Introduction

In a cPanel server, email spam issues are common when a compromised email account, website script, or infected application starts sending bulk emails through the Exim mail server. Detecting such spammers quickly is important to prevent blacklisting of the server IP, high server load, and delivery failures.

Exim provides a useful utility called eximstats that helps administrators analyze mail logs and identify suspicious email activity. By checking Exim statistics, administrators can easily find the top sending users, domains, hosts, and destinations responsible for sending large numbers of emails.

This method is simple, effective, and widely used in cPanel/WHM servers for monitoring outgoing mail activity.

Prerequisites

Before running the Exim statistics command, ensure the following:

  • Root or sudo access to the cPanel server
  • Exim mail server installed and running
  • Access to the Exim mail log file:/var/log/exim_mainlog
  • Basic knowledge of Linux command-line operations
  • Sufficient disk space to generate the report file

Command to Detect Spammers

Execute the following command:

/usr/sbin/eximstats -t10 /var/log/exim_mainlog > /root/stats.txt

Explanation

  • eximstats
    Utility used to generate statistical reports from Exim log files.
  • -t10
    Displays the top 10 entries in each category.
  • /var/log/exim_mainlog
    Main Exim mail log file used for analysis.
  • > /root/stats.txt
    Redirects the output to a text file for easy review.

Information Generated by the Report

The generated report provides valuable information such as:

  • Top 10 local destinations by volume
  • Top 10 local destinations by message count
  • Top 10 sending hosts by volume
  • Top 10 sending hosts by message count
  • Top sending email accounts/users
  • Current Exim email statistics
  • Mail delivery summaries
  • Failed and rejected mail statistics

Using this information, administrators can identify unusual email activity and detect possible spam sources.

Viewing the Report

After generating the report, you can view it using:

cat /root/stats.txt

or

less /root/stats.txt

You can also open the file using the vi editor:

vi /root/stats.txt

Conclusion

The eximstats utility is one of the most useful tools available in cPanel servers for monitoring email activity and detecting spammers. By analyzing the Exim mail logs regularly, administrators can quickly identify compromised accounts or scripts sending spam emails.

Regular monitoring helps maintain server reputation, prevents IP blacklisting, and ensures smooth email delivery from the server. This simple command provides a quick and effective way to troubleshoot and control spam-related issues in Exim-based cPanel environments.

Post Views: 82

Leave a Reply