Frequently used exim commands

269ac00f765508cb74b25d006dbf5bb2

Written by Dennis Nind

Last published at: February 8th, 2019

Commands:

We'll go over a lot of commonly used commands and we'll start with exigrep since it's (my) most used and I think most useful exim specific command. Similar to grep but for exim.


exigrep - this is defined in its man page as follows:


Examples:

Find a specific message by message ID (MID)

Code:

exigrep <messageID> /var/log/exim_mainlog

(If you're not sure how to get the Message ID I'll show you how to do that later on)


You can also use exigrep to search for a user or domain:


Code:

exigrep test@example.com /var/log/exim_mainlog

You get a little more advanced with this and look for just outgoing mail for one specific user:

Code:

exigrep "<= .*user@domain.tld" /var/log/exim_mainlog
  • Keep in mind exigrep gives you the log data for the message ID and related log entries, not just the exact matches as you'd get with using grep.


exiqgrep Similar to exigrep exiqgrep is another search function defined here as follows:

Examples:


If I want to search the entire exim queue (not log but the queue meaning messages waiting in queue) for messages that originated from the test@test.com user I'd use the -f flag

Code:

exiqgrep -f test@test.com

If I wanted to search for messages that have the recipient of test@test.com I would use the -r flag:

Code:

exiqgrep -r test@test.com

This could be useful if you're for whatever reason unable to use the Mail Queue Manager and looking for a potential spammer, you might want to know how many messages you have in queue right now that suspicious@yourdomain.com has sent. To do that you'd run something like this:


Code:

exiqgrep -f suspicious@yourdomain.tld| wc -l

You might find after running that, suspicious@yourdomain.tld has 1000000000 messages in the queue. Yea maybe that's too many, but lets say you're wanting to remove those. You could then run something like:


Code:

exiqgrep -i -f suspicious@yourdomain.tld |xargs exim -Mrm

The -i flag is to just list message ID's the -f flag is to only look at messages suspicious@yourdomain.tld sent. This command builds the list then pipes it to exim -Mrm which deletes the messages


exiwhat What the heck is exim even doing right now? (not the formal definition but it does the trick)

Examples:

Code:

exiwhat
  535 daemon(4.91): -q1h, listening for SMTP on port 25 (IPv6 and IPv4) port 587 (IPv6 and IPv4) and for SMTPS on port 465 (IPv6 and IPv4)


Exim Flags:



exim -bp
- print all messages in queue. This is helpful when you want so see something like all the messages in queue for one specific user or destination:

Code:

exim -bp |grep user@domain.tld

exim -bpc - count all messages in the queue. In other words how many messages is exim trying to manage right now?

Code:

exim -bpc
1000


exim -Mvh <MessageID>
- This will get you the headers of a message in the queue

exim -Mvb <MessageID> - This will get you the body of a message in the queue


exim
-bh <IPAddress>
- run a fake SMTP transaction as though it were originating from the given IP address. What happens when exim receives a message from this IP (optionally from this IP on this port)

Code:

exim -bh 111.111.111.100

Optionally with the port:

Code:

exim -bh 111.111.111.100.25

Note: if you do include the port number note that it needs to be included after a '.' not a ':'

exim -bt - test how exim will route an address

Code:

exim -bt user@domain.tld


exim -d 
- run exim with debug options. This can be run with any of the flags given to output debug information - be warned it's a lot of data but can be extremely useful.

Code:

exim -d -bt user@domain.tld


exim -Mrm <MessageID> - remove a single message from the queue by Message ID. You can also remove multiple emails with this flag. I would recommend though, that you don't do this through the CLI on cPanel/WHM servers but rather go to WHM>>Email>>Mail Queue Manager to remove them if they must be removed.


For more information on reading and understanding the exim log we also have this resource Tutorial - Reading and Understanding the exim main_log