Changing the Exim interface IP

In order to change the exim interface IP, do the following :

-SSH to your server and edit the file – /etc/mailips : This file controls the IP address from which each domains are allowed to send the mails. If the file is not present, create it. Open the file for editing using your preferred text editor. You will need to configure this file in the following way:

*: (<- desired IP )

^ the option * denotes the entire list of domains in the server. If you require just one domain to send from a different IP, specify the domain there instead of ‘*’

– Disable the following from WHM

From WHM »Service Configuration »Exim Configuration Manager>> Domain and IPs>> Send mail from account’s dedicated IP address "on"

– Enable this option,

Reference /etc/mailips for outgoing SMTP connections.

And now, restart the exim service.

Exim cheatlist

# /var/log/exim_paniclog : info abt the exim program itself.

# /var/log/exim_mainlog : logs every single mail transaction.

# /var/log/exim_rejectlog : This logs delivery rejections.

# exim -bp : shows mails on the queue

# exim -bpc :This option counts the number of messages on the queue.

# exim -bpr :This option operates like -bp, but the output is not sorted into chronological order of message arrival.

# exiwhat : shows what exim is doing at the moment

# exim -bt [user]@domain : Test how Exim’s configuration will handle mail sent to the specified address.

# exiqgrep -f [user]@domain : Find messages from a particular sender in the queue.

# exiqgrep -r [user]@domain : Find messages to a particular addressee on your server.

# exim -Mrm <message-id> [ <message-id> ... ] : Remove a specific message(s) from the queue

# exiqgrep -o 36000 -i | xargs exim -Mrm : Remove all messages older than ten hours (36000 seconds)

# exim -Mvh <message-id> : View a specific message’s full headers.

# exim -Mvb <message-id> View a specific message’s body.

exim -bp | grep frozen | wc -l : Print number of frozen mails.

exiqgrep -z -i | xargs exim -Mrm : Delete frozen mails.

exim -bp | exiqgrep -i | xargs exim -Mrm : Remove all mails.


Some other useful commands :

– To list the folders from which mails can be generated :

awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1

– To list which mail account is reporting highest activity :

exim  -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" | sort | uniq -c | sort -n

How can I secure my mail service – cPanel

Mail servers are exploited a lot these days to flood out spam mails from the ones which have been compromised.

Securing your mail service is very much important. There are some tweaks which can be carried out from WHM panel.

–> In Home >> Server Configuration >> Tweak Settings

Prevent “nobody” from sending mail – This will ensure that PHP
scripts running under the ownership ‘nobody’ will not be able to send mails. Most of the times, any of the vulnerable PHP script will be the culprit for sending out spams from your account.

Restrict outgoing SMTP to root, exim, and mailman – This prevents users from bypassing your mail server to send mail. Only the ones mentioned here are authorized to connect to remote SMTP servers.

// If you get an error while trying to enable SMTP restrictions, then you probably are missing an iptables module required for the proper functioning. Ask your provider to enable it for you, or if you have the ways to do it, give-in the following :

modprobe ipt_owner


–> In Home >> Service Configuration >> Service Manager,  you can find the option Antirelayd. Keep this disabled, so that each time POP3 connects authentication would be required.

–> If you are facing any issues related to IMAP getting restarted numerous times,  check

# grep 'LOGIN FAILED' /var/log/maillog|awk '{print $9}'|sort|uniq -c | sort -n

to see if you have many authentication failures from any IPs.  If so, your account is being brute-force attacked. Block the offending IPs in your server firewall.

–> Use secure passwords for your email accounts. Check out the various domains and make sure there are no test accounts created. Under normal cases, test email accounts are created with insecure passwords, which can easily be guessed by the attacker.