Pages

My DOCS

EXIM/MAIL SERVER

EXIM/MAIL SERVER

Table of Contents


LINKS


http://bradthemad.org/tech/notes/exim_cheatsheet.php



http://www.harkness.co.uk/exim/mail.html
http://www.computing.net/answers/unix/send-mail-on-unix/4064.html

EXIM AUTHENTICATION:
******************************************************
http://www.exim.org/exim-html-3.20/doc/html/spec_35.html
******************************************************


EXIM
==================
http://www.harkness.co.uk/exim/mail.html


**********************************************************************************
EXIM COMMANDS:
==================
http://www.harkness.co.uk/exim/exim_commands.html
**********************************************************************************
EXIM.CONF
==================
http://www.harkness.co.uk/exim/exim_conf.html
**********************************************************************************

AUTHENTICATION
==================

http://www.exim.org/exim-html-3.20/doc/html/spec_37.html
**********************************************************************************
VIRUS SCAN:
=============
http://www.exim.org/exim-html-4.50/doc/html/spec_40.html

**********************************************************************************



IMAP CONNECTION:(dovecot)
============================================
http://bobpeers.com/technical/telnet_imap.php#connecting
http://wiki.dovecot.org/MainConfig#head-9ccabf8aeac550b42b0b3c86bdfc51cd8221c672
http://www.yuki-onna.co.uk/email/imap.html
============================================
DOVECOT CONFIGURATION:
===================================================================
http://wiki.dovecot.org/MainConfig#head-41c13e34d97e3a72c90d913602bd09736f276b82
http://www5.ocn.ne.jp/~m-shin/linux/dovecot-default-conf.html
===================================================================



===================================================================
http://www.yuki-onna.co.uk/email/imap.html
===================================================================


LINKSEXIM/MAIL SERVER

COMMANDS

exiqgrep frozen | awk '{print $3}' | xargs exim -Mrm

872 for ID in `ps ax| grep http | awk '{print $1}'`; do echo $ID: ; ls -l /proc/$ID | grep cwd; done

844 netstat -ntu | grep ':' | awk '{print $5}' | awk '{sub("::ffff:","");print}' | cut -f1 -d ':' | sort | uniq -c | sort -n

grep root /var/log/spam_log| grep "Aug 2"| cut -d- -f2| sort -n | uniq -c | sort -nr

873 exim -bp | exiqsumm | awk '{if ($1 >100)print $0 }' | sort -n

exim -bp | grep frozen | awk '{print $3}' | xargs -n 1 -P 40 exim -v -M

161 for DOM in `ps auxwww | grep apache| awk '{print $2}'`; do echo "$DOM:"; ll /proc/$DOM | grep exe ; ll /proc/$DOM | grep cwd; echo "-------"; done


exim -bp | grep -B 1 pageviews.com

netstat -apln | grep :25 | grep perl

ll /proc/pid

netstat -tpn | grep :25| awk '{print $4}'| cut -d: -f1 | sort -nr | uniq -c


IMAP COMMANDS:
======================
telnet mail.domain.ext imap
A login me@mydomain.com mypassword
B select INBOX
C logout

exim -bp | awk '{print $3}' | xargs exim -Mrm

scripts/mailperm

/scripts/generate_maildirsize --allaccounts --force

/var/log/spam_log
lsof -p 18394
nice -20 pkill mysql
nice -20 pkill exim
gdb
/scripts/chpass focalpo bohemianraph21
ps aux --forest


1M0I0U-0005Q3-Bl



exim default port settings....
exim configuration editor.(don't edit)


*****************************************
/etc/VFILTER------FILTER


*/dev/null*

******************************************
/etc/valias/domain name--To check the forwarder.

Check if mail box are there or noe.
/home/username/mail/domain name---</cur /tmp /new>

if not then also should have forwarder.

Check if it for discard all the mails.

cat /etc/valias/domain name
************
delivery failure
************
*/dev/null*

******************************************




**----------means fail.

Grep with next bounce msg ID> i.e. with R field.

tail -n 100



http://blog.eukhost.com/webhosting/catching-spammers-on-cpanel-servers/


COMMANDSEXIM/MAIL SERVER

logs

4) How to read exim main log?
http://www.sawmill.net/formats/Exim.html
http://www.exim.org/exim-html-3.20/doc/html/spec_51.html

==================================================================================
1995-10-31 08:57:53 0tACW1-0005MB-00 <= kryten@dwarf.fict.book
H=mailer.fict.book [123.123.123.123] U=exim
P=smtp S=5678 id=<incoming message id>


1) The H and U fields identify the remote host and record the RFC 1413 identity of the user that sent the message, if one was received.
2) The number given in square brackets is the IP address of the sending host.
3) Misconfigured hosts (and mail forgers) sometimes put an IP address. Only the final address in square brackets can be relied on. U field contains the login name of the caller of Exim.
***************************
H=(10.21.32.43) [123.99.8.34]
H=([10.21.32.43]) [123.99.8.34]
***************************
4) P field specifies the protocol used to receive the message. This is set to `asmtp' for messages received from hosts which have authenticated themselves using the SMTP AUTH command.

5) A= followed by the name of the authenticator that was used. If an authenticated identification was set up by the authenticator's server_set_id option, this is logged too, separated by a colon from the authenticator name.

6) The size of the received message is given by the S field.When the message is delivered, headers may get removed or added, so that the size of delivered copies of the message may not correspond with this value (and indeed may be different to each other).

7) If the log_subject option is on, the subject of the message is added to the log line, preceded by `T=' (T for `topic', since S is already used for `size').

8) A delivery error message is shown with the sender address `<>', and if it is a locally-generated error message, this is normally followed by an item of the form
R=<message id>
which is a reference to the local identification of the message that caused the error message to be sent.


**************************************************************
1995-10-31 08:59:13 0tACW1-0005MB-00 => marv <marv@hitch.fict.book>
D=localuser T=local_delivery
1995-10-31 09:00:10 0tACW1-0005MB-00 => monk@holistic.fict.book
R=lookuphost T=smtp H=holistic.fict.book [234.234.234.234]
**************************************************************


9) If a shadow transport was run after a successful local delivery, the log line for the successful delivery has an item added on the end, of the form

ST=<shadow transport name>

10) '>' FIELD: The generation of a reply message by a filter file gets logged as a `delivery' to the addressee, preceded by `>'. The D and T items record the director and transport. For remote deliveries, the router, transport, and host are recorded.

11) CC FIELD: When more than one address is included in a single delivery (for example, two SMTP RCPT commands in one transaction) then the second and subsequent addresses are flagged with `->' instead of `=>'. When two or more messages are delivered down a single SMTP connection, an asterisk follows the IP address in the log lines for the second and subsequent messages.

12) *>' FIELD: When the -N debugging option is used to prevent delivery from actually occurring, log entries are flagged with `*>' instead of `=>'.

13) '**' FIELD: If a delivery fails, a line of the following form is logged:
-----------------------------------------------------------------------------------
1995-12-19 16:20:23 0tRiQz-0002Q5-00 ** jim@trek99.film
<jimtrek99.film>: unknown mail domain
-----------------------------------------------------------------------------------
This is followed (eventually) by a line giving the address to which the delivery error has been sent.

14) -N FIELD: -N options has been used to suppress the delivery faliure report.

14) `*>' FIELD: If a delivery does not actually take place because the -N options has been used to suppress it, an apparently normal delivery line is written to the log, except that `=>' is replaced by `*>'.

15) Completed FIELD:

A line of the form
-------------------------------------------------------------------------
1995-10-31 09:00:11 0tACW1-0005MB-00 Completed
--------------------------------------------------------------------------
is written to the main log when a message is about to be removed from the spool at the end of its processing.



==================================================================================

logsEXIM/MAIL SERVER

exim commands


5) basic exim commands.
**************************

exim -d ---------details exim
cat /proc/user_beancounters

**************************
http://bradthemad.org/tech/notes/exim_cheatsheet.php

http://exim.cbn.net.id/exim-html-3.10/doc/html/spec_findex.html
http://inhouse.net/media/index.php/KB:Additional_logging_in_exim
http://www.exim-new-users.co.uk/content/blogcategory/35/49/
======================
A Quick Reference Guide
======================
http://inhouse.net/media/index.php/KB:Exim_Basic_commands_%28A_Quick_Reference_Guide%29
************************************************************

How to remove all mails from exim queue?
================================
rm -rf /var/spool/exim/input/*

Deleting Frozen Mails:
==================
To remove all frozen mails from the exim queue, use the following command -
exim -bpr | grep frozen | awk {'print $3'} | xargs exim -Mrm
exiqgrep -z -i | xargs exim -Mrm

If you want to only delete frozen messages older than a day:
=============================================
exiqgrep -zi -o 86400
where you can change 86400 depending on the time frame you want to keep.( 1 day = 86400 seconds. ).

SpamAssassin:
===========
1. /scripts/perlinstaller --force Mail::SpamAssassin
2. /etc/init.d/exim restart


To forcefully deliver mails in queue, use the following exim command:
=====================================================
exim -bpru |awk '{print $3}' | xargs -n 1 -P 40 exim -v -M

To flush the mail queue:
exim -qff


To clear spam mails from Exim Queue:
==============================
grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

To clear frozen mails from Exim Queue.
grep -R -l '*** Frozen' /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

To clear mails from Exim Queue for which recipient cannot not be verified.
grep -R -l 'The recipient cannot be verified' /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

To find exim queue details. It will show ( Count Volume Oldest Newest Domain ) details.
=====================================================================

exim -bp |exiqsumm


Creating Mailing Lists in Exim
========================
http://inhouse.net/media/index.php/KB:Atmail:_Creating_Mailing_Lists_in_Exim


How to remove root mails from exim queue ?
==================================

When mail queue is high due to root mails, and you only need to remove the root mails and not any other valid mails.

exim -bp |grep "<root@HOSTNAME>"|awk '{print $3}'|xargs exim -Mrm

Replace "HOSTNAME" with server hostname


Exim Error:Retry time not reached
===========================
T=remote_smtp defer (-53): retry time not reached for any host

http://inhouse.net/media/index.php/KB:Exim_Error:Retry_time_not_reached


unrouteable mail domain:
===================
rm -rf /etc/eximmailtrap

http://inhouse.net/media/index.php/KB:Getting_unrouteable_mail_domain_%22hotmail.com%22

Spf record
=========
http://inhouse.net/media/index.php/KB:Installing_spf_record_on_a_cPanel

Remove All Spam and Trash from Server:
================================
http://inhouse.net/media/index.php/KB:Remove_All_Spam_and_Trash_from_Server

How to find whether server has SMTPs/POP3s/IMAPs support:
================================================
http://inhouse.net/media/index.php/KB:How_to_find_whether_server_has_SMTPs/POP3s/IMAPs_support

Cpanel script Guide:
=================
http://inhouse.net/media/index.php/KB:Quick_Reference_Bible_For_Cpanel_Scripts





grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

766 ps -C exim -fH ewww | grep home



exim commandsEXIM/MAIL SERVER

install

http://mbeqwa.sourceforge.net/howto.html#2


exim -C /config/file.new -bV

grep bruncenjo@rvwifi.com /var/log/exim_mainlog


installEXIM/MAIL SERVER

log anlysis

Log line flags
One line is written to the main log for each message received, and for each successful, unsuccessful,
and delayed delivery. These lines can readily be picked out by the distinctive two-character flags that
immediately follow the timestamp. The flags are:
message arrival
<=
normal message delivery
=>
additional address in same delivery
->
delivery suppressed by -N
*>
delivery failed; address bounced
**
delivery deferred; temporary problem
==
48.6 Logging message reception
The format of the single-line entry in the main log that is written for every message received is shown
in the basic example below, which is split over several lines in order to fit it on the page:
2002-10-31 08:57:53 16ZCW1-0005MB-00 <= kryten@dwarf.fict.example
H=mailer.fict.example [192.168.123.123] U=exim
P=smtp S=5678 id=<incoming message id>
The address immediately following ‘<=’ is the envelope sender address. A bounce message is shown
with the sender address ‘<>’, and if it is locally generated, this is followed by an item of the form
R=<message id>
which is a reference to the message that caused the bounce to be sent.
For messages from other hosts, the H and U fields identify the remote host and record the RFC 1413
identity of the user that sent the message, if one was received. The number given in square brackets is
the IP address of the sending host. If there is a single, unparenthesized host name in the H field, as
above, it has been verified to correspond to the IP address (see the host_lookup option). If the name is
in parentheses, it was the name quoted by the remote host in the SMTP HELO or EHLO command, and
has not been verified. If verification yields a different name to that given for HELO or EHLO, the verified
name appears first, followed by the HELO or EHLO name in parentheses.
Misconfigured hosts (and mail forgers) sometimes put an IP address, with or without brackets, in the
HELO or EHLO command, leading to entries in the log containing text like these examples:
Exim 4.50 [355] log files (48)
H=(10.21.32.43) [192.168.8.34]
H=([10.21.32.43]) [192.168.8.34]
This can be confusing. Only the final address in square brackets can be relied on.
For locally generated messages (that is, messages not received over TCP/IP), the H field is omitted,
and the U field contains the login name of the caller of Exim.
For all messages, the P field specifies the protocol used to receive the message. This is set to ‘esmtpa’
for messages received from hosts that have authenticated themselves using the SMTP AUTH command.
In this case there is an additional item A= followed by the name of the authenticator that was used. If
an authenticated identification was set up by the authenticator ’s server_set_id option, this is logged
too, separated by a colon from the authenticator name.
The id field records the existing message id, if present. The size of the received message is given by
the S field. When the message is delivered, headers may get removed or added, so that the size of
delivered copies of the message may not correspond with this value (and indeed may be different to
each other).
The log_selector option can be used to request the logging of additional data when a message is
received. See section 48.15 below.
48.7 Logging deliveries
The format of the single-line entry in the main log that is written for every delivery is shown in one of
the examples below, for local and remote deliveries, respectively. Each example has been split into two
lines in order to fit it on the page:
2002-10-31 08:59:13 16ZCW1-0005MB-00 => marv <marv@hitch.fict.example>
R=localuser T=local_delivery
2002-10-31 09:00:10 16ZCW1-0005MB-00 => monk@holistic.fict.example
R=dnslookup T=remote_smtp H=holistic.fict.example [192.168.234.234]
For ordinary local deliveries, the original address is given in angle brackets after the final delivery
address, which might be a pipe or a file. If intermediate address(es) exist between the original and the
final address, the last of these is given in parentheses after the final address. The R and T fields record
the router and transport that were used to process the address.
If a shadow transport was run after a successful local delivery, the log line for the successful delivery
has an item added on the end, of the form
ST=<shadow transport name>
If the shadow transport did not succeed, the error message is put in parentheses afterwards.
When more than one address is included in a single delivery (for example, two SMTP RCPT commands
in one transaction) the second and subsequent addresses are flagged with ‘->’ instead of ‘=>’. When
two or more messages are delivered down a single SMTP connection, an asterisk follows the IP
address in the log lines for the second and subsequent messages.
The generation of a reply message by a filter file gets logged as a ‘delivery’ to the addressee, preceded
by ‘>’.
The log_selector option can be used to request the logging of additional data when a message is
delivered. See section 48.15 below.
48.8 Discarded deliveries
When a message is discarded as a result of the command ‘seen finish’ being obeyed in a filter file
which generates no deliveries, a log entry of the form
2002-12-10 00:50:49 16auJc-0001UB-00 => discarded
<low.club@bridge.example> R=userforward
Exim 4.50 [356] log files (48)
is written, to record why no deliveries are logged. When a message is discarded because it is aliased to
‘:blackhole:’ the log line is like this:
1999-03-02 09:44:33 10HmaX-0005vi-00 => :blackhole:
<hole@nowhere.example> R=blackhole_router
48.9 Deferred deliveries
When a delivery is deferred, a line of the following form is logged:
2002-12-19 16:20:23 16aiQz-0002Q5-00 == marvin@endrest.example
R=dnslookup T=smtp defer (146): Connection refused
In the case of remote deliveries, the error is the one that was given for the last IP address that was
tried. Details of individual SMTP failures are also written to the log, so the above line would be
preceded by something like
2002-12-19 16:20:23 16aiQz-0002Q5-00 Failed to connect to
mail1.endrest.example [192.168.239.239]: Connection refused
When a deferred address is skipped because its retry time has not been reached, a message is written
to the log, but this can be suppressed by setting an appropriate value in log_selector.
48.10 Delivery failures
If a delivery fails because an address cannot be routed, a line of the following form is logged:
1995-12-19 16:20:23 0tRiQz-0002Q5-00 ** jim@trek99.example
<jim@trek99.example>: unknown mail domain
If a delivery fails at transport time, the router and transport are shown, and the response from the
remote host is included, as in this example:
2002-07-11 07:14:17 17SXDU-000189-00 ** ace400@pb.example R=dnslookup
T=remote_smtp: SMTP error from remote mailer after pipelined
RCPT TO:<ace400@pb.example>: host pbmail3.py.example
[192.168.63.111]: 553 5.3.0 <ace400@pb.example>...
Addressee unknown
The word ‘pipelined’ indicates that the SMTP PIPELINING extension was being used. See
hosts_avoid_esmtp in the smtp transport for a way of disabling PIPELINING.
The log lines for all forms of delivery failure are flagged with **.
48.11 Fake deliveries
If a delivery does not actually take place because the -N option has been used to suppress it, a normal
delivery line is written to the log, except that ‘=>’ is replaced by ‘*>’.
48.12 Completion
A line of the form
2002-10-31 09:00:11 16ZCW1-0005MB-00 Completed
is written to the main log when a message is about to be removed from the spool at the end of its
processing.
48.13 Summary of Fields in Log Lines
A summary of the field identifiers that are used in log lines is shown in the following table:
Exim 4.50 [357] log files (48)
authenticator name (and optional id)
A
SMTP confirmation on delivery
C
certificate verification status
CV
distinguished name from peer certificate
DN
on => lines: time taken for a delivery
DT
sender address (on delivery lines)
F
host name and IP address
H
local interface used
I
message id for incoming message
id
on <= lines: protocol used
P
on => and ** lines: return path
on => lines: time spent on queue so far
QT
on ‘Completed’ lines: time spent on queue
on <= lines: reference for local bounce
R
on => ** and == lines: router name
size of message
S
shadow transport name
ST
on <= lines: message subject (topic)
T
on => ** and == lines: transport name
local user or RFC 1413 identity
U
TLS cipher suite
X
48.14 Other log entries
Various other types of log entry are written from time to time. Most should be self-explanatory.
Among the more common are:
• retry time not reached An address previously suffered a temporary error during routing or local
delivery, and the time to retry has not yet arrived. This message is not written to an individual
message log file unless it happens during the first delivery attempt.
retry time not reached for any host An address previously suffered temporary errors during

remote delivery, and the retry time has not yet arrived for any of the hosts to which it is routed.
• spool file locked An attempt to deliver a message cannot proceed because some other Exim
process is already working on the message. This can be quite common if queue running processes
are started at frequent intervals. The exiwhat utility script can be used to find out what Exim
processes are doing.
• error ignored There are several circumstances that give rise to this message:
Exim failed to deliver a bounce message whose age was greater than ignore_bounce_
errors_after. The bounce was discarded.
A filter file set up a delivery using the ‘noerror’ option, and the delivery failed. The
delivery was discarded.
A delivery set up by a router configured with
errors_to = <>
failed. The delivery was discarded.

log anlysisEXIM/MAIL SERVER

supported commands


acl ------- ACL interpretation
auth ------- authenticators
deliver -------general delivery logic
dns ------- DNS lookups (see also resolver)
dnsbl -------DNS black list (aka RBL) code
exec ------- arguments for execv() calls
expand ------- detailed debugging for string expansions
filter ------- filter handling
hints_lookup ------- hints data lookups
host_lookup ------- all types of name-to-IP address handling


ident lookup
ident
lists of local interfaces
interface
matching things in lists
lists
system load checks
load
can be used by local_scan() (see chapter 41)
local_scan
general lookup code and all lookups
lookup
memory handling
memory
add pid to debug output lines
pid
setting info for the process log
process_info
queue runs
queue_run
general message reception logic
receive
turn on the DNS resolver ’s debugging output
resolver
retry handling
retry
address rewriting
rewrite
address routing
route
add timestamp to debug output lines
timestamp
TLS logic
tls
transports
transport
changes of uid/gid and looking up uid/gid
uid
address verification logic
verify
all of the above, and also -v
all




-------------------------------------------------------------------------------------------------------------------------------------------------

• ACL: Access control lists for controlling incoming SMTP mail.
• authenticators: Configuration settings for the authenticator drivers. These are concerned with the
SMTP AUTH command (see chapter 33).
• routers: Configuration settings for the router drivers. Routers process addresses and determine
how the message is to be delivered.
• transports: Configuration settings for the transport drivers. Transports define mechanisms for
copying messages to destinations.
• retry: Retry rules, for use when a message cannot be immediately delivered.
• rewrite: Global address rewriting rules, for use when a message arrives and when new addresses
are generated during delivery.
• local_scan: Private options for the local_scan() function. If you want to use this feature, you
must set
LOCAL_SCAN_HAS_OPTIONS=yes




supported commandsEXIM/MAIL SERVER

pop b4 smtp

what is pop before smtp and open relay ?

http://books.google.co.in/books?id=OMHy4wRQOP4C&pg=PA81&lpg=PA81&dq=what+is+pop+bef.ore+smtp+and++open+relay+%3F&source=bl&ots=6fCQk2swX2&sig=2VHNnSKRiNgB99F6fVFt77Cq-o0&hl=en&ei=IFqgSbrJAY_VkAW5pOTOCw&sa=X&oi=book_result&resnum=3&ct=result#PPA93,M1
http://spam.abuse.net/adminhelp/smPbS.shtml
http://www.abuse.net/relay.html

http://www.checkor.com/

http://www.spamhelp.org/shopenrelay/




What is an open relay?
An open relay (sometimes also referred to as a third-party relay) is a mail server that does not verify that it is authorised to send mail from the email address that a user is trying to send from. Therefore, users would be able to send email originating from any third-party email address that they want.




what is pop before smtp?

Every time someone successfully enters a correct username and password to your POP or IMAP server (i.e. checks an e-mail account that is configured on your Virtual Server), the server records the IP address of the remote client. The IP address and a timestamp are stored in the ~/etc/relayers.db database file. The database serves as a list of IP addresses that are a llowed to perform an SMTP relay. A simple rule set in the check_rcpt section of the ~/etc/sendmail.cf file causes sendmail to refuse to relay e-mail from any IP address that is not listed in the ~/etc/relayers.db database file. You will need to add this Rule Set if it is missing from your ~/etc/sendmail.cf file.


http://www.verio.com/support/documents/view_article.cfm?doc_id=1047







POP before SMTP or SMTP after POP is a method of authorization used by mail server software which helps allow users the option to send e-mail from any location, as long as they can demonstrably also fetch their mail from the same place.

Technically; users are allowed to use SMTP from an IP address as long as they have previously made a successful login into the POP service at the same mail hosting provider, from the same IP address, within a predefined timeout period.

The main advantage of this process is that it's generally transparent to the average user who will be connecting with an email client, which will almost always make a connection to fetch new mail before sending new mail. The disadvantages include a potentially complex setup for the mail hosting provider (requiring some sort of communication channel between the POP service and the SMTP service) and uncertainty as to how much time users will take to connect via SMTP (to send mail) after connecting to POP.

Those users not handled by this method need to resort to other authorization methods. Also, in cases where users come from externally controlled dial-up addresses (more specifically, all dynamically assigned IP addresses), the SMTP server must be careful about not giving too much leeway when allowing unauthorized connections, because of a possibility of race conditions leaving an open mail relay unintentionally exposed.





pop b4 smtpEXIM/MAIL SERVER

MAIL QUEUE

**********************************************************************************
EXIM COMMANDS:
==================

http://www.harkness.co.uk/exim/exim_commands.html


ALL COMMANDS/LOGS
=====================
********************************************************************************
http://scorpio.cpiv.com/phpBB2/viewtopic.php?t=144
http://scorpio.cpiv.com/phpBB2/viewtopic.php?t=145
http://scorpio.cpiv.com/phpBB2/viewtopic.php?t=147

**********************************************************************************
SPF
====
http://scorpio.cpiv.com/phpBB2/viewtopic.php?t=257




http://www.harkness.co.uk/exim/exim_conf.html



http://www.electrictoolbox.com/show-exim-mail-queue/
**********************************************************************************
http://www.electrictoolbox.com/flush-exim-mail-queue/

**********************************************************************************
**********************************************************************************
**********************************************************************************

To view the exim mail queue issue the following command:

mailq

OR

exim -bp

If exim is in /usr/sbin and /usr/sbin is not in your path, you'll need to prefix the command with the full path like so:

/usr/sbin/exim -bp

The outut from the above commands will look something like so:

4d 1.2K 1Ka6u5-00032Z-Eb <from@example.com>
to@example.com

62h 1.2K 1KaRH0-0007QZ-B5 <from@example.com>
to@example.com

3h 22K 1KbLHr-0004ev-An <from@example.com>
to@example.com

In the above example "from@example.com" is the email address the email is being sent from and to@example.com is the address being sent to. Normally these would be real email addresses but I've changed them for the purposes of this post.

The 4d, 62h and 3h values indicate how long the email message has been in the queue: 4 days, 62 hours and 3 hours respectively.

The x.xK values are the message size.

And the 1Ka6u5-00032Z-Eb etc is the message id and is also the filename of the message on disk, which you will find in /var/spool/exim/msglog and /var/spool/exim/input (the directories may vary depending on your Linux/Unix distribution and/or compiled in settings).

Using the "find" command you could do this to locate all the relevent files:

find /var/spool/exim -name "1Ka6u5-00032Z-Eb*"

which would display something like this:

/var/spool/exim/msglog/1Ka6u5-00032Z-Eb
/var/spool/exim/input/1Ka6u5-00032Z-Eb-D
/var/spool/exim/input/1Ka6u5-00032Z-Eb-H
**********************************************************************************



There are two ways to flush the exim mail queue:

runq

or

exim -q

This will then process the mail queue. I had a look at the exim log file and the mail queue itself (I'll be posting how to view what's in the exim mail queue on Tuesday) after flushing the queue and the emails were still stuck there. Another quick look at the exim man page and I discovered the following options:

-qf = If one f flag is present, a delivery attempt is forced for each non-frozen message, whereas without f only those non-frozen addresses that have passed their retry times are tried.

-qff = If ff is present, a delivery attempt is forced for every message, whether frozen or not.

So I then ran this:

exim -qff

And the messages that were stuck in the queue were flushed and delivered. My customer reported back to me a few minutes later that their emails had been received.

Note that the exim command is probably in /usr/sbin and you may need to use the whole path as well as the command to run it. If this is the case then do this:

/usr/sbin/exim -q
/usr/sbin/exim -qff
etc

As mentioned above, on Tuesday I'll post how to view what's currently in the exim mail queue.













MAIL QUEUEEXIM/MAIL SERVER

COMND

ll /var/log/exim_mainlog*


/var/spool/cron

*/5 * * * * /usr/sbin/exim -v -Rff @mortonsalt.com > /dev/null 2>&1

selevt nest month logrotate file
search with msg id.

zgrep 1L9DfQ-0003bc-9W /var/log/exim_mainlog.2.gz |awk '{print $5}' |grep aol.com | sort | uniq -c

sender id locate.

ls -a

sent mail to contact mail id.
.contactemail




[root@ulgan brenda]# exim -M 1LtUNX-0004Ej-DA
[root@ulgan brenda]# exim -M 1LtUKz-00041s-F8
[root@ulgan brenda]# exiqgrep -r jebcoventuresinc.com



COMNDEXIM/MAIL SERVER

LOGS

How to read exim main log?
http://www.sawmill.net/formats/Exim.html
http://www.exim.org/exim-html-3.20/doc/html/spec_51.html

==================================================================================
1995-10-31 08:57:53 0tACW1-0005MB-00 <= kryten@dwarf.fict.book
H=mailer.fict.book [123.123.123.123] U=exim
P=smtp S=5678 id=<incoming message id>


1) The H and U fields identify the remote host and record the RFC 1413 identity of the user that sent the message, if one was received.
2) The number given in square brackets is the IP address of the sending host.
3) Misconfigured hosts (and mail forgers) sometimes put an IP address. Only the final address in square brackets can be relied on. U field contains the login name of the caller of Exim.
***************************
H=(10.21.32.43) [123.99.8.34]
H=([10.21.32.43]) [123.99.8.34]
***************************
4) P field specifies the protocol used to receive the message. This is set to `asmtp' for messages received from hosts which have authenticated themselves using the SMTP AUTH command.

5) A= followed by the name of the authenticator that was used. If an authenticated identification was set up by the authenticator's server_set_id option, this is logged too, separated by a colon from the authenticator name.

6) The size of the received message is given by the S field.When the message is delivered, headers may get removed or added, so that the size of delivered copies of the message may not correspond with this value (and indeed may be different to each other).

7) If the log_subject option is on, the subject of the message is added to the log line, preceded by `T=' (T for `topic', since S is already used for `size').

8) A delivery error message is shown with the sender address `<>', and if it is a locally-generated error message, this is normally followed by an item of the form
R=<message id>
which is a reference to the local identification of the message that caused the error message to be sent.


**************************************************************
1995-10-31 08:59:13 0tACW1-0005MB-00 => marv <marv@hitch.fict.book>
D=localuser T=local_delivery
1995-10-31 09:00:10 0tACW1-0005MB-00 => monk@holistic.fict.book
R=lookuphost T=smtp H=holistic.fict.book [234.234.234.234]
**************************************************************


9) If a shadow transport was run after a successful local delivery, the log line for the successful delivery has an item added on the end, of the form

ST=<shadow transport name>

10) '>' FIELD: The generation of a reply message by a filter file gets logged as a `delivery' to the addressee, preceded by `>'. The D and T items record the director and transport. For remote deliveries, the router, transport, and host are recorded.

11) CC FIELD: When more than one address is included in a single delivery (for example, two SMTP RCPT commands in one transaction) then the second and subsequent addresses are flagged with `->' instead of `=>'. When two or more messages are delivered down a single SMTP connection, an asterisk follows the IP address in the log lines for the second and subsequent messages.

12) *>' FIELD: When the -N debugging option is used to prevent delivery from actually occurring, log entries are flagged with `*>' instead of `=>'.

13) '**' FIELD: If a delivery fails, a line of the following form is logged:
-----------------------------------------------------------------------------------
1995-12-19 16:20:23 0tRiQz-0002Q5-00 ** jim@trek99.film
<jimtrek99.film>: unknown mail domain
-----------------------------------------------------------------------------------
This is followed (eventually) by a line giving the address to which the delivery error has been sent.

14) -N FIELD: -N options has been used to suppress the delivery faliure report.

14) `*>' FIELD: If a delivery does not actually take place because the -N options has been used to suppress it, an apparently normal delivery line is written to the log, except that `=>' is replaced by `*>'.

15) Completed FIELD:

A line of the form
-------------------------------------------------------------------------
1995-10-31 09:00:11 0tACW1-0005MB-00 Completed
--------------------------------------------------------------------------
is written to the main log when a message is about to be removed from the spool at the end of its processing.



==================================================================================
LOGSEXIM/MAIL SERVER

pop

grep a@domainname var/log/maillog

Check POP connection.
popEXIM/MAIL SERVER

conf

http://www.jaguarpc.com/forums/showthread.php?t=17391
confEXIM/MAIL SERVER

send mail

http://www.sendmail.org/~ca/email/doc8.12/op-sh-1.html#sh-1.3.1
http://www.sendmail.org/m4/readme.html
http://www.wikihow.com/Configure-Sendmail#Download_Sendmail
http://www.sfr-fresh.com/unix/misc/sendmail.8.14.3.tar.gz/
http://www.sfr-fresh.com/unix/misc/sendmail.8.14.3.tar.gz/


--------------------------------------------------------------------------------------------------------------
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch21_:_Configuring_Linux_Mail_Servers
http://www.feep.net/sendmail/tutorial/run/starting.html


/etc/rc.d/init.d/sendmail restart
/etc/mail/sendmail.cf
vi /etc/mail/sendmail.mc
make -C /etc/mail
/var/log/mail/statistics

---------------------------------------------------------------------------------------------------------------
http://www.sendmail.org/faq/section3
http://www.sendmail.org/tips/compiling#BuildingSendmail
http://highspeedhostingsolutions.com/support/vps/basic/admin/email/virtusertable.html
http://dl.njfiw.gov.cn/books/RedHat%C8%CF%D6%A4/rhce%BB%F9%B4%A1%BD%CC%B3%CC/rhce/RHCE-17.shtml
--------------------------------------------------------------------------------------------------------------




send mail EXIM/MAIL SERVER

/etc/valiases/

Error:: fatal! Write Failure /etc/valiases/
=============================
http://www.eukhost.com/forums/f38/error-fatal-write-failure-etc-valiases-6254/

root@Server [~]#chown username:mail /etc/valiases/domain.com
root@Server [~]#/scripts/fixvaliases


root@ukko [/home/sonoran/mail/sonoranexteriors.com]# cat /etc/valiases/asiakayaks.com
*: :fail:










/etc/valiases/EXIM/MAIL SERVER

relay

http://www.eudora.com/techsupport/kb/1593hq.html
http://www.eudora.com/techsupport/kb/2107hq.html
http://www.eudora.com/techsupport/tutorials/win_smtp_relay.html





relayEXIM/MAIL SERVER

send mail

--------------------------------------------------------------------
http://www.netadmintools.com/art37.html

USEFULL LINK

--------------------------------------------------------------------
http://www.sendmail.org/support

http://www.sendmail.org/faq/section3#3.7



http://www.he.net/adm/sendmail.cf.html


/usr/sbin/sendmail -v -q -C/etc/mail/sendmail.cf



**********************************************************************************
Dell™ Vostro 1510
http://www1.ap.dell.com/content/products/productdetails.aspx/vostronb_1510?c=in&cs=inbsd1&l=en&s=bsd&~ck=mn&ST=Acer%20Laptop&dgc=ST&cid=33222&lid=783244&acd=10599679832341426

-------------------------------------------------------------------------------------------------
http://shopap.lenovo.com/SEUILibrary/controller/e/inweb/LenovoPortal/en_IN/catalog.workflow:expandcategory?page-size=10¤t-catalog-id=3634951826AE4D3881BFFF1AC5FCD957¤t-category-id=559CA420B13440C18C1510E0BFE33D01&tab=1&runfacets=1&altercrumb=0&initpage=seriespage&filter=&show-page=2
-------------------------------------------------------------------------------------------------
Lenovo 3000 G430 4152ACQ


Lenovo 3000 G430 4153AEQ

Lenovo 3000 G530 - 415128Q






Lenovo 3000 G530--415153Q-----CORE 2 DUO





------------------------------------------------------------------------------------------------------------------

Lenovo 3000 G530
415153Q

Price: Rs.36,740.00
Model details


· Intel® Core™ 2 Duo processor T6400 ( 2.00GHz 800MHz 2MB )

· PC DOS 2000 License

· 15.4 " WXGA TFT with integrated camera LCD Glossy 1280x800

· Intel Integrated Graphics X4500
· 2 GB PC2-5300 DDR2 SDRAM 667MHz

· 250GB 5400

· DVD Recordable (Dual Layer)

------------------------------------------------------------------------------------------------------------------



Lenovo 3000 G530 - 415127Q
415127Q

Price: Rs.38,490.00
Model details


· Intel® Core™ 2 Duo processor T5800 ( 2.00GHz 800MHz 2MB )

· Genuine Windows Vista Home Basic

· 15.4 " WXGA TFT with integrated camera LCD Glossy 1280x800

· Intel Integrated Graphics X4500
· 2 GB PC2-5300 DDR2 SDRAM 667MHz

· 250GB 5400

· DVD Recordable (Dual Layer)

------------------------------------------------------------------------------------------------------------------

PROCESSOR Intel(R) Core(TM)2 Duo Processor T5670 (1.8 GHz, 2MB Cache, 800 MHz FSB) edit
OPERATING SYSTEM Genuine Windows Vista(R) Home Basic SP1 32 bit Edition (English) edit
MICROSOFT OFFICE SOFTWARE Microsoft(R) Works 9.0 (Does Not Include Microsoft(R) Office 2003/2007 Software) edit
DISPLAY 15.4" Widescreen WXGA (1280x800) TFT Display edit
MEMORY 2GB (2 X 1024MB) 667MHz Dual Channel DDR2 SDRAM edit
HARD DRIVE 250GB (5400 RPM) SATA Hard Drive edit
OPTICAL DRIVE Slot load 8X max DVD+/-RW Drive with DVD+R double layer write capability edit
VIDEO CARD Integrated Intel(R) Graphics Media Accelerator X3100 edit
PRIMARY BATTERY 6-cell Lithium Ion Primary Battery edit
POWER OPTIONS 90W AC Adapter edit
OPTIONAL NOTEBOOK COLOUR KITS Integrated 1.3 Mega Pixel Web Cam with Digital Microphone edit
WIRELESS NETWORKING CARD Dell(TM) Wireless 1395 802.11g 54Mbps Wireless Mini Card edit
BLUETOOTH MODULE Dell(TM) TrueMobile(TM) 360 Bluetooth Module


send mailEXIM/MAIL SERVER

exim interface IP

exim interface IP

search with inetinterface
exim interface IPEXIM/MAIL SERVER

rbl

http://mxtoolbox.com/
rblEXIM/MAIL SERVER

spam assisin

perl -MMail::SpamAssassin -e 'print $Mail::SpamAssassin::VERSION;'

http://codeworks.gnomedia.com/westhost-introduction/email-system-part-2-configuring-and-updating/


http://forums.westhost.com/showthread.php?s=beecacd1a3395e3f109a321eb172a7c1&t=8325

http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html
http://www.stearns.org/doc/spamassassin-setup.current.html


rm -f /var/spool/exim/db/ratelimit*




/etc/mail/spamassassin/
local.cf


spam assisinEXIM/MAIL SERVER

commands/mail

http://www.shelldorado.com/articles/mailattachments.html
commands/mailEXIM/MAIL SERVER

unblock address

All about Spam:
====================================
http://spamlinks.net/filter-bl.htm


====================================
http://handynerds.com/tips/thats-my-emailaddr.html


Rbl check:
==========
http://www.isipp.com/resources/am-i-blacklisted/

====================
http://www.handynerds.com/blacklist.html
http://whatismyipaddress.com/forum/viewtopic.php?showtopic=17516

http://www.linuxquestions.org/questions/linux-server-73/fighting-spam-and-removing-blacklisting-tips-583314/
unblock addressEXIM/MAIL SERVER

mail dir size

http://forums.cpanel.net/general/59000-mail-quotas-way-off-9.html#post495217

/scripts/generate_maildirsize

http://www.spamfighter.com/Product_Info.asp


====================================



#
#really_fix_maildirsize.sh
#
echo "This script deletes all 'maildirsize', 'diskusage_...', "
echo "and 'email_accounts.yaml/.cache' files in the /home tree, "
echo "then rebuilds maildirsize files."
read -p "Are you sure you wish to continue? (yes/no): "
if [ "$REPLY" = "yes" ]; then

echo "Deleting /home/*/.cpanel/emailaccounts.yaml ...
"
find /home/*/.cpanel/ -name email_accounts.yaml | xargs rm -f
echo "Deleting /home/*/.cpanel/emailaccounts.cache ...
"
find /home/*/.cpanel/ -name email_accounts.cache | xargs rm -f
echo "Deleting /home/*/.cpanel/datastore/diskusage_* ...
"
find /home/*/.cpanel/datastore/ -name "diskusage_*" | xargs rm -f
echo "Deleting /home/*/mail/maildirsize (this one takes a while) ...
"
find /home/*/mail/ -name maildirsize | xargs rm -f
echo "Rebuilding maildirsize files (this one takes a while) ...
"
/scripts/generate_maildirsize --force --allaccounts
echo "Done!

"
else
echo "Aborting..."
fi
mail dir sizeEXIM/MAIL SERVER

fishing track

http://forum.whmdestek.com/cpanel-articles/813-prevent-spam-antivirus-exim-cpanel.html




https://www.bodhost.com/forum/tutorials-documentation/921-preventing-spam-antivirus-exim.html



http://webhosting909.blogspot.com/2009/01/difference-between-virtualsauserdeliver.html

http://forums.serverbeach.com/archive/index.php/t-4343.html
/scripts/fixrelayd
/etc/rc.d/init.d/antirelayd restart
service exim restart
fishing trackEXIM/MAIL SERVER

system filter

#gvoskanian.com to reject Spoof Mails
if
$header_from: contains "duke@gvoskanian.com"
and $header_to: contains "duke@gvoskanian.com"
then
fail
seen finish
endif


==========================================

# Exim filter

if not first_delivery and error_message then finish endif

if
$header_subject: contains "Rep1icaWatches"
or $header_subject: contains "Submariner SS"
or $header_subject: contains "pharmacy"
or $message_body contains " Pharmaceutical Technology"
or $message_body contains "AARP"
or $message_body contains "MSN Featured Offers"
or $message_body contains "penis"
or $message_body contains "pharmacy"
or $message_body contains "sexual"
or $message_body contains "viagra"
or $message_body contains "with CountryCode"
or $message_headers contains "acai"
or $message_headers contains "steveh60@earthlink.net"
or $message_headers contains "viagra"
then
save "/dev/null" 660
endif





http://email.about.com/od/emailnetiquette/a/cc_and_bcc.htm
==========================================

http://www.exim.org/exim-html-current/doc/html/filter.html#SEC01
http://exim.org/exim-html-4.50/doc/html/filter_2.html
http://gd.tuwien.ac.at/.vhost/exim.org/exim-html-4.40/doc/html/FAQ_5.html

==========================================


http://exim.org/exim-html-4.50/doc/html/filter_3.html
http://www.freesoftwaremagazine.com/articles/exim_and_anti_spam_spamassassin?page=0%2C2




$return_path

$recipients











What is the difference between Cc and Bcc?

Cc stands for carbon copy which means that whose address appears after the Cc: header would receive a copy of the message. Also, the Cc header would also appear inside the header of the received message.

Bcc stands for blind carbon copy which is similar to that of Cc except that the Email address of the recipients specified in this field do not appear in the received message header and the recipients in the To or Cc fields will not know that a copy sent to these address.
system filterEXIM/MAIL SERVER

msgQ

http://edocs.bea.com/tuxedo/msgq/unixcli/5trouble.htm
msgQEXIM/MAIL SERVER

querrer/mail

Ticket #160800: URGENT help needed



http://flurdy.com/docs/postfix/#config-simple-imap



http://equaldich.co.cc/blog/error-could-not-complete-request-query-select-%E2%80%9Cinboxdrafts%E2%80%9D-reason-given-unable-to-open-this-mailbox/
querrer/mailEXIM/MAIL SERVER

mail permission+password

exiqgrep -r rvwifi.com | awk '{print $3}' | xargs -n 1 -P 40 exim -v -M




cd /etc/vmail-------password link




/scripts/mailperm



/scripts/addpop tania@joseveragallery.com

mv inbox inbox.tst

chown josever:mail inbox


tail -f /usr/local/cpanel/logs/error_log




/scripts/restartsrv_imap
731 /scripts/restartsrv_courier
732 /etc/rc.d/init.d/xinetd stop
733 netstat -plan | grep 143
734 kill -9 13612
735 /etc/rc.d/init.d/cpanel stop
736 /etc/rc.d/init.d/cpanel restart
737 netstat -plan | grep 143
738 netstat -plan | grep 143
739 /scripts/restartsrv_courier





emacs /etc/grub.conf

mail permission+passwordEXIM/MAIL SERVER

Zurück


Converting Mbox mailboxes to Maildir format





http://www.akadia.com/services/converting_mbox_mdir.html


http://www.bewley.net/linux/email/mbox-to-maildir.php

Zurück EXIM/MAIL SERVER

MBOX

http://74.125.153.132/search?q=cache:rdhPie49bqAJ:www.tecpages.com/how-to-convert-mbox-to-maildir-for-a-single-domain-on-a-cpanel-server/+convert+to+maildir+for+a+single+domain&cd=1&hl=en&ct=clnk&gl=in&client=firefox-a



Hi

WHM has a built in script to do this … Here is the format …

/usr/local/cpanel/3rdparty/mb2md/mb2md -s /home/username/mail/domain.com/user/inbox -d /home/username/mail/domain.com/user/

As always take the backup of “/home/username/mail/domain.com/user/” before doing this. Please provide your feedback.
MBOXEXIM/MAIL SERVER

trouble shootimg all mail problem

http://nemesis.lonestar.org/site/mail_trouble.html




http://groups.google.com/group/hosted-the-basics/browse_thread/thread/65eb5e2cacc92a99
trouble shootimg all mail problemEXIM/MAIL SERVER

BYPASS

Ticket #161287: bfrog.net





If we do the RBL check in acl_smtp_rcpt instead of acl_smtp_data, we can use
accept recipients = "e-mail address" and bypass the RBL check.

===================
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

accept senders = nobody@host.thosecallaways.com
accept recipients = testrot@bfrog.net
deny dnslists = bl.spamcop.net : sbl.spamhaus.org :dnsbl.sorbs.net=127.0.0.2,127.0.0.3,127.0.0.4,127.0.0.5,127.0.0.7 : cbl.abuseat.org
!authenticated = *
message = message = $sender_host_address is listed at $dnslist_domain
require verify = header_sender
accept

===================

Tested this in ukko using "exim -bh" . It was working.
BYPASSEXIM/MAIL SERVER

rbl


The new interface IP is not marked as an spammer IP. So their is no need of changing the mail server IP address. You can verify this using the following links:

---------------
http://www.anti-abuse.org/checkrbl.php?host=140.99.71.222&submit.x=197&submit.y=24
http://checker.msrbl.com/v/1/?q=140.99.71.222
https://toolbox.webhotel.net/cgi-bin/rbl.cgi
---------------

Please check it from your end and let us know if you need any further assistance.
rblEXIM/MAIL SERVER

error

http://www.exim-new-users.co.uk/content/view/74/1/
errorEXIM/MAIL SERVER

no body mails

http://kb.deru.net/?View=entry&EntryID=61
no body mailsEXIM/MAIL SERVER

iptables

iptables -A blockedips -s 61.235.117.84 -j DROP


iptablesEXIM/MAIL SERVER

spam

for ID in `ps ax| grep http | awk '{print $1}'`; do echo $ID: ; ls -l /proc/$ID | grep cwd;done;
spamEXIM/MAIL SERVER

virus



strace -f -tT -o logs_LFD.txt /etc/init.d/lfd start

cat /etc/redhat-release
750 yum install strace
grep "No such file" logs_LFD.txt

ll /usr/lib/HiRes /usr/lib/HiRes.so /usr/lib/libHiRes.so /etc/csf/Carp/Heavy.pm /usr/local/lib/libHiRes.so
====================================


perl -MCPAN -e 'install Time::HiRes'
====================================
wget http://search.cpan.org/CPAN/authors/id/J/JH/JHI/Time-HiRes-1.9719.tar.gz
672 tar xzf Time-HiRes-1.9719.tar.gz
673 ls
674 cd Time-HiRes-1.9719
675 ls
676 less README
677 less TODO
678 make
679 ls
680 perl Makefile.PL
681 make
682 make test
683 ls
684 make install
685 /etc/init.d/lfd restart
686 ll /usr/local/lib/perl5/5.8.8/i686-linux/auto/Time/HiRes/.packlist
687 ll /usr/local/lib/perl5/5.8.8/i686-linux/auto/Time/HiRes/
688 less /usr/local/lib/perl5/5.8.8/i686-linux/auto/Time/HiRes/.packlist
689 ll /usr/local/lib/perl5/5.8.8/i686-linux/Time/HiRes.pm
690 /etc/init.d/lfd restart


====================================

locate clamd

wget http://dag.wieers.com/rpm/packages/clamav/clamav-0.91.2-1.el4.rf.i386.rpm

rpm -ivh clamav-0.91.2-1.el4.rf.i386.rpm

871 wget http://dag.wieers.com/rpm/packages/clamav/clamav-0.91.2-1.el4.rf.i386.rpm
872 rpm -ivh *.rpm
873 rpm -ivh clamav-0.91.2-1.el4.rf.i386.rpm
874 ls
875 wget http://dag.wieers.com/rpm/packages/clamav/clamav-db-0.91.2-1.el4.rf.i386.rpm
876 rpm -ivh clamav-db-0.91.2-1.el4.rf.i386.rpm
877 rpm -ivh clamav-0.91.2-1.el4.rf.i386.rpm
878 which clamav
879 which clamd
880 locate clam
881 ls /usr/local/
882 ls /usr/bin/
883 ls /usr/bin/ | grep clamav-
884 ls /usr/sbin/ | grep clamav
885 ls /usr/sbin/ | grep clama
886 ls /usr/sbin/ | grep clam
887 pwd
888 ls
889 rpm -q | grep clam
890 rpm -qa | grep clam
891 updatedb &
892 locate clam

===========

/usr/bin/clamscan --help
911 which clamscan
912 /usr/bin/clamscan -i -r -max-recursion=15 - /usr/local/Clam in-summary
913 /usr/bin/clamscan -i -r -max-recursion=15 /usr/local/Clam
===========
910 /usr/bin/clamscan --help
911 which clamscan
912 /usr/bin/clamscan -i -r -max-recursion=15 - /usr/local/Clam in-summary
913 /usr/bin/clamscan -i -r -max-recursion=15 /usr/local/Clam
914 /usr/bin/clamscan --help
915 /usr/bin/clamscan -vi -r -max-recursion=15 -in-summary $DIR
916 /usr/bin/clamscan -vi -r -max-recursion=15 -in-summary /usr/local/Clam
917 /usr/bin/clamscan
918 /usr/bin/clamscan -max-recursion=15
919 /usr/bin/clamscan -vi -r --max-recursion=15 -in-summary /usr/local/Clam
920 /usr/bin/clamscan -vi -r --max-recursion=15 /usr/local/Clam
921 /usr/bin/clamscan -vi -r --max-recursion=15 /usr/local/
922 /usr/bin/clamscan -vi -r --max-recursion=15 /home/*/Maildir/
923 ls
924 /usr/bin/clamscan -vi -r --max-recursion=15 /tmp
925 df -h
926 ls /
927 /usr/bin/clamscan -vi -r --max-recursion=15 /root/
928 /usr/bin/clamscan -vi -r --max-recursion=15 /root/ | grep FOUND
929 ls /root/hackedfiles2/
930 ls /root/hackedfiles2/
931 ls /root/hackedfiles2/~hackers
932 rm -rf /root/hackedfiles2/~hackers
933 ls
934 ls /root/hackedfiles2/
935 rm -rf /root/hackedfiles2/mitra.tar.gz /root/hackedfiles2/.mitra/xh
936 ll /root/hackedfiles2/bind.tgz
937 tar -tvzf /root/hackedfiles2/bind.tgz
938 rm -rf /root/hackedfiles2/bind.tgz
939 /usr/bin/clamscan -vi -r --max-recursion=15 /root/ | grep FOUND
940 ls /root/hackedfiles2/mitra.tar.gz: Hacktool.Fakeproc FOUND
941 /root/hackedfiles2/.mitra/xh: Hacktool.Fakeproc FOUND
942 /root/hackedfiles2/bind.tgz: Linux.RST.B FOUND
943 ls /root/hackedfiles2/
944 rm -rf /root/hackedfiles2
945 ls /root/
946 less /root/hackfiles
947 ls -la /tmp/
948 locate clamav
949 ll /etc/log.d/scripts/services/clamav
950 less /etc/log.d/scripts/services/clamav
951 which clamav
952 /etc/log.d/scripts/services/clamav


===========
/etc/log.d/scripts/services/clamav -v

grep clam /etc/passwd
994 groupadd -g 40 clamav








virusEXIM/MAIL SERVER

send mail users

#146765


How to Set it Up:

Step 1

Add the users you wish to have email services to your server Give username and password.
In our example above, the command sequence would be:

adduser chris
passwd chris
adduser tina
passwd tina
adduser steve
passwd steve

Step 2

Open webmin (sendmail.cw) Add the domain: bogus25.com to this file.

Edit /etc/mail/virtusertable Add the following email address to username map to this file:

sales@bogus25.com steve
chris@bogus25.com chris
@bogus25.com tina

Have someone or send yourself some test emails to you at the new accounts.

Another thing to check... All mail is stored inside /var/spool/mail. Any user receiving
mail should have a file inside that directory named the same as their username.
Are the files there? Are they 0 filesize? When you send test messages to the domains,
do the files grow? To watch the mail as it arrives, you may use the following command:

tail -f /var/spool/mail /username

(again with this command, press ctrl-c to stop)

To add more domains, repeat the following steps appending new information to each file.




Please check it and do get back to us if you need any help from us.
Thank you for contacting Deru support.
send mail usersEXIM/MAIL SERVER

IPHONE POP

http://allforces.com/2007/07/05/iphone-imap/
IPHONE POPEXIM/MAIL SERVER

exim cmd

/usr/sbin/exiqgrep -o 43200 -i | /usr/bin/xargs /usr/sbin/exim -Mrm
exim cmdEXIM/MAIL SERVER

Manualy mail creating script

[root@server ~]# cat /root/EmailAccountCreate.sh






#!/bin/bash
###############################
## Purpose : Email account Create
## Date: 2009-07-28
## Created by : Joseph Symon
###############################

################
#Color
################
CLEAR="/usr/bin/clear"
REDCOLOR="\033[1;31m"
COLOROFF="\033[1;0m"
BLUECOLOR="\033[1;34m"
CYANCOLOR="\033[1;36m"
BLACK="\033[0m"
BOLDBLACK="\033[1;0m"
RED="\033[31m"
BOLDRED="\033[1;31m"
GREEN="\033[32m"
BOLDGREEN="\033[1;32m"
YELLOW="\033[33m"
BOLDYELLOW="\033[1;33m"
BLUE="\033[34m"
BOLDBLUE="\033[1;34m"
MAGENTA="\033[35m"
BOLDMAGENTA="\033[1;35m"
CYAN="\033[36m"
BOLDCYAN="\033[1;36m"
WHITE="\033[37m"
BOLDWHITE="\033[1;37m"


proceedfunc() {
echo -n "Proceed? (y/n): "
read PROCEEDASK
until [ "${PROCEEDASK}" = "y" ] || [ "${PROCEEDASK}" = "n" ]; do
echo -n "Please enter 'y' or 'n': "
read PROCEEDASK
done
}

CreateEmail()
{
echo "Enter the username of email account (In Small Letters)"
echo -en "(If your email account is "'\E[37;44m'"${RED}email${COLOROFF}@"'\E[37;44m'"${RED}domain.tld${COLOROFF}, enter only email): "
read EMAIL
echo "Enter the domain name (Here it is domain name only)":
read DOMAIN
echo -e ${BLUECOLOR}
echo "Your email account will be $EMAIL@$DOMAIN (Ensure this is correct)"
echo -e ${COLOROFF}
proceedfunc
if [ "${PROCEEDASK}" = "y" ]; then
adduser -s /sbin/nologin $EMAIL
echo "Please enter a password: "
passwd $EMAIL
echo "$EMAIL@$DOMAIN" >> /etc/mail/virtusertable
echo -e ${BLUECOLOR}
echo "$EMAIL@$DOMAIN - Created"
echo -e ${COLOROFF}
else
echo -e ${REDCOLOR}
echo "Your email account creation operation aborted".
echo -e ${COLOROFF}
fi
}

CreateEmail

Manualy mail creating scriptEXIM/MAIL SERVER

spam assisasin install

http://forums.theplanet.com/index.php?showtopic=49078



you forgot the fst part

ls /home/virtual/site*/fst/home/*/.spamassassin/user_prefs


/home/virtual/site*/fst/home/*/.spamassassin/user_prefs

how-to updated.



sa-learn --import -D
sa-learn --sync -D



You guys forgot to mention that if you were using Bayes, you must update the old database to the new 3.0 format or you will be v2 db errors in your maillogs;

1) Stopping exim or whatever mail server your running
2) If spamd is running, turn it off
3) run sa-learn --sync

Restart everthing, make sure your old db has been upgraded by watching for db issues in the maillogs.

service spamassassin stop
sa-learn --import -D
sa-learn --sync -D
spam assisasin installEXIM/MAIL SERVER

FDM

http://fdm.sourceforge.net/
http://www.faqs.org/rfcs/rfc1064.html
FDMEXIM/MAIL SERVER

mbox lock


http://www.exim.org/exim-html-4.20/doc/html/spec_25.html


http://www.topology.org/linux/imap.html#concurrent


Vpopmail/qmail uses Maildir format. In this format there is no inbox file, all the mails are stored in a directory as separate files. Thus I believe no such locking problem can occur. Each file is maybe locked momentarily so another imapd client can wait if the file is busy at that moment.

The problem you are seeing is because the imapd program locks the mbox file and dies when another copy of the imapd opens the mailbox again. The reason for this is, for example user might start tagging messages as deleted in his imap client, if the mbox file is not locked, another client can read wrong info, if both clients write at the same time then file can become corrupt. So a lock is required.

I would say it is bad software design which is causing this problem, it is not designed for concurrent access. I guess this person is using simple servers like sendmail or postfix or something? Solution is to use Maildir format if possible.

http://spamprobe.sourceforge.net/README.txt




http://www.flatmtn.com/article/setting-exim






================
cat inbox > inbox.new
rm -rf inbox
mv inbox.new inbox
chown user.mail inbox
chmod 660 inbox
================

mbox lockEXIM/MAIL SERVER

pop before smtp

/etc/relayhosts
/etc/relayhostsusers
pop before smtpEXIM/MAIL SERVER

QMAIL

818 wget http://downloads.sourceforge.net/project/qmhandle/qmhandle-1.3/qmhandle-1.3.2/qmhandle-1.3.2.tar.gz?use_mirror=nchc

/var/log/qmail/smtpd/
cp qmHandle /usr/bin/




qmHandle -l| grep -B 2 anonymous@pro-websolutions.com | grep "(" | awk -F"(" '{print $1}'





LL17 Row1 Rack 12
whatsit.crprod.com



QMAILEXIM/MAIL SERVER

links

Ram Disk:
------------------
http://www.vanemery.com/Linux/Ramdisk/ramdisk.html
http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/mnt.html
http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/initrd.html

http://tldp.org/HOWTO/Network-boot-HOWTO/x150.html

http://www.ibm.com/developerworks/linux/library/l-initrd.html



http://duartes.org/gustavo/blog/post/how-computers-boot-up
http://www.ibm.com/developerworks/linux/library/l-linuxboot/




==================
Syslog:

http://www.aboutdebian.com/syslog.htm




===============
Questions:

http://www.bestsamplequestions.com/network-plus-sample-questions/network-plus-sample-questions-1.html
linksEXIM/MAIL SERVER

ssh2

I installed it in local machine. The following are the steps to be followed.

1. Install libssh2
2. Install ssh2 via pecl
3. Add the extension in php.ini file.

In php.ini file, the extension_dir is specified is specified as "./". We need to change it to the extension dir where ss2.so gets installed and add the ssh2 extensions.

I am not sure whether easyapache break it, but I think we can install it.

Boss, I need your advice :)

Prasad.

--
PS: For installation, we may refer the following links suggested by Abhi.

http://operationsbase.net/install.php
http://devzone.zend.com/manual/view/page/ref.ssh2.html
ssh2EXIM/MAIL SERVER

Load+exim+attack

1009 grep extracpus /var/cpanel/cpanel.config
1010 tail -100 /var/log/exim_mainlog | more
1011 exim -bpru
1012 exiwhat
1013 tail -f /var/log/exim_mainlog | grep --line-buffered "no IP address found for host" | grep --line-buffered -P "\d+\.\d+\.\d+\.\d+" -o
1014 exigrep --line-buffered "no IP address found for host" /var/log/exim_mainlog | grep --line-buffered -P "\d+\.\d+\.\d+\.\d+" -o
1015 exigrep --line-buffered "no IP address found for host" /var/log/exim_mainlog
1016 grep --line-buffered "no IP address found for host" /var/log/exim_mainlog | grep --line-buffered -P "\d+\.\d+\.\d+\.\d+" -o
1017 grep "smtp_accept_max" /etc/exim.cong
1018 grep "smtp_accept_max" /etc/exim.conf
1019 grep "rfc1413_query_timeout" /etc/exim.conf
1020 grep "smtp_load_reserve" /etc/exim.conf


/var/spool/exim/msglog
-------------------------------
exim_deny.pl
av_scanner = clamd:/var/run/clamav/clamd
spamd_address = 127.0.0.1 783
-------------------------------


http://forums.cpanel.net/f5/exim-attack-no-ip-address-found-host-causing-high-cpu-load-35425.html
http://www.exim.org/lurker/message/20080216.225624.9be61c26.en.html

http://blog.configserver.com/index.php?itemid=264
https://help.ubuntu.com/community/MailServer****
http://paste2.org/p/12037
http://freebsd.munk.me.uk/archives/212-Installing-Exim,-SASLAuthd,-ClamAV-and-SpamAssassin-on-FreeBSD-6.2.html***
http://www.pseudorandom.co.uk/2006/mailserver/*******
http://www.rvskin.com/index.php?page=public/antispam
http://forums.rvskin.com/lofiversion/index.php/t471.html
http://www.exim.org/exim-html-4.40/doc/html/spec_45.html
http://forums.cpanel.net/f5/exim-attack-no-ip-address-found-host-causing-high-cpu-load-35425.html

http://www.exim.org/lurker/message/20080216.225624.9be61c26.en.html

http://blog.configserver.com/index.php?itemid=264




1NTeXe-0001dt-P6




Load+exim+attackEXIM/MAIL SERVER

load

deny hosts = ! +senderverifybypass_hosts
> ! verify = sender
loadEXIM/MAIL SERVER

Read More...