HowTo: Enable extended logging for exim

When troubleshooting mail or attempting to discover the source of spam originating from your server, it is often useful to enable extended Exim logging.

You can enable extended logging for exim though your shell prompt as well as through WHM interface. I am giving the steps for both ways one by one:

1. Through shell prompt:

1. Open exim.conf

2) Find this:

hostlist auth_relay_hosts = *

3) After hostlist auth_relay_hosts = *

add the following:

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

4) The final result should look like this

hostlist auth_relay_hosts = *

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn

5) Save and restart exim.

DONE!

2. Through WHM interface:

1. Login to WHM

2. Go to Service Configuration >> Exim Configuration Editor

3. Click on advanced section.

4. A blank box will be present in there.

5. Add the following line there:
log_selector=+all

6. Click the save button and exim will be restarted automatically and the changes will be affected.

DONE!



To check spamming
=============



Run the following script through shell:

# grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

The output will look like this:

=============
root@vps [/usr/local/apache/domlogs]# grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n
2 cwd=/tmp
2 cwd=/var/spool/exim/input/1
6 cwd=/home/wwwalpha
30 cwd=/root
529 cwd=/home/italian/public_html
1164 cwd=/var/spool/exim
=============

Then check domlogs for that domain.

Thank you.


Comments

Post a Comment

Popular posts from this blog

SVN: File remains in conflict

12 tweakings for WHM/cPanel to speed up WordPress