switch to the folder containing files, in my case:

cd /var/spool/exim/

ans start deleting files by typing:

find . -maxdepth 1 -type f -delete

you can track the number of remaining files easily by tiping the below command from another terminal: (cd to same directory)

find . -maxdepth 1 -type f | wc -l

..

The post A faster way to delete files appeared first on VeriTeknik.

exim -bpru | tr '\n' + | sed -e "s/++/=/g" | tr -d + | tr = '\n' | grep "spammer@email.com" | awk {'print $3'} | xargs exim -Mrm

Simple replace the spammer@email.com address with the potential spammer.
Don’t forget that this command uses the whole queue list to process. Sometimes if you have hundreds of thousands of email from this spammer in queue, it will get hard to process them all for the system. So instead of using the whole queue list, we can break it down to pieces with the head command.

The command below will break it down to pieces of 5000, so if you have more than 5000, you should run this command several times.

exim -bpru | head -n 5000 | tr '\n' + | sed -e "s/++/=/g" | tr -d + | tr = '\n' | grep "spammer@email.com" | awk {'print $3'} | xargs exim -Mrm

To delete all mails from the queue, simply use this command.

exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | sh

The post Delete Mail From Queue in Exim appeared first on VeriTeknik.

This happens with exim especially when moving from one server to another via Directadmin.

To verify this solution, first check your paniclog:

tail /var/log/exim/paniclog

If you get something like this:

2012-06-08 18:53:01 1SczTF-0002Cj-B8 Failed to find user “” from expanded string “${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}” for the domain_filter router

then you probably have an issue with your domainowners file. as you can see, the perl script can’t parse the username, hence the error “unknown user” when receiving email.

The solution is to rebuild the /etc/virtual directory

Get a backup

cd /etc
cp -Rp virtual virtual.backup

Verify its existance

mkdir -p /etc/virtual
chmod 755 /etc/virtual
chown mail:mail /etc/virtual

Create this script and save it somewhere, let’s say /root/fix_virtual.sh

#!/bin/sh

echo -n '' > /etc/virtual/domains
echo -n '' > /etc/virtual/domainowners

mkdir -p /etc/virtual/`hostname`
chown mail:mail /etc/virtual/`hostname`
chmod 711 /etc/virtual/`hostname`
echo `hostname` >> /etc/virtual/domains

for u in `ls /usr/local/directadmin/data/users`; do
{
       for d in `cat /usr/local/directadmin/data/users/$u/domains.list`; do
       {
               echo "$d: $u" >> /etc/virtual/domainowners
               echo "$d" >> /etc/virtual/domains

               DMN=/etc/virtual/$d

               mkdir -p $DMN
               chmod 711 $DMN
               chown mail:mail $DMN

               touch $DMN/aliases
               if [ ! -s $DMN/aliases ]; then
                       echo "$u: $u" > $DMN/aliases
               fi
               touch $DMN/autoresponder.conf
               touch $DMN/filter
               touch $DMN/filter.conf
               touch $DMN/passwd
               touch $DMN/quota
               touch $DMN/vacation.conf
               chown mail:mail $DMN/*

               mkdir -p $DMN/majordomo
               chmod 751 $DMN/majordomo
               chown majordomo:daemon $DMN/majordomo

               mkdir -p $DMN/reply
               chmod 700 $DMN/reply
               chown mail:mail $DMN/reply

               for p in `cat /usr/local/directadmin/data/users/$u/domains/$d.pointers 2>/dev/null`; do
               {
                       echo "$p: $u"  >> /etc/virtual/domainowners
                       echo "$p" >> /etc/virtual/domains
                       ln -s $d /etc/virtual/$p
               };
               done;
       }
       done;
}
done;

chown mail:mail /etc/virtual/domains
chown mail:mail /etc/virtual/domainowners
chmod 644 /etc/virtual/domainowners
chmod 644 /etc/virtual/domains

Make it exacutable and run.

chmod 755 /root/fix_virtual.sh
/root/fix_virtual.sh

Restart exim services

service exim restart

Your problem should be fixed.

The post Directadmin : Problem Receiving Emails – The “Unknown User” Issue appeared first on VeriTeknik.

Whilst doing that, we realized the server was getting a lot of incoming mails as forgery. So, it is possible to get the IP list of the possible forgerers.

To do this, we need to check the lines that indicate an INCOMING message, and that claims it uses our mail server itself as a sender, but actually connects through a different IP address.

Exim uses the notation for incoming messages, so it is easy to catch.
It also uses the notation H=IP.ADD.RE.SS to state the IP address (or the hostname) of the incoming message. The beauty in this is that, it also gets the real IP address and checks if they match, if they don’t match, then it brackets the H= value like this H=(IP.ADD.RE.SS) and right after that, gives the real IP address with boxed brackets. [REAL.IP.ADD.RESS]

To detect forgeries done in a time period, and getting ONLY the IP address is crutial when you want check those IP addresses with others tools and scripts. So here’s an example grep line :

grep -ohP "(?

The example above, assumes that your mailserver’s IP Address is 10.1.31.33, of course this won’t be the case since it’s a local ip, so change that with yours.
It also checks for attempts in March 2012, you can also edit this, since we’re using the Perl compatible regular expressions (the -P option of grep) than we can use .. as wildcards for 2 characters (the day indicator).
Since we’re checkig for more than 1 file, (mainlog*) grep will output the filenames too, the -h option is to suppress that.
Also, we’re piping the output to uniq, so that we don’t get multiple results for the same IP address.
Now you can simply redirect these IP addresses to your script/tool or save them for other purpose.

The post Detecting Possible Mail Forgers in EXIM appeared first on VeriTeknik.