Exim Queue Scripts
Contents
Overview
Different scripts to search the exim queue.
Script
Find top sending addresses for current messages in queue
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | cut -d " " -f2 | sort | uniq -c | sort -rn
Get message IDs for messages from a specific sender
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | grep <EMAIL ADDRESS> | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3
Get list of IP addresses sending messages from specific address
[bash,n]
for i in $(find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | grep <EMAIL ADDRESS> | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3);
do exim -Mvh $i | grep helo | cut -d "[" -f2 | cut -d "]" -f1| grep -v helo_name; done | sort | uniq -c | sort -n
Delete messages based on address
[bash,n]
find /var/spool/exim/input -name '*-H' | xargs grep 'auth_id' | grep <EMAIL ADDRESS> | cut -d: -f1 | cut -d/ -f7 | cut -d- -f1-3 | xargs exim -Mrm
Advanced sender find
Makes it easier to identify spamming accounts with large exim queues
[bash,n]
for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}');
do echo "Searching $dir directory";
echo "Getting emails in directory";
email=`find /var/spool/exim/input/$dir -name '*-H'`;
ecount=`echo "$email" | wc -l`;
if $email != "" ;
then
echo -e "\e[0;31mFound $ecount messages\e[0m";
echo "$email" | xargs grep 'auth_id' | cut -d " " -f2 | sort | uniq -c | sort -rn;
fi;
done;
Advanced message delete based on address
Makes it easier to delete messages in large spam queues
[bash,n]
for dir in $(ls -l /var/spool/exim/input/ | grep -v "\." | awk '{print $9}');
do echo "Cleaning up $dir";
echo "Getting emails in directory";
email=`find /var/spool/exim/input/$dir -name '*-H'`;
ecount=`echo "$email" | wc -l`;
echo "Found $ecount messages";
spam=`echo "$email" | xargs grep 'auth_id' | grep <EMAIL ADDRESS< | cut -d: -f1 | cut -d- -f1-3;`
scount=`echo "$spam" | wc -l`;
echo "Found $scount spam messages";
echo "Deleting";
echo "$spam" | xargs exim -Mrm;
done;
