Difference between revisions of "Exim Queue Scripts"

Revision as of 13:51, 1 March 2013

Overview

Different scripts to search the exim queue.

Note these scripts have been recently changed to look only at the 0 queue by default. This will allow for faster scan times that should still represent the queue as a whole.

Query Scripts

Find top sending addresses for current messages in queue

[bash,n] find /var/spool/exim/input/0 -name '*-H' | xargs grep 'auth_id' | cut -d " " -f2 | sort | uniq -c | sort -rn

Find messages with specific element (subject, to, from etc)

Note this will only return the message IDs and does not corralate any information. [bash,n] find /var/spool/exim/input/0 -name '*-H' | xargs grep '$ELEMENT' | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3

Get message IDs for messages from a specific sender

[bash,n] find /var/spool/exim/input/0 -name '*-H' | xargs grep 'auth_id' | grep $EMAILADDRESS | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3

Get list of IP addresses sending messages from specific address

[bash,n] for i in $(find /var/spool/exim/input/0 -name '*-H' | xargs grep 'auth_id' | grep $EMAILADDRESS | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3);

do exim -Mvh $i | grep helo | cut -d "[" -f2 | cut -d "]" -f1| grep -v helo_name; done | sort | uniq -c | sort -n

Display specific field

[bash,n]

find /var/spool/exim/input/0 -name '*-H' | xargs grep 'Subject' | cut -d: -f3- | sort | uniq -c | sort -nr

Delete Scripts

Delete messages based on specific element (IE Subject, To, From etc)

[bash,n] find /var/spool/exim/input -name '*-H' | xargs grep '$ELEMENT' | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3 | xargs exim -Mrm

Delete messages based on address

[bash,n] find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | grep $EMAILADDRESS | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3 | xargs exim -Mrm

Advanced Scripts

These scripts are a bit more advanced and will work on each sub-folder in the queue one at a time. This means that spam will start being removed from the server much faster.

Advanced sender find

Makes it easier to identify spamming accounts with large exim queues.

Most likely you will want to run the normal sender find above as this will return lists for each queue folder.

[bash,n] for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}'); do echo "Searching $dir directory"; echo "Getting emails in directory"; email=`find /var/spool/exim/input/$dir -name '*-H'`; ecount=`echo "$email" | wc -l`; if $email != "" ; then echo -e "\e[0;31mFound $ecount messages\e[0m"; echo "$email" | xargs grep 'auth_id' | cut -d " " -f2 | sort | uniq -c | sort -rn; fi; done;

Advanced message delete based on address

Makes it easier to delete messages in large spam queues.

You will need to change EMAILADDRESS. [bash,n] EMAILADDRESS=; for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}'); do echo "Cleaning up $dir"; echo "Getting emails in directory"; email=`find /var/spool/exim/input/$dir -name '*-H'`; ecount=`echo "$email" | wc -l`; echo "Found $ecount messages"; spam=`echo "$email" | xargs grep 'auth_id' | grep $EMAILADDRESS | cut -d: -f1 | cut -d- -f1-3` scount=`echo "$spam" | wc -l`; echo "Found $scount spam messages"; echo "Deleting"; for msg in $(echo "$spam" | rev | cut -d "/" -f1 | rev); do exim -Mrm $msg; done; done;

Advanced NDR delete

Removes Delivery Status Notifications per mail queue.

You can change the subject to delete other messages such as NDRs or what ever other verbage is used in the message.

[bash,n] SUBJECT='Delivery Status Notification'; for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}'); do echo "Cleaning up $dir"; echo "Getting emails in directory"; email=`find /var/spool/exim/input/$dir -name '*-H'`; ecount=`echo "$email" | wc -l`; echo "Found $ecount messages"; spam=`echo "$email" | xargs grep "Subject: $SUBJECT" | cut -d: -f1 | cut -d- -f1-3;` scount=`echo "$spam" | wc -l`; echo "Found $scount spam messages"; echo "Deleting"; for email in $(echo "$spam" | rev | cut -d "/" -f1 | rev); do exim -Mrm $email; done; done;

What to change