Exim stuff

Subject line logging

log_selector = +subject

Error exim dead but pid file exists

exim -bd -d+all

to check why it won't start. Probably a permissions error on the log file.

Redirect outbound mails for a domain to a different mailserver:

domainlist smarthost_domains = domain1:domain2.com

then in routers section

smarthost:

driver = manualroute

domains = +smarthost_domains

transport = remote_smtp

route_list = +smarthost_domains IP_or_DNS_of_smarthost

Adding recipient verification

Add at the top of the acl section:

Code: Select all

deny message = REJECTED - Recipient Verify Failed - User Not Found

domains = ppm-sa.com

!verify = recipient/callout=2m,defer_ok,use_sender

Queues

A few tidbits on manipulating the messages in the Exim Queue. Note the pathname to exim under @Mail is /usr/local/atmail

/mailserver/bin/exim

Adding a recipient to a message:

Code: Select all

exim -Mar message_id email@domain.dom

will add email@domain.dom as a recipient of the message and send a copy to that address.

There is no way to actually delete a recipient, but Exim can be told to pretend that delivery for a recipient has been completed.

To mark one of the intended recipients as delivered:

Code: Select all

exim -Mmd message_id email@domain.dom

Will mark the address email@domain.dom as delivered and stop delivery attempts to that address, whereas:

Code: Select all

exim -Mmad message_id

Will mark all recipients as delivered.

These commands are handy if you need to divert a piece of mail to one or more new recipients. The safest way to do this is:

Freeze the message:

Code: Select all

exim -Mf message_id

Use the -Mmad or -Mmd switched to mark all or individual recipients as delivered.

Use the -Mar switches to add as many new recipients as needed.

Thaw the message:

Code: Select all

exim -Mt message_id

which will then attempt delivery on the next queue run, or force delivery now:

Code: Select all

exim -M message_id

You can also edit the body of the message:

Code: Select all

exim -Meb message_id

This runs vi on a copy of the spool file with a lock. No delivery attempts are made while the file is locked. There a few caveats on

this and you should look up more info on it before you attempt it.

Summary of queue runner commands:

-M : Force delivery

-Mar : Add recipient

-Meb : Edit message body

-Mes : Edit sender

-Mf : Freeze message

-Mg : Give up (and bounce message)

-Mmad : Mark all recipients as delivered

-Mmd : Mark recipient as delivered

-Mrm : Remove message (no bounce)

-Mt : Thaw message

-Mvb : View message body

-Mvh : View message header

-Mvl : View message log

Contents

Exim FAQ : http://exim.netmirror.org/exim-html-4.4 ... Q.html#TOC

Test a local account with routing problems

Code: Select all

exim -bh 127.0.0.1

and continue with helo me, mail from etc like you were telnetting localhost on port 110

Special Routers eg support@pcb.co.za

This is where if you send to a specific user you can route it to a completely different place

On the mail server grep for local routers

grep -ri support /etc/exim/* | grep local

/etc/exim/exim.conf: local_parts = support

/etc/exim/exim_out.conf: local_parts = support

/etc/exim/exim_release.conf: local_parts = support

Edit these files and add the local router eg

Code: Select all

begin routers

support:

driver = manualroute

domains = pcb.com : pcb.co.za

local_parts = support

transport= remote_smtp

ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8

route_list = "* 212.12.14.123 byname"

Code: Select all

spamtrap:

driver = manualroute

domains = pcb.com : pcb.co.za

local_parts = spam

transport= remote_smtp

ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8

route_list = "* 196.34.241.242 byname"

On the target, in exim.conf, add the target domain too:

Code: Select all

domainlist local_domains = @ : localhost : localhost.localdomain : pcb.com : pcb.co.za

Mail being delivered but not appearing in mailbox

-Check the aliases to see if the user shares his name with a system account and hash out

-copy the system account's mbox to /tmp to work on

-filter out system messages using the l command in mutt

-tag the messages using the T command

-mass delete them using the ;d command

-cat and append >> the tmp mailbox into the live mbox once you are happy the system messages are out

If outbound mail exceeds the limit (More than 2500)

- Check how many, and what domains have the most mail in the queue

Code: Select all

## exim -Cexim -C /etc/exim/exim_out.conf -bp | exiqsumm

- check how many are frozen

Code: Select all

## mailq | grep frozen|wc -l

- If there is allot frozen...NUKE THEM!!

## cd /usr/local/bin

Code: Select all

## ./nuke-frozen

>> Go to each domain that has allot of emails, try to telnet onto their domain through port 25, if you can't phone them because

something can be wrong with their server or line.

Code: Select all

## cat /etc/exim/routes | grep "domain"

(This shows you here the domain points to...eg...mail.sybase.co.za

Code: Select all

## telnet "mail.sybase.co.za" 25

- Also check the "current load" of the server, if it's more than 13 than it's too high

Code: Select all

## top

- In cd /usr/local/bin there is also a command to flush ALL mail

Code: Select all

## /usr/local/bin/unfreeze-mail

Summarize Messages in the inbound queue by size etc

Code: Select all

exim -bp | exiqsumm

Summarize Messages in the outbound queue by size etc

Code: Select all

exim -C /etc/exim/exim_out.conf -bp | exiqsumm

dont work on all servers so rather use the above

Code: Select all

mailq | exiqsumm

dont work on all servers so rather use the above

Code: Select all

mailq | grep -B3 -A3 domain

(3lines before 3 lines after)

Check mail in the outbound queue

Code: Select all

exim -C /etc/exim/exim_out.conf -bp

if there is for that domain

Flush email for domain from outbound queue

-

Code: Select all

exim -C /etc/exim/exim_out.conf -v -Rff wings.co.za

Flush all mail (Do this in a screen session)

-

Code: Select all

exim -C /etc/exim/exim_out.conf -v -qff domain.com

Force release an email

Code: Select all

exim -C /etc/exim/exim_out.conf -v -t < /var/spool/MailScanner/quarantine/DATE/MESSAGEID/message

(/var/spool/MailScanner/quarantine/DATE/spam/MESSAGEID/ for spam)

CC someone on a released mail

copy the 'message' file from /var/spool/MailScanner/quarantine/DATE/MESSAGEID/ to a temp folder like /tmp/message

edit the file and change to To: address to the person who also wants the mail and save

Code: Select all

exim -C /etc/exim/exim_out.conf -v -t < /tmp/message

remove the /tmp/message file

Remove a message

Code: Select all

exim -C /etc/exim/exim_out.conf -Mrm

Send a test message

Code: Select all

exim -bt adrress

Release a message from frontend

-paste message ID & release

-find message using search criteria and run a report

-if attachments are still blocked via a policy then force at the backend...

Check mail account is processing mail

Code: Select all

exigrep username /var/log/exim/main.log

Code: Select all

tail -5000 /var/log/exim/main.log | exigrep username

Block mail from names (eg shf.org.za)

-Find out which server their mail passes through -

Code: Select all

dig mx marley.co.za

-Log into the backend of that server

-Edit:

Code: Select all

/etc/Mailscanner/rules/non.spam.actions.rules

/etc/Mailscanner/rules/spam.actions.rules

/etc/Mailscanner/rules/spam.high.actions.rules

-Enter the names which must be blocked accordingly with the 'delete' action and save the file

-Replicate the file to the other server

scp /etc/MailScanner/rules/non.spam.actions.rules securemx2:/etc/MailScanner/rules

-Reload the MailScanner service on both boxes

Code: Select all

service MailScanner reload

Check emails were received

-log into the relevant server after 'dig mx domain'

-

Code: Select all

exigrep hbooyse@sars.gov.za /var/log/exim/mainlog

-check the output to verify emails from that address were processed

Check which file holds a given name

Code: Select all

grep -ri name *

Checking the logs to see if mail is coming through to the server for specific user account.

Code: Select all

exigrep "username" /var/log/exim/main.log | more

(More used to show the log in sections,"pausing it" )

Checking the logs to see if mail is coming through to the server

Code: Select all

tail -f /var/log/maillog | more

Using "sendmail", finding emails and checking if it went through.

Code: Select all

cat /var/log/maillog | grep username | grep "Date" | grep time | more

Sending test email from Telnet (some servers require the address in this format

Code: Select all

[root@server284 ~]\# nc localhost 25

220 server284.dsl.storm.co.za ESMTP Exim 4.43 Wed, 02 Apr 2008 09:49:02 \+0200

helo

501 Syntactically invalid HELO argument(s)

mail from:cam@domain.com

250 OK

rcpt to:cameron.summers@pcb.co.za

250 Accepted

data

354 Enter message, ending with "." on a line by itself

Test email from server 284

.