exim is a popular mailserver. You can use the exim command to administer, get info from, and other interactions with the exim mailserver.
Files and Such
/var/log/exim_mainlog - exim's logs
(inside the cPanel user's home folder, e.g. /home/bosmar/mail/)
new - mail that has not been read
cur - mail that has been read
Command Line Options
exim -Mvh messageID show email header for the specified message
exim -Mvb messageID show the body of the email
exim -Mvc messageID show the compete message, including headers
exim -Mvl messageID show the logs for the specified email (faster than greping the exim log)
exim -Mrm messageID remove the specified message from the queue
exim -bpc show the number of e-mails in the queue
exim -bp show the e-mails in the queue
exim -bt person@ example. com Sends a "test message" to the specified e-mail address. Kind of a "traceroute for exim".
-v Verbose. Can be used with any other options.
Exim Mail log Notation Guide
(or, What do All These Weird Things in the exim Mainlog Mean?)
(See also: Log Locations )
<= message arrival => normal message delivery -> additional address in same delivery >> cutthrough message delivery *> delivery suppressed by -N ** delivery failed; address bounced == delivery deferred; temporary problem A authenticator name (and optional id and sender) C SMTP confirmation on delivery command list for "no mail in SMTP session" CV certificate verification status D duration of "no mail in SMTP session" DN distinguished name from peer certificate DT on => lines: time taken for a delivery F sender address (on delivery lines)q H host name and IP address I local interface used id message id for incoming message P on <= lines: protocol used on => and ** lines: return path PRX on <= and=> lines: proxy address QT on => lines: time spent on queue so far on "Completed" lines: time spent on queue R on <= lines: reference for local bounce on => >> ** and == lines: router name S size of message in bytes SNI server name indication from TLS client hello ST shadow transport name T on <= lines: message subject (topic) on => ** and == lines: transport name U local user or RFC 1413 identity X TLS cipher suite
exigrep grep for mail logs
exigrep email@example.com /var/log/exim_mainlog - Search for the phrase "firstname.lastname@example.org" in the exim logs.
exiqgrep -f [user]@domain.tld - search the exim queue for messages from the specified user.
exiqgrep -r [user]@domain.tld - use the -r flag to search for a recipient
exiqgrep -o 172800 - look for messages older than a day
exiqgrep -y 1800 - look for messages younger than 30 minutes
exiqgrep -i - search by message ID
exim one-liner cheat sheet:
Exim Settings for RDNS and such
The easiest method to see a full version of the files with proper syntax is to temporarily enable the following "automatic" option: WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Domains and IPs
(* Automatically send outgoing mail from the account's IP address instead of the main IP address. Warning: If you turn this setting on you should make sure reverse DNS entries match the ones in /etc/mail_reverse_dns)
The above option will create the files so you can simply view their contents to see how they are used.
Alternatively, you can manually create them based off the following examples, while being sure to use your own domains and IP addresses where applicable; however, please note that to retain customizations of the two files, mailhelo and mailips, it is necessary to enable the relevant options via the Exim Configuration Editor in WHM as seen below.
WHM: Main >> Service Configuration >> Exim Configuration Editor >> Standard Options >> Domains and IPs
- Send HELO based on the domain name in /etc/mailhelo (*: HELONAME can be added to the file to change the default helo name)
- Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)
Full Path: "/etc/mailhelo" Code:
domain2.tld: domain2.tld sub.domain2.tld: domain2.tld addondomain.tld: domain2.tld other.domain3.tld: other.domain3.tld *: server1.domain1.tld
In mailhelo, the example entry that begins with an asterisk sets the default HELO for domains without their own specific entry; you could, if desired, just have the default set and nothing else.
The "#.#.#.#" entries in the following two examples are meant to represent IP addresses on your system; be sure to use only valid, public IP addresses that are accessible via the Internet.
Full Path: "/etc/mailips" Code:
domain2.tld: #.#.#.2 sub.domain2.tld: #.#.#.2 addondomain.tld: #.#.#.2 other.domain3.tld: #.#.#.3 *: #.#.#.1
In mailips, the example entry that begins with an asterisk sets the default outbound (sending) IP address for domains without their own specific entry; you could, if desired, just have the default set and nothing else.
You should not have to manually edit or manage the mail_reverse_dns file; the only two that you would manually edit are mailhelo and mailips. For the sake of showing an example, though, here is what the mail_reverse_dns file might look like:
Full Path: "/etc/mail_reverse_dns" Code:
#.#.#.1: server1.domain1.tld #.#.#.2: domain2.tld #.#.#.3: other.domain3.tld
To help understand why the above examples look the way they do, in terms of why a particular domain has a specific HELO value and or why a particular domain has a specific outbound IP, and to help show what you might expect to see from the aforementioned "automatic" option, the following could be assumed: 1.) "domain2.tld" is a primary domain 2.) "sub.domain2.tld" is a sub-domain of "domain2.tld" 3.) "addondomain.tld" is an add-on domain of "domain2.tld" 4.) "other.domain3.tld" is a also primary domain 5.) "server1.domain1.tld" is the server hostname
If you opt to manually create, update and manage the mailhelo and mailips files, you are free to customize them as needed provided they contain the correct syntax and use only valid domains and IP addresses.
What's Exim Currently Doing?
exitwhat - whows active connections being handled.
ps -C exim wwwu - list all running exim processes
lsof -c exim - list of files being accessed by exim
Testing with Telnet
telnet $serverIP $port - (Dovecot port is 143) It should say "OK, Dovecot Ready" or similar
login $email_to_test $password - It should display information about the mailbox, then "Logged In"
list ""* - This command should list all folders in the mailbox.
logout - This logs you out, and closes telnet
Testing SSL mail with OpenSSL
opensss s_client -connect $server_IP - lots of stuff, should say dovecot ready.
login $email_address_to_test $password - logged in
list “” * should show e-mail folders
logout logs out and closes openssl s_client
Filter mail at the Exim level
/etc/cpanel_exim_system_filter (you may want to back this up first)
To forward all messages that come to a domain to a single address:
if $sender_address_domain is domain.com unseen deliver email@example.com endif
To forward all messages from one user to another:
if $sender_address_domain is firstname.lastname@example.org unseen deliver email@example.com endif