cPanel Mail

-----------------------------------------------------

Common Notifications from CSF/LFD

 

Search exim logs:

grep "no_reply.bdw@railcar.mgt.com" /var/log/exim*

grep "dnelson@bdwrail.com" /var/log/exim_mainlog
grep "dnelson@bdwrail.com" /var/log/exim_paniclog
grep "dnelson@bdwrail.com" /var/log/exim_rejectlog
grep "bdwrail.com" /var/log/exim_rejectlog
grep "railcarmgt.com" /var/log/exim_rejectlog

zgrep "dnelson@bdwrail.com" /var/log/exim_mainlog*
zgrep "dnelson@bdwrail.com" /var/log/exim_paniclog*
zgrep "dnelson@bdwrail.com" /var/log/exim_rejectlog*
zgrep "bdwrail.com" /var/log/exim_rejectlog*
zgrep "railcarmgt.com" /var/log/exim_rejectlog*

zgrep "2017-01-27 08:3" /var/log/exim_mainlog* | grep "estimating@ediwyo.com"

zgrep "estimating@ediwyo.com" /var/log/exim_mainlog* | wc -l

 

Quick way to list all email accounts:
find /home -type f -name "maildirsize"
find /home -type f -name "maildirsize" | grep "wyoptv"

(There will be one extraneous result per account under /home/accountname/mail/maildirsize.)



A user’s email is stored in /home/user/mail/<domain>/<emailuser>/…

/home/username/mail (mail folder)
       /domain.com (domain)
       admin (email user)
       maildirsize (quota/usage summary, expendable)
       cur (default inbox for read email)
       new (default email for unread email)
       Drafts ( sample folder )
             – cur (read email)
             – new (unread email)

/home/username/etc
       /domain.com (domain)
             passwd (contains email account list and UIDs, similar to /etc/passwd)
             shadow (contains email passwords, similar to /etc/shadow)

             quota (contains email account quota info)
 
 
/home/<USERNAME>/mail/<DOMAIN>/<MAILUSER>/cur 
/home/<USERNAME>/etc/<DOMAIN>passwd 


-----------------------------------------------------

There is a script in cPanel to fix the permission and ownership of mailboxes with the user account provided:

/scripts/mailperm $username
- OR -
/usr/local/cpanel/scripts/mailperm $username 



The permissions should be as follows:

– /home/user/etc (user:mail, 755)
– domain.com (user:mail, 770)
– passwd (user:mail, 644)
– shadow (user:mail, 644)

The other permissions can be 755 user:user, as those files don’t affect email delivery.

-----------------------------------------------------

/home/cornerst/mail/cornerstoneriverton.org/pastorian/cur

/home/cornerst/mail/cornerstoneriverton.org/pastorian/new
 
-----------------------------------------------------
 
To completely disable email for one account we can change the permission of /etc directory for that particular user.

chmod 0 /home/modelsig/etc
chattr +ia /home/modelsig/etc


To undo this run the chattr again:

chattr -ia /home/modelsig/etc
chmod 750 /home/modelsig/etc
 
-----------------------------------------------------
 
Count files:

ls -l /home/cornerst/mail/cornerstoneriverton.org/pastorian/cur | wc -l

ls -l /home/cornerst/mail/cornerstoneriverton.org/pastorian/new | wc -l
 

less /home/cornerst/mail/cornerstoneriverton.org/pastorian/cur/1436002916.000066.mbox:2,
grep 'cornerstoneriverton.org' /home/cornerst/mail/cornerstoneriverton.org/pastorian/cur/1436002916.000066.mbox:2,

/home/cornerst/etc/cornerstoneriverton.org/
/home/cornerst/etc/cornerstoneriverton.org/passwd
/home/cornerst/etc/cornerstoneriverton.org/shadow
/home/cornerst/etc/cornerstoneriverton.org/quota

-----------------------------------------------------
-----------------------------------------------------
 
Exim Mail (See file path locations below: cPanel Email log)
 
 
/etc/exim.conf (exim configuration location)
exiwhat
exim -bpc (count emails in queue)
exim -bp (details of emails in queue)
 
 
Exim Config Manager >> Trusted SMTP IP Addresses (for Rackspace)
cat /etc/skipsmtpcheckhosts
IP addresses exempt from SMTP checks
 
 
Summary of emails in queue.
exim -bp|exiqsumm
exim -bp|exiqsumm | tail -20

Sort by count with sender name:
exim -bpr|grep "<"|awk {'print $4'}|cut -d"<" -f2|cut -d">" -f1|sort -n|uniq -c|sort -n

Count frozen emails:
exim -bp|grep frozen|wc -l

Remove all messages for a particular sender:
exim -bpr| grep sendername| awk '{print $3}'|xargs exim -Mrm

View a message's headers:
exim -Mvh <message-id>

View a message's body:
exim -Mvb <message-id>
 
View a message's log:
exim -Mvl <message-id>
 
Keep an eye on exim_mainlog:
tail -f /var/log/exim_mainlog

Look for string in the exim_mainlog:
cat /var/log/exim_mainlog | grep 67.192.59.201

Look for string in the exim_rejectlog:
cat /var/log/exim_rejectlog | grep 67.192.59.201
 
 
exiqgrep

Total count of emails by sender:
exiqgrep -cf root@sundance.wyoming.com

Total count of emails by recipient:
exiqgrep -cr root@sundance.wyoming.com

Find message from specific sender:
exiqgrep -f larry@kpax.com
exiqgrep -f kpax.com

Find message from specific recipient:
exiqgrep -r larry@kpax.com
exiqgrep -r root@sundance.wyoming.com

Remove frozen emails:
exiqgrep -zi|xargs exim -Mrm
 
Remove all emails from the Exim mail queue:
exiqgrep -i|xargs exim -Mrm

Remove all messages older than 5 days:
exiqgrep -o 432000 -i | xargs exim -Mrm
 
Freeze all queued mail from a given sender:
exiqgrep -i -f luser@example.tld | xargs exim -Mf

..........

LIST ALL MESSAGES FROM PARTICULAR SENDER:
exiqgrep -f user@domain
exiqgrep -f johnvinc@sundance.wyoming.com


LIST ALL MESSAGES TO PARTICULAR RECIPIENT:
exiqgrep -r user@domain
exiqgrep -r johnvinc@sundance.wyoming.com


LIST ALL MESSAGES OLDER THAN 1 DAY:
exiqgrep -o 86400


LIST ALL MESSAGES YOUNGER THAN 1 HOUR:
exiqgrep -y 3600


LIST ALL FROZEN MESSAGES:
exiqgrep -z


LIST ALL UNFROZEN MESSAGES:
exiqgrep -x


REMOVE ALL FROZEN MESSAGES:
exiqgrep -z -i | xargs exim -Mrm


REMOVE ALL MESSAGES FROM A USER:
exiqgrep -i -f $user | xargs exim -Mrm


REMOVE ALL MESSAGES TO A USER:
exiqgrep -i -r "RestaurantPromotionsUsa" | xargs exim -Mrm
exiqgrep -i -r "johnvinc" | xargs exim -Mrm

 

 
 
 
...................................................................
 
Set allowed relay IPs:
      cat /etc/relayhosts
      cat /etc/alwaysrelay
 
            - antirelayd is a daemon that checks /var/log/maillog for pop3/imap logins and keeps track of valid ones for use with smtp relaying. It manages the /etc/relayhosts file automatically, so if you are trying to add a static IP in that file it will be cleaned up by antirelayd
 
            - Normally /etc/alwaysrelay will not exist, but if it does just edit the file and append the needed IPs.
 
            - Add each IP on a separate line. After this either restart antirelayd or wait for a little while and it will automatically include these IPs in /etc/relayhosts and they will not be cleaned any more (permanent relay).

            - The same result can be achieved by creating a different file (for ex. /etc/staticrelay) and including it in the exim configuration (in the relay_hosts config similar to /etc/relayhosts). This file will be manually maintained and not cleaned up by antirelayd so the result is the same.
...................................................................
 
 
 
Restart exim:
/etc/init.d/exim restart
/usr/local/cpanel/scripts/restartsrv exim
 
/etc/init.d/antirelayd restart
 
 
 
Searching:
 
grep wyoga.org /var/log/exim_mainlog
grep wyoga@wyoga.org /var/log/exim_mainlog

INCOMING: <=
OUTGOING: =>

cat /var/log/exim_mainlog | grep "wyoga.org" | grep "=>"
 
 
This will show you all the folders on the server that are sending out mail; it won't show the script specifically but it will show you the number of times that folder appears in the mail logs.

head -1 /var/log/exim_mainlog | awk '{print $1}' ; awk '$3 ~ /^cwd/{print $3}' /var/log/exim_mainlog | sort | uniq -c | sed "s|^ *||g" | sort -nr | head --lines 15 | egrep -v ' cwd=(/$|/etc/csf|/var/spool/exim)' ; tail -1 /var/log/exim_mainlog | awk '{print From $1}'
 
 
Find spam script location with Exim:
http://www.inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim
 
Run the following command to pull the most used mailing script's location from the Exim mail log:
grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n
 
 
-----------------------------------------------------
-----------------------------------------------------
 
 

cPanel email log - exim

Delivery and receipt log /var/log/exim_mainlog
Incoming mail queue /var/spool/exim/input/
Log of messages rejected based on ACLS or other policies /var/log/exim_rejectlog
Unexpected/Fatal error log /var/log/exim_paniclog
IMAP, POP login attempts, transactions, fatal errors and spam scoring /var/log/maillog /var/log/messages
Mailman /usr/local/cpanel/3rdparty/mailmain/logs