Thursday, January 30, 2025
Latest:
Security

Useful Commands to Find Spam Mails for Exim Mail Servers

limitedusr

Hi all !

In this article, We are going to see how to find out Spam mails generating from Exim Mail Servers. Controlling Spam mails is a challenge task for every server administrator. Let’s find out how to locate the Spam generating script and stop it.

What is Spam mail ?

Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately.

Why do we stop Spam mail ?

Due to more number of Spam mails, Server’s IP address reputation will get poor and this will lead to list the IP in Spam database.

How can we stop spam mail ?

First we have to locate the infected scripts on the server using the mail server logs.

Exim Mail Log :

Exim mail server maintain three mails logs that are mentioned on below.

/var/log/exim_mainlog
/var/log/exim_paniclog
/var/log/exim_rejectlog

Exim_mainlog :

This logs tracks every single mail transaction that your server handles. This is the go-to log when troubleshooting all e-mail delivery problems.

Exim_rejectlog :

This log only logs delivery rejections. While this can be useful, this is not the first log file you will want to search when troubleshooting a mail problem. For example, if mail is getting through on the server, but your mail client is silently failing to download mail, this log will not help you.

Exim_paniclog :

This log contains has information regarding the exim program itself, and not mail transactions. For this reason, it is not suitable for most mail troubleshooting.

Steps to locate the script that generating Spam mails :

  • Login to the server via SSH using putty.
  • Once logged into the server, execute the below command to locate Spam generating script.
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}'
|sort | uniq -c | sort -n
  • Let’s breakdown the command step by step

grep cwd /var/log/exim_mainlog –> Use the grep command to locate mentions of cwd from the Exim mail log. This stands for current working directory.

grep -v /var/spool–> Use the grep with the -v flag which is an invert match, so we don’t show any lines that start with /var/spool as these are normal Exim deliveries not sent in from a script.

awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ –> Use the awk command with the -Field seperator set to cwd=, then just print out the $2nd set of data, finally pipe that to the awk command again only printing out the $1st column so that we only get back the script path.

sort | uniq -c | sort -n –> Sort the script paths by their name, uniquely count them, then sort them again numerically from lowest to highest.

Once you executed the command, you will get output like this

25 /home/userna5/public_html/Spam_generating_Path
36 /home/userna5/public_html/Spam_generating_Path
10276 /home/userna5/public_html/Spam_generating_Path

From which you can identify the script that sending more number of Spam mails.

Once you located the script, you can Investigate it further by contacting developer to take appropriate actions 🙂

 

 

 

 

 

 

 

 

 

You May Also Like

How to Fix Cloudflare 522 Error ?

Mr Geis

How to Keep your Email Out of the Spam Folder

limitedusr

AH01075: Error dispatching request to – How to fix in Plesk

limitedusr

Leave a Reply

Your email address will not be published. Required fields are marked *