary

exim -bp | exiqsumm

Count frozen msgs in queue

exim -bpr | grep frozen | wc -l

Force single msg delivery

exim -M email-id-here

Force queue run

exim -qf

Force queue run with frozen messages

exim -qff

Delete all frozen messages

exim -bpr | grep frozen | awk {‘print $3’} | xargs exim -Mrm

Clear all emails in the current queue

exiqgrep -i | xargs exim -Mrm

———————— EXIM STATISTICS ————————

Exim stats

eximstats /var/log/exim_mainlog | less

Top dovecot_logins

egrep -o 'dovecot_login[^ ]+' /var/log/exim_mainlog | sort|uniq -c|sort -nk 1

EMAILS sort emails by number of logins

head -1 /var/log/exim_mainlog | awk '{print $1}' ; egrep -o 'dovecot_login[^ ]+|dovecot_plain[^ ]+' /var/log/exim_mainlog | cut -f2 -d":" | sort|uniq -c|sort -nk 1 ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'2020-12-25

Top email senders

grep "<=.*P=local" /var/log/exim_mainlog | awk '{print $6}' | sort | uniq -c | sort -nr | head -5


OR

eximstats /var/log/exim_mainlog | grep -A7 "Top 5 local senders by message count" | tail -5 | awk '{print $1,$NF}'

Sort IPs by number of SMTP connections

tail -n1000 /var/log/exim_mainlog |grep SMTP|cut -d[ -f2|cut -d] -f1|sort -n |uniq -c

Search for messages sent via a script

grep -hoP "(?<=cwd=)/[^ ]+" /var/log/exim_mainlog | sort | uniq -c | sort -nr


OR

grep cwd=/ /var/log/exim_mainlog | cut -d = -f 2 | cut -d " " -f 1 | sort | uniq -c | sort -n

Search for messages sent with SMTP from localhost (without authentication)

grep authenticated_local_user /var/log/exim_mainlog|grep -oP '(?<=U=)[^ ]+'|sort|uniq -c|sort -nr

———————— CHECK EXIM CONF ————————

Display all of Exim’s configuration settings

exim -bP

———————— ADVANCED / LISTS ————————

GET ALL EMAIL ADDRESSES ON a WHM SERVER

cat /etc/userdomains | sed "s/://g" | awk {'system("ls -1d /home/"$2"/mail/"$1"/* 2> /dev/null")'} | sed "s/\// /g" | awk {'print $5"@"$4'}

Written by
Stefan Pejcic
Join the discussion

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.