Hi all !<\/p>\n
In this article, We are going to see how to find out Spam mails generating from Exim Mail Servers. Controlling Spam mails is a challenge task for every server administrator. Let’s find out how to locate the Spam generating script and stop it.<\/p>\n
What is Spam mail ?<\/p>\n
Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately.<\/p>\n
Why do we stop Spam mail ?<\/p>\n
Due to more number of Spam mails, Server’s IP address reputation will get poor and this will lead to list the IP in Spam database.<\/p>\n
How can we stop spam mail ?<\/p>\n
First we have to locate the infected scripts on the server using the mail server logs.<\/p>\n
Exim Mail Log :<\/p>\n
Exim mail server maintain three mails logs that are mentioned on below.<\/p>\n
\/var\/log\/exim_mainlog\r\n\/var\/log\/exim_paniclog\r\n\/var\/log\/exim_rejectlog<\/pre>\nExim_mainlog :<\/p>\n
This logs tracks every single mail transaction that your server handles. This is the go-to log when troubleshooting all e-mail delivery problems.<\/p>\n
Exim_rejectlog :<\/p>\n
This log only logs delivery rejections. While this can be useful, this is not the first log file you will want to search when troubleshooting a mail problem. For example, if mail is getting through on the server, but your mail client is silently failing to download mail, this log will not help you.<\/p>\n
Exim_paniclog :<\/p>\n
This log contains has information regarding the exim program itself, and not mail transactions. For this reason, it is not suitable for most mail troubleshooting.<\/p>\n
Steps to locate the script that generating Spam mails :<\/p>\n
grep cwd \/var\/log\/exim_mainlog | grep -v \/var\/spool | awk -F\"cwd=\" '{print $2}' | awk '{print $1}'\r\n|sort | uniq -c | sort -n<\/pre>\ngrep cwd \/var\/log\/exim_mainlog –>\u00a0Use the grep<\/strong> command to locate mentions of cwd<\/strong> from the Exim mail log. This stands for current working directory<\/strong>.<\/p>\n grep -v \/var\/spool–> Use the grep<\/strong> with the -v<\/strong> flag which is an invert match, so we don’t show any lines that start with \/var\/spool<\/strong> as these are normal Exim deliveries not sent in from a script.<\/p>\n awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ –> Use the awk<\/strong> command with the -F<\/strong>ield seperator set to cwd=<\/strong>, then just print out the $2<\/strong>nd set of data, finally pipe that to the awk<\/strong> command again only printing out the $1<\/strong>st column so that we only get back the script path.<\/p>\n sort | uniq -c | sort -n –> Sort the script paths by their name, uniquely count them, then sort them again numerically from lowest to highest.<\/p>\n Once you executed the command, you will get output like this<\/p>\n From which you can identify the script that sending more number of Spam mails.<\/p>\n Once you located the script, you can Investigate it further by contacting developer to take appropriate actions \ud83d\ude42<\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Hi all ! In this article, We are going to see how to find out Spam mails generating from Exim<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[1],"tags":[],"class_list":["post-187","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/comments?post=187"}],"version-history":[{"count":15,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/187\/revisions"}],"predecessor-version":[{"id":206,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/posts\/187\/revisions\/206"}],"wp:attachment":[{"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/media?parent=187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/categories?post=187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxresellerwebhosting.in\/blog\/wp-json\/wp\/v2\/tags?post=187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}25 \/home\/userna5\/public_html\/Spam_generating_Path\r\n36 \/home\/userna5\/public_html\/Spam_generating_Path\r\n10276 \/home\/userna5\/public_html\/Spam_generating_Path<\/pre>\n