Exim Tips & Tricks – Unclog your queue!

Original article here

This article will focus on some general Exim MTA tips and tricks as well as how to parse mail logs. I originally put this guide together for use with Exim on cPanel. Many cPanel server administrators use the built in Exim MTA without giving it a second thought because it works. It works until they end up providing virtual hosting systems (shared hosting) where some of the users do not update their scripts regularly or simply think setting a cron job that runs every minute and clogs the queue is a good idea. Then running the built in Exim MTA with no knowledge of how it works becomes a disaster! Learn Exim today and save your self some serious headaches!

Is your Exim queue piled up with thousands or even millions of emails? Are you getting complaints from your upstream provider because your servers are sending spam? Are your users complaining emails that they are expecting aren’t coming in or take hours or days to get there? Are your servers blacklisted on the major lists and you have no idea why? If any of these situations describe your problems then this guide should serve as a good primer for you to get the basic idea of how Exim works. You can use the knowledge here to solve all of these problems!

I. Useful Commands (do not include brackets!)

See the mail queue count:

exim -bpc

View the mail queue with email IDs:

exim -bp

Force delivery of specific email by ID:

exim -M [email id]

Force a queue run:

exim -qf

Force a queue run and attempt to flush frozen emails:

exim -qff

View log of email by ID:

exim -Mvl [email ID]

View body of email by ID:

exim -Mvb [email ID]

View header of email by ID:

exim -Mvh [email ID]

Remove message without error code (no bounce) by ID:

exim -Mrm [email ID]

Fail a message from the queue (with bounce) by ID:

exim -Mg [email ID]

II. Configuring A Better “log_selector” In Exim Configuration For Extended Logging!

By default Exim on cPanel does not come with a very extensive logging setup enabled (log_selector) in it’s /etc/exim.conf. Generally without reconfiguring this line you will not be able to easily figure out most of the issues going on with your mail. It’s very hard to find a spammer or source of a particular email from your server. The reason for this default is probably because cPanel developers figure most people won’t need to parse logs as their target administrators are relatively “green” to Linux and the default also keeps log sizes very small. I recommend editing /etc/exim.conf and replacing the existing “log_selector” line (or adding it if none exists) with:

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

Then you should run:

service exim restart

This will restart exim and you should see much more detailed logs in /var/log/exim_mainlog!

III. Exim Tips & Tricks.

Many of these tips and tricks should be used with the extended logging setup discussed in section II.

Show exim queue stats by domain:

exim -bp | exiqsumm | grep -v ‘\-\-‘ | grep -v ‘Volume’ | grep -v ‘^$’ | sort -bg | awk ‘{print “Volume: ” $1 ” \t Domain: ” $5}’

SMTP connection counter:

grep ‘SMTP connection’ /var/log/exim_mainlog | grep ‘TCP/IP’ | awk ‘{print $7}’ | cut -d [ -f 2 | cut -d ] -f 1 | sort -bg | uniq -c | sort -bg

Find spammers sending mail from their /home/ directory (through a script):

grep ‘cwd=/home’ /var/log/exim_mainlog | awk ‘{print $3}’ | cut -d / -f 3 | sort -bg | uniq -c | sort -bg

Flush the exim queue (empty it!):

for i in `exiqgrep -i`; do exim -Mrm $i; done

IV. RBL and Whitelist Filtering bypass.

To bypass RBL filtering for a specific domain you can add that domain to /etc/rblbypass. You can add a remote IP address of a host that is being rejected by a RBL to /etc/whitelist to bypass RBL filtering for a specific incoming IP.

V. Open Extra SMTP Port via cPanel.

You may find that a customer’s ISP blocks port 25 to prevent outbound spam from their network. In this case you could open a second port for him or her to use to get around the ISP.

  1. In your WHM go to Service Configuration -> Service Manager.
  2. Scroll to the bottom where you will see: Exim on another port.
  3. Check both boxes (Enable and Monitor) and fill in the box for port 26 (or your other port of choice!)
  4. Save the configuration and you should be set!

You can test it out with telnet or an email client that sends through SMTP.

VI. Where to go from here.

Aside from this guide I also recommend studying the Exim documentation and learning everything you can about how email works and to make sure you are fully understanding how to read email headers. It’s simple to read headers, but from my work as a systems administrator I know a lot of admins (even good ones) fail to do so properly or are unsure of their conclusions!

Here is the manual but effective way to clean up the old messages in you Exim mail queue:

  • Login to your server as a root user.
  • Run the following command: exiqgrep -o 86400 -i | xargs exim -Mrm This command will delete the messages older than 1 day. To delete email more than one day you can multiply with the number of days with 86400Depends on how many messages in your Exim mail queue, this command may take a while to complete. If for some reason you find a locking error then your server might just in the middle of trying to resend process of those emails. Take a few moments before you try again.

Bad Behavior has blocked 295 access attempts in the last 7 days.