Exim Queue Scripts
Contents
- 1 Overview
- 2 Script
- 2.1 Find top sending addresses for current messages in queue
- 2.2 Find messages with specific element (subject, to, from etc)
- 2.3 Get message IDs for messages from a specific sender
- 2.4 Get list of IP addresses sending messages from specific address
- 2.5 Display specific field
- 2.6 Delete messages based on specific element (IE Subject, To, From etc)
- 2.7 Delete messages based on address
- 2.8 Advanced sender find
- 2.9 Advanced message delete based on address
- 2.10 Advanced NDR delete
- 3 What to change
Overview
Different scripts to search the exim queue.
 | Note these scripts have been recently changed to look only at the 0 queue by default. This will allow for faster scan times that should still represent the queue as a whole. |
Script
Find top sending addresses for current messages in queue
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | cut -d " " -f2 | sort | uniq -c | sort -rn
Find messages with specific element (subject, to, from etc)
Note this will only return the message IDs and does not corralate any information.
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep '<ELEMENT>' | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3
Get message IDs for messages from a specific sender
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | grep <EMAIL ADDRESS> | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3
Get list of IP addresses sending messages from specific address
[bash,n]
for i in $(find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | grep <EMAIL ADDRESS> | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3);
do exim -Mvh $i | grep helo | cut -d "[" -f2 | cut -d "]" -f1| grep -v helo_name; done | sort | uniq -c | sort -n
Display specific field
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep 'Subject' | cut -d: -f3- | sort | uniq -c | sort -nr
Delete messages based on specific element (IE Subject, To, From etc)
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep '<ELEMENT>' | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3 | xargs exim -Mrm
Delete messages based on address
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | grep <EMAIL ADDRESS> | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3 | xargs exim -Mrm
Advanced sender find
Makes it easier to identify spamming accounts with large exim queues
[bash,n]
for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}');
do echo "Searching $dir directory";
echo "Getting emails in directory";
email=`find /var/spool/exim/input/$dir -name '*-H'`;
ecount=`echo "$email" | wc -l`;
if $email != "" ;
then
echo -e "\e[0;31mFound $ecount messages\e[0m";
echo "$email" | xargs grep 'auth_id' | cut -d " " -f2 | sort | uniq -c | sort -rn;
fi;
done;
Advanced message delete based on address
Makes it easier to delete messages in large spam queues
[bash,n]
for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}');
do echo "Cleaning up $dir";
echo "Getting emails in directory";
email=`find /var/spool/exim/input/$dir -name '*-H'`;
ecount=`echo "$email" | wc -l`;
echo "Found $ecount messages";
spam=`echo "$email" | xargs grep 'auth_id' | grep <EMAIL ADDRESS> | cut -d: -f1 | cut -d- -f1-3`
scount=`echo "$spam" | wc -l`;
echo "Found $scount spam messages";
echo "Deleting";
for msg in $(echo "$spam" | rev | cut -d "/" -f1 | rev); do exim -Mrm $msg; done;
done;
Advanced NDR delete
Removes Delivery Status Notifications per mail queue
[bash,n]
for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}');
do echo "Cleaning up $dir";
echo "Getting emails in directory";
email=`find /var/spool/exim/input/$dir -name '*-H'`;
ecount=`echo "$email" | wc -l`;
echo "Found $ecount messages";
spam=`echo "$email" | xargs grep 'Subject: Delivery Status Notification' | cut -d: -f1 | cut -d- -f1-3;`
scount=`echo "$spam" | wc -l`;
echo "Found $scount spam messages";
echo "Deleting";
for email in $(echo "$spam" | rev | cut -d "/" -f1 | rev);
do exim -Mrm $email;
done;
done;
