We use cookies to keep our site relevant and easy to use, your continued use of this site is consent that we may set several cookies (see our Privacy & Cookie Policy), click to always allow cookies from our site (and not see this notifcation on your next visit) or read more.Allow Cookies

EU legislation requires that all websites clearly specify if cookies are being used and their purpose, You can read more about how we use cookies (and which cookies we use) in our Privacy and Cookie Policy.

You will see this notification the first time you visit our website unless you accept cookies (in which case we'll set a cookie to remember thay you're happy for us to to set cookies!).

Hands on with an Exim Cheatsheet!

A couple of days ago I had reason to get really hands on, down and dirty with Exim my MTA.

The basic problem being that for some absolutely unknown reason a couple of clients messages were stuck on the queue and not able to be delivered to me. They were failing with some reason about broken pipes:

2005-12-14 10:18:17 <MSG ID> <[email protected]>: virtual_sa_userdelivery transport output: An error was detected while processing a file of BSMTP input.
2005-12-14 10:18:17 <MSG ID> == <[email protected]> R=virtual_sa_user T=virtual_sa_userdelivery defer (0): transport filter timeout while writing to pipe

Try as I might I couldn’t get them off the queue – later whilst trying to uninstall clamav/Mailscanner (which seemed to be the problem) a reboot of the server was done and they all popped through!!!

However, all of this did cause me to start messing with Exim and find all of the following useful commands and info(courtesy of BradTheMad.org and Ben Duncan’s Article):

The Exim SMTP Mail Server Exim: The Mail Transfer Agent
The Exim SMTP Mail Server: Official Guide for Release 4 Exim: The Mail Transfer Agent: The Mail Transport Agent


msg id’s and spool
The message-IDs are of the form: XXXXXX-YYYYYY-ZZ. Commands use these message-ids.

There are three files for each message in the spool directory (make sure you get all of the little sods if you’re messing with these files by hand).

logging information for each message is stored here:

Files in /var/spool/exim/input are named after the message-id, plus a suffix denoting whether it is the envelope header (-H) or message data (-D).

Don’t expect everything to always appear directly in the top /var/spool/exim/input or /var/spool/exim/msglog directories; any searches or greps will need to be recursive.

WARNING:See if there is a proper way to do what you’re doing before working directly on the spool files.

Queue information

Number of messages in the queue:
[email protected]# exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient):
[email protected]# exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):
[email protected]# exim -bp | exiqsumm

Generate and display Exim stats from a logfile:
[email protected]# eximstats /path/to/exim_mainlog

Same as above, with less verbose output:
[email protected]# eximstats -ne -nr -nt /path/to/exim_mainlog

Same as above, for one particular day:
[email protected]# fgrep YYYY-MM-DD /path/to/exim_mainlog | eximstats

Print what Exim is doing right now:
[email protected]# exiwhat

Search the queue for messages from a specific sender:
[email protected]# exiqgrep -f [luser]@domain

Search the queue for messages for a specific recipient/domain:
[email protected]# exiqgrep -r [luser]@domain

Print just the message-id as a result of one of the above two searches:
[email protected]# exiqgrep -i [ -r | -f ] ...

Print just the message-id of the entire queue:
[email protected]# exiqgrep -i

Managing the queue

Start a queue run:
[email protected]# exim -q -v

Start a queue run for just local deliveries:
[email protected]# exim -ql -v

Remove a message from the queue:
[email protected]# exim -Mrm [ ... ]

Freeze a message:
[email protected]# exim -Mf [ ... ]

Thaw a message:
[email protected]# exim -Mt [ ... ]

Deliver a specific message:
[email protected]# exim -M [ ... ]

Force a message to fail and bounce:
[email protected]# exim -Mg [ ... ]

View a message’s headers:
[email protected]# exim -Mvh

View a message’s body:
[email protected]# exim -Mvb

View a message’s logs:
[email protected]calhost# exim -Mvl

Adding a recipient to a message:
[email protected]# exim -Mar message_id [email protected]
will add [email protected] as a recipient of the message and send a copy to that address.

There is no way to actually delete a recipient, but Exim can be told to pretend that delivery for a recipient has been completed. To mark one of the intended recipients as delivered:
[email protected]# exim -Mmd message_id [email protected]
Will mark the address [email protected] as delivered and stop delivery attempts to that address, whereas:
[email protected]# exim -Mmad message_id
Will mark all recipients as delivered.

You can also edit the body of the message:
exim -Meb message_id
This runs vi on a copy of the spool file with a lock. No delivery attempts are made while the file is locked. There a few caveats on this and you should look up more info on it before you attempt it.

My Problem

In my case I needed to do something quite drastic using the last few notes above from Ben
Because the messages wouldn’t deliver locally I needed to get them to deliver off somewhere else (in my case – my gmail account):

[email protected]# exim -Mf message_id
(Freeze the message)
[email protected]# exim -Mar message_id [email protected]
(Add my gmail account as a recipient)
[email protected]# exim -Mmd message_id [email protected]
(Mark the local domain as delivered - because we can't actually delete it)
[email protected]# exim -Mt message_id
(Thaw the message to run it on the next queue run)

[email protected]# exim -M message_id
(Deliver message immediately)

Fix SMTP-Auth for Pine

If pine can’t use SMTP authentication on an Exim host and just returns an “unable to authenticate” message without even asking for a password, add the following line to exim.conf:

begin authenticators

driver = plaintext
public_name = PLAIN
server_condition = “${perl{checkuserpass}{$1}{$2}{$3}}”
server_set_id = $2
> server_prompts = :

Disable Attachment Blocking

To disable the executable-attachment blocking that many Cpanel servers do by default but don’t provide any controls for on a per-domain basis, add the following block to the beginning of the /etc/antivirus.exim file:

if $header_to: matches “example\.com|example2\.com”


To delete all queued messages containing a certain string in the body:
[email protected]# exim -Mrm `grep -lr 'a certain string' /var/spool/exim/input/ | \
sed -e 's/^.*\/\([a-zA-Z0-9-]*\)-[DH]$/\1/g'`

If you have to feed many, many message-ids (like more than a thousand) to an exim command, you may exhaust the limit of your shell’s command line arguments. In that case, use head or tail on a listing of message-ids to run only a limited number of them at once.

For example, if [email protected] bombed you with 8,000 messages and you want to get rid of them all, remove 1,000 at a time:
[email protected]# exim -Mrm `exiqgrep -i -f '' | head -1000`
[email protected]# !!

[…etc., 8 times total…]

Thanks to Brad and Ben who saved my bacon the other day!

If you found this post useful, why not buy me a coffee or a beer (depending on the time of day obviously!):

This entry was posted on Friday, December 16th, 2005 at 5:03 pm and is filed under Linux. You can follow any responses to this entry through the RSS 2.0 feed.