From Psygen Wiki
Jump to: navigation, search

exim is a popular mailserver. You can use the exim command to administer, get info from, and other interactions with the exim mailserver.

Files and Such

/var/log/exim_mainlog - exim's logs

Mail Directories
(inside the cPanel user's home folder, e.g. /home/bosmar/mail/)

new - mail that has not been read cur - mail that has been read

Command Line Options

exim -Mvh messageID show email header for the specified message

exim -Mvb messageID show the body of the email

exim -Mvc messageID show the compete message, including headers

exim -Mvl messageID show the logs for the specified email (faster than greping the exim log)

exim -Mrm messageID remove the specified message from the queue

exim -bpc show the number of e-mails in the queue

exim -bp show the e-mails in the queue

exim -bt person@ example. com Sends a "test message" to the specified e-mail address. Kind of a "traceroute for exim".

-v Verbose. Can be used with any other options.

Exim Mail log Notation Guide

(or, What do All These Weird Things in the exim Mainlog Mean?)

(See also: Log Locations )

<=     message arrival
=>     normal message delivery
->     additional address in same delivery
>>     cutthrough message delivery
*>     delivery suppressed by -N
**     delivery failed; address bounced
==     delivery deferred; temporary problem

A           authenticator name (and optional id and sender)
C           SMTP confirmation on delivery
            command list for "no mail in SMTP session"
CV          certificate verification status
D           duration of "no mail in SMTP session"
DN          distinguished name from peer certificate
DT          on => lines: time taken for a delivery
F           sender address (on delivery lines)q
H           host name and IP address
I           local interface used
id          message id for incoming message
P           on <= lines: protocol used
            on => and ** lines: return path
PRX         on <= and=> lines: proxy address
QT          on => lines: time spent on queue so far
            on "Completed" lines: time spent on queue
R           on <= lines: reference for local bounce
            on =>  >> ** and == lines: router name
S           size of message in bytes
SNI         server name indication from TLS client hello
ST          shadow transport name
T           on <= lines: message subject (topic)
            on => ** and == lines: transport name
U           local user or RFC 1413 identity
X           TLS cipher suite


exigrep grep for mail logs


exigrep spam@psygen.org /var/log/exim_mainlog - Search for the phrase "spam@psygen.org" in the exim logs.

exiqgrep -f [user]@domain.tld - search the exim queue for messages from the specified user.

exiqgrep -r [user]@domain.tld - use the -r flag to search for a recipient

exiqgrep -o 172800 - look for messages older than a day exiqgrep -y 1800 - look for messages younger than 30 minutes exiqgrep -i - search by message ID

exim one-liner cheat sheet:

Exim Settings for RDNS and such

The easiest method to see a full version of the files with proper syntax is to temporarily enable the following "automatic" option: WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Domains and IPs

(* Automatically send outgoing mail from the account's IP address instead of the main IP address. Warning: If you turn this setting on you should make sure reverse DNS entries match the ones in /etc/mail_reverse_dns)

The above option will create the files so you can simply view their contents to see how they are used.

Alternatively, you can manually create them based off the following examples, while being sure to use your own domains and IP addresses where applicable; however, please note that to retain customizations of the two files, mailhelo and mailips, it is necessary to enable the relevant options via the Exim Configuration Editor in WHM as seen below.

WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Domains and IPs

  • Send HELO based on the domain name in /etc/mailhelo (*: HELONAME can be added to the file to change the default helo name)
  • Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)

Full Path: "/etc/mailhelo" Code:

domain2.tld: domain2.tld
sub.domain2.tld: domain2.tld
addondomain.tld: domain2.tld
other.domain3.tld: other.domain3.tld
*: server1.domain1.tld

In mailhelo, the example entry that begins with an asterisk sets the default HELO for domains without their own specific entry; you could, if desired, just have the default set and nothing else.

The "#.#.#.#" entries in the following two examples are meant to represent IP addresses on your system; be sure to use only valid, public IP addresses that are accessible via the Internet.

Full Path: "/etc/mailips" Code:

domain2.tld: #.#.#.2
sub.domain2.tld: #.#.#.2
addondomain.tld: #.#.#.2
other.domain3.tld: #.#.#.3
*: #.#.#.1

In mailips, the example entry that begins with an asterisk sets the default outbound (sending) IP address for domains without their own specific entry; you could, if desired, just have the default set and nothing else.

You should not have to manually edit or manage the mail_reverse_dns file; the only two that you would manually edit are mailhelo and mailips. For the sake of showing an example, though, here is what the mail_reverse_dns file might look like:

Full Path: "/etc/mail_reverse_dns" Code:

#.#.#.1: server1.domain1.tld
#.#.#.2: domain2.tld
#.#.#.3: other.domain3.tld

To help understand why the above examples look the way they do, in terms of why a particular domain has a specific HELO value and or why a particular domain has a specific outbound IP, and to help show what you might expect to see from the aforementioned "automatic" option, the following could be assumed: 1.) "domain2.tld" is a primary domain 2.) "sub.domain2.tld" is a sub-domain of "domain2.tld" 3.) "addondomain.tld" is an add-on domain of "domain2.tld" 4.) "other.domain3.tld" is a also primary domain 5.) "server1.domain1.tld" is the server hostname

If you opt to manually create, update and manage the mailhelo and mailips files, you are free to customize them as needed provided they contain the correct syntax and use only valid domains and IP addresses.

What's Exim Currently Doing?

exitwhat - whows active connections being handled.

ps -C exim wwwu - list all running exim processes

lsof -c exim - list of files being accessed by exim

Testing with Telnet

telnet $serverIP $port - (Dovecot port is 143) It should say "OK, Dovecot Ready" or similar

login $email_to_test $password - It should display information about the mailbox, then "Logged In"

list ""* - This command should list all folders in the mailbox.

logout - This logs you out, and closes telnet

Testing SSL mail with OpenSSL

opensss s_client -connect $server_IP - lots of stuff, should say dovecot ready.

login $email_address_to_test $password - logged in

list “” * should show e-mail folders

logout logs out and closes openssl s_client

Filter mail at the Exim level

edit /etc/cpanel_exim_system_filter (you may want to back this up first)

To forward all messages that come to a domain to a single address:

if $sender_address_domain is domain.com
 unseen deliver name@address.com

To forward all messages from one user to another:

if $sender_address_domain is user1@domain.com
unseen deliver user2@domain.com


  1. Exim documentation
  2. cPanel Fourums: /etc/mail*
  3. Exim Manual-Filters