Managing Your EXIM Queue

Have you ever had a hard time with spammers or recently logged in to one of your Linux servers only to find 10-20+ exim processes hogging all of your resources? Check out the commands below to help you manage your queue.

Count The Messages

Count the number of messages in your queue. If this number is abnormally large; it’s usually a good indication of some malicious activity on your server.
# exim -bpc


View The Messages

After finding out you have 1000’s of messages in your exim queue it might be a good idea to stop the exim service.
# service exim stop


After stopping the service run this command to see what’s in the queue:
# exim -bp | less


This will pipe the results to the less command to enable you to page through and search the results. Find one of the message ID’s that seem to be duplicates (spam) and copy it to your clipboard.
A message ID looks like this: 1KBB28-0006UC-Fl


Run this command to view the header of the suspect message:
# find /var/spool/exim/input -name "1KBB28-0006UC-Fl-H" -exec cat {} \;

or this method with exim
# exim -Mvh 1KBB28-0006UC-Fl


The header can show you exactly where the message is originating as well as the recipient. If the spammer is connecting directly to your SMTP server you can also gather the IP address here.


Removing The Messages

Let’s get the messages out of the queue. For our example, we’ll use the address [email protected] as the sending address. To remove all emails in the queue for [email protected] run this command:

# exim -bp | awk ‘$4[email protected] { print $3 }’ | xargs exim -Mrm