Increase Exim Logging to Catch Spammers

**Aric** · November 8th, 2004, 1:39 PM

It can be tricky to track down a spammer on your server sometimes. In addition to the features Exim already offers, you can increase what Exim logs every time it handles mail. This will help you better track down spammers and kill them if they are using your server.

Go into WHM and click on the Exim Configuration Editor.

Click on "Advanced Mode" and in the first white box at the top paste in the following:

Code:

log_selector =  +address_rewrite  +all_parents  +arguments  +connection_reject  +delay_delivery  +delivery_size  +dnslist_defer  +incoming_interface  +incoming_port  +lost_incoming_connection  +queue_run  +received_sender  +received_recipients  +retry_defer  +sender_on_delivery  +size_reject  +skip_delivery  +smtp_confirmation  +smtp_connection  +smtp_protocol_error  +smtp_syntax_error  +subject  +tls_cipher  +tls_peerdn

Scroll all the way to the bottom and save changes. That will change your /etc/exim.conf file AND make sure that if Exim is upgraded by CPANEL, your changes won't be lost.

Now if you want to look for spammers, you can just investigate the /var/log/exim_mainlog file.

For example:

tail -f /var/log/exim_mainlog

will show you in real-time what's happening with Exim.

If you want to look for something in particular, just pipe the results through grep.

tail -f /var/log/exim_mainlog | grep c1al1s

will look for entries with the common spammer phrase c1al1s.

Once you find a suspicious entry, the increased logging will tell you where when and how the message was sent.

November 8th, 2004, 1:39 PM	#1 (permalink)
Aric Just Some Guy.. Comfy Contributor Joined in Oct 2003 127 posts Gave thanks: 0 Thanked 5 times	Increase Exim Logging to Catch Spammers It can be tricky to track down a spammer on your server sometimes. In addition to the features Exim already offers, you can increase what Exim logs every time it handles mail. This will help you better track down spammers and kill them if they are using your server. Go into WHM and click on the Exim Configuration Editor. Click on "Advanced Mode" and in the first white box at the top paste in the following: Code: log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn Scroll all the way to the bottom and save changes. That will change your /etc/exim.conf file AND make sure that if Exim is upgraded by CPANEL, your changes won't be lost. Now if you want to look for spammers, you can just investigate the /var/log/exim_mainlog file. For example: tail -f /var/log/exim_mainlog will show you in real-time what's happening with Exim. If you want to look for something in particular, just pipe the results through grep. tail -f /var/log/exim_mainlog \| grep c1al1s will look for entries with the common spammer phrase c1al1s. Once you find a suspicious entry, the increased logging will tell you where when and how the message was sent.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)