We'll go over a lot of commonly used commands and we'll start with exigrep since it's (my) most used and I think most useful exim specific command. Similar to grep but for exim.
exigrep - this is defined in its man page as follows:
Find a specific message by message ID (MID)
exigrep <messageID> /var/log/exim_mainlog
(If you're not sure how to get the Message ID I'll show you how to do that later on)
You can also use exigrep to search for a user or domain:
exigrep firstname.lastname@example.org /var/log/exim_mainlog
You get a little more advanced with this and look for just outgoing mail for one specific user:
exigrep "<= .*email@example.com" /var/log/exim_mainlog
- Keep in mind exigrep gives you the log data for the message ID and related log entries, not just the exact matches as you'd get with using grep.
exiqgrep - Similar to exigrep exiqgrep is another search function defined here as follows:
If I want to search the entire exim queue (not log but the queue meaning messages waiting in queue) for messages that originated from the firstname.lastname@example.org user I'd use the -f flag
exiqgrep -f email@example.com
If I wanted to search for messages that have the recipient of firstname.lastname@example.org I would use the -r flag:
exiqgrep -r email@example.com
This could be useful if you're for whatever reason unable to use the Mail Queue Manager and looking for a potential spammer, you might want to know how many messages you have in queue right now that firstname.lastname@example.org has sent. To do that you'd run something like this:
exiqgrep -f email@example.com| wc -l
You might find after running that, firstname.lastname@example.org has 1000000000 messages in the queue. Yea maybe that's too many, but lets say you're wanting to remove those. You could then run something like:
exiqgrep -i -f email@example.com |xargs exim -Mrm
The -i flag is to just list message ID's the -f flag is to only look at messages firstname.lastname@example.org sent. This command builds the list then pipes it to exim -Mrm which deletes the messages
exiwhat - What the heck is exim even doing right now? (not the formal definition but it does the trick)
exiwhat 535 daemon(4.91): -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)
exim -bp - print all messages in queue. This is helpful when you want so see something like all the messages in queue for one specific user or destination:
exim -bp |grep email@example.com
exim -bpc - count all messages in the queue. In other words how many messages is exim trying to manage right now?
exim -bpc 1000
exim -Mvh <MessageID> - This will get you the headers of a message in the queue
exim -Mvb <MessageID> - This will get you the body of a message in the queue
exim -bh <IPAddress> - run a fake SMTP transaction as though it were originating from the given IP address. What happens when exim receives a message from this IP (optionally from this IP on this port)
exim -bh 126.96.36.199
Optionally with the port:
exim -bh 188.8.131.52.25
Note: if you do include the port number note that it needs to be included after a '.' not a ':'
exim -bt - test how exim will route an address
exim -bt firstname.lastname@example.org
exim -d - run exim with debug options. This can be run with any of the flags given to output debug information - be warned it's a lot of data but can be extremely useful.
exim -d -bt email@example.com
exim -Mrm <MessageID> - remove a single message from the queue by Message ID. You can also remove multiple emails with this flag. I would recommend though, that you don't do this through the CLI on cPanel/WHM servers but rather go to WHM>>Email>>Mail Queue Manager to remove them if they must be removed.
For more information on reading and understanding the exim log we also have this resource Tutorial - Reading and Understanding the exim main_log