Showing posts with label MAIL. Show all posts
Showing posts with label MAIL. Show all posts

Sunday, May 5, 2024

Resolving Email Sending and Receiving Issues in cPanel with a ClamAV Update


Email communication is fundamental in today's business landscape. However, disruptions in email services can occur, leading to significant communication breakdowns. This blog post explains a common issue encountered in cPanel related to email delivery and the steps we took to resolve it using the "Force ClamAV Update" feature in WHM's “ConfigServer MailScanner FE”.

The Challenge: Suddenly, our organization faced an email outage where neither incoming nor outgoing emails were being processed. This issue caused delays and affected our daily operations, emphasizing the need for a swift solution.

Diagnosing the Issue: Upon discovering the email delivery problem, our technical team immediately began troubleshooting. We checked the email queue and server logs in cPanel but didn't find any obvious errors. We suspected the issue might involve the email scanning tool integrated into our server—specifically ClamAV, a popular antivirus engine used to scan incoming and outgoing emails for threats.

Implementing the Solution: To address potential issues with ClamAV:

  1. We logged into the WHM (WebHost Manager).
  2. Navigated to “ConfigServer MailScanner FE” under the plugins section.
  3. Clicked on “Force ClamAV Update” to manually update the antivirus definitions.

Results: Shortly after updating ClamAV, the email functionality returned to normal. This indicated that the issue was likely due to outdated or corrupted antivirus definitions that interfered with email processing.

Why This Solution Worked: The "Force ClamAV Update" effectively refreshes ClamAV's database, ensuring that all email scans use the latest definitions. This is crucial because outdated definitions can lead to false positives or failures in properly scanning emails, which in turn can block legitimate emails from being sent or received.

Preventative Measures: To prevent similar issues in the future, consider the following steps:

  • Regular Monitoring: Keep an eye on the email system’s performance and logs for any unusual activity.
  • Scheduled Updates: Set automatic updates for ClamAV and other critical software to ensure all components are current.
  • Training: Educate your technical team on recognizing and resolving email delivery issues quickly and efficiently.

Conclusion: Email disruptions can cripple business operations, but many issues are manageable with the right tools and a proactive approach. The "Force ClamAV Update" feature in WHM's “ConfigServer MailScanner FE” is a vital tool for maintaining the integrity and functionality of your email systems. By sharing this solution, we hope to assist others in swiftly resolving similar email delivery challenges.

Friday, April 26, 2024

exim dead but subsys locked

Exim, the widely-used mail transfer agent (MTA), can sometimes cause issues on servers, especially when it needs to be temporarily disabled or restarted. One common error encountered is "exim dead but subsys locked." Here's a simple guide on how to disable Exim and resolve this error quickly.

1. Stop the Exim Service

To stop the Exim service, use one of the following commands based on your system:

/etc/init.d/exim stop


service exim stop

2. Create an Empty File

Next, create an empty file named "eximdisable" under the "/etc" directory using the following command:

touch /etc/eximdisable

Now, when you attempt to restart or start the Exim service, you'll encounter the following error:

/etc/init.d/exim status exim dead but subsys locked

This indicates that the Exim service remains stopped, and "chkservd" cannot start it.

3. Fix the Error

To resolve the "exim dead but subsys locked" error, simply remove the "eximdisable" file using the following command:

rm -rf /etc/eximdisable

Once the file is removed, the Exim service can be started or restarted without encountering the error.


Disabling Exim temporarily and fixing the "exim dead but subsys locked" error is a straightforward process. By following these steps, you can manage Exim effectively on your server and troubleshoot common issues with ease. If you encounter any further difficulties, feel free to reach out for assistance, and we'll be here to help you promptly.

Sunday, May 12, 2013

odbctest.php test page

--- begin odbctest.php---
// connect to DSN MSSQL with a user and password
$connect = odbc_connect("MSSQLServer", "username", "password") or die
("couldn't connect");
odbc_exec($connect, "use Northwind");
$result = odbc_exec($connect, "SELECT CompanyName, ContactName " .
"FROM Suppliers");
print(odbc_result($result, "CompanyName") .
' ' . odbc_result($result, "ContactName") . "<br>\n");
--- end odbctest.php --

Thursday, April 25, 2013

Exim4 Error : "Fatal: no entropy gathering module detected"

Exim4 Error : "Fatal: no entropy gathering module detected"
I just want to share with you all the error that I came across regarding exim and here I'm providing the fix for it as well which worked perfectly for me. I tried to send email using 'mail' command which returned me this error message "Fatal: no entropy gathering module detected".

Here is the fix for this that got it working for me!

SSH to your server and perform the following steps :

# cd /dev
Here you can find either URANDOM and/or RANDOM
Delete them.

# rm -rf urandom
# rm -rf random

Now we have to remake both of them and chmod it.
# /sbin/MAKEDEV urandom
# /sbin/MAKEDEV random
# chmod 777 /dev/urandom
# chmod 777 /dev/random

Tuesday, April 16, 2013

What is SPF records and How to setup?

Why Is My Emails Getting As Spam?
Check above things.

First we need to check Email Headers.
1. Return Path
2. To
3. From
4. We should not use CAPS because not only being unprofessional, but it
also triggers spam filters. To land in the Spam folder consistently,
Excessive punctuation (e.g. -/, ;^%#$@+ * "').

E.g. as follows.

1. Email "From : ADMIN ENROLL <>" getting
spam in sometimes and if we not change it will increasing

2. Email "From:" it
getting in mailbox, check the CAPS deference.

Please check this too. It can be understand better. :)

Check SPF for Domain.:

What is SPF records and How to setup?,338

To diagnose the mail. Why its going in Spam.
Check tool:
Here you can check following points
1. Mxlookup : For your domain and ip
2. Blacklist : For your IP
3. Diagnostics : SMTP Diagnostics, check your mail server
4. Analyze Headers : Check your mail headers.
5. SPF Records : Check your Sender Policy Framework
7. DNS Lookup : Check your Domain lookup.

If you check above all things your mail will not go in Spam.!

cpanel exim limit spam


The following cPanel/Exim configuration will help you stopping spam in the server.

1. Login to WHM control panel
2. Goto Main >> Service Configuration >> Exim Configuration Manager
3. Enable RBL filtering by Basic Editor >> RBLs >> switch to “On” and if you like you may additional RBL from manage option.
4. Enable Sender Verification by Mail >> Sender Verification >> “On” this will check if the mail origin really exists.
5. Reject SPF failures by ACL Options >> Reject SPF failures >> “On” this will verify SPF records and if the SPF record is set to fails then the E-mails from those IPs will be rejected.
6. Home >> Server Configuration >> Tweak Settings
7. Turn “Initial default/catch-all forwarder destination” to “fail” this will fail the catch all feature to be sent to default cPanel account.
8. “Set Max hourly emails per domain” which will limit the E-mail flooding from the server(I normally set it to 70 which is good enough for a single domain for an hour).
9. Set “Maximum percentage of failed or deferred messages a domain may send per hour” everyone knows that Spam E-mails will have alot of non existing E-mail which will then be deferred so If we set this to say 50% the spamming E-mail account will be suspended temporarily if the deferred mails are above 50%.

10. Then save all the configuration this will stop most of spams in the server.

Saturday, April 6, 2013

Find spamming account in Postfix or Plesk

Queue Counting
The following command provides a sorted list of the accounts that have the most mail in the queue. This usually means a maximum of 2 or 3 spammers at the end of the list:

mailq|grep ^[A-F0-9]|cut -c 42-80|sort |uniq -c|sort -n|tail

grep “status=sent” /var/log/maillog |cut -d “=” -f 2 |cut -d “>” -f 1 |cut -d “<” -f 2 |sort -n |uniq -c

grep “dovecot” /var/log/maillog |grep “Aborted login” |cut -d “,” -f 3 |cut -d “:” -f 4 |sort -n |uniq -c

Monday, April 1, 2013

exiqgrep in detail

Exim includes a utility that is quite nice for grepping through the queue, called exiqgrep. Learn it. Know it. Live it. If you’re not using this, and if you’re not familiar with the various flags it uses, you’re probably doing things the hard way, like piping `exim -bp` into awk, grep, cut, or `wc -l`. Don’t make life harder than it already is.

First, various flags that control what messages are matched. These can be combined to come up with a very particular search.

Use -f to search the queue for messages from a specific sender:
root@localhost# exiqgrep -f [luser]@domain

Use -r to search the queue for messages for a specific recipient/domain:
root@localhost# exiqgrep -r [luser]@domain

Use -o to print messages older than the specified number of seconds. For example, messages older than 1 day:
root@localhost# exiqgrep -o 86400 [...]

Use -y to print messages that are younger than the specified number of seconds. For example, messages less than an hour old:
root@localhost# exiqgrep -y 3600 [...]

Use -s to match the size of a message with a regex. For example, 700-799 bytes:
root@localhost# exiqgrep -s '^7..$' [...]

Use -z to match only frozen messages, or -x to match only unfrozen messages.

There are also a few flags that control the display of the output.

Use -i to print just the message-id as a result of one of the above two searches:
root@localhost# exiqgrep -i [ -r | -f ] ...

Use -c to print a count of messages matching one of the above searches:
root@localhost# exiqgrep -c ...

Print just the message-id of the entire queue:
root@localhost# exiqgrep -i


The main exim binary (/usr/sbin/exim) is used with various flags to make things happen to messages in the queue. Most of these require one or more message-IDs to be specified in the command line, which is where `exiqgrep -i` as described above really comes in handy.

Start a queue run:
root@localhost# exim -q -v

Start a queue run for just local deliveries:
root@localhost# exim -ql -v

Remove a message from the queue:
root@localhost# exim -Mrm <message-id> [ <message-id> ... ]

Freeze a message:
root@localhost# exim -Mf <message-id> [ <message-id> ... ]

Thaw a message:
root@localhost# exim -Mt <message-id> [ <message-id> ... ]

Deliver a message, whether it’s frozen or not, whether the retry time has been reached or not:
root@localhost# exim -M <message-id> [ <message-id> ... ]

Deliver a message, but only if the retry time has been reached:
root@localhost# exim -Mc <message-id> [ <message-id> ... ]

Force a message to fail and bounce as “cancelled by administrator”:
root@localhost# exim -Mg <message-id> [ <message-id> ... ]

Remove all frozen messages:
root@localhost# exiqgrep -z -i | xargs exim -Mrm

Remove all messages older than five days (86400 * 5 = 432000 seconds):
root@localhost# exiqgrep -o 432000 -i | xargs exim -Mrm

Freeze all queued mail from a given sender:
root@localhost# exiqgrep -i -f luser@example.tld | xargs exim -Mf

View a message’s headers:
root@localhost# exim -Mvh <message-id>

View a message’s body:
root@localhost# exim -Mvb <message-id>

View a message’s logs:
root@localhost# exim -Mvl <message-id>

Add a recipient to a message:
root@localhost# exim -Mar <message-id> <address> [ <address> ... ]

Edit the sender of a message:
root@localhost# exim -Mes <message-id> <address>

How to clear eximstats db

If the size of your eximstats database is getting large, you can do the following steps to clear it.

Login to mysql


mysql> use eximstats
mysql> delete from sends;
mysql> delete from smtp;
mysql> delete from failures;
mysql> delete from defers;



$Subject=”Trying to send”;
$Message2=”Testing mail”;

if(mail($SendTo, $Subject, $Message2, “From: $Sender”)){
print”<br><br><FONT style=\”font-size:12px\” color=\”#009300\” face=\”Arial\”><B>Sent to: $SendTo  … Sender: $Sender</B></FONT>”;
print”<br><br><FONT style=\”font-size:12px\” color=\”#FF0000\” face=\”Arial\”><B>Not sent to: $SendTo  … Sender: $Sender</B></FONT>”;


Tips to remember:

Step 1:
Create a test.php inside public_html folder
For example —>  /home/public_html/test.php
Copy the above script and paste inside test.php  (remember to change the ownership of test.php)
run the url 
For example—> if you are creating test.php in your website
Run the url as
The mail will automatically send as php

mailparse enable on cpanel VPS

vi /etc/fstab
none /tmp tmpfs nodev,nosuid,noexec
none /var/tmp tmpfs nodev,nosuid,noexec
Change the "noexec" to "exec"

none /tmp tmpfs nodev,nosuid,exec
none /var/tmp tmpfs nodev,nosuid,exec


Step2: Restart the VPS from node

Step 3:
pecl install mailparse
root@web1 [~]# pecl install mailparse
downloading mailparse-2.1.5.tgz ...
Starting to download mailparse-2.1.5.tgz (37,332 bytes)
..........done: 37,332 bytes
9 source files, building
running: phpize
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519
building in /var/tmp/pear-build-root/mailparse-2.1.5
running: /root/tmp/pear/mailparse/configure
checking for egrep... grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ANSI C... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for PHP prefix... /usr/local
checking for PHP includes... -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib
checking for PHP extension directory... /usr/local/lib/php/extensions/no-debug-non-zts-20060613
checking for PHP installed headers prefix... /usr/local/include/php
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... re2c
checking for re2c version... invalid
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... gawk
checking whether to enable mailparse support... yes, shared
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for /usr/bin/ld option to reload object files... -r
checking for BSD-compatible nm... /usr/bin/nm -B
checking whether ln -s works... yes
checking how to recognize dependent libraries... pass_all
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking dlfcn.h usability... yes
checking dlfcn.h presence... yes
checking for dlfcn.h... yes
checking the maximum length of command line arguments... 98304
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for objdir... .libs
checking for ar... ar
checking for ranlib... ranlib
checking for strip... strip
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC
checking if cc PIC flag -fPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking whether the cc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no

creating libtool
appending configuration tag "CXX" to libtool
configure: creating ./config.status
config.status: creating config.h
running: make
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=compile cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/mailparse.c -o mailparse.lo
mkdir .libs
cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/mailparse.c -fPIC -DPIC -o .libs/mailparse.o
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=compile cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_mime.c -o php_mailparse_mime.lo
cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_mime.c -fPIC -DPIC -o .libs/php_mailparse_mime.o
re2c -b /root/tmp/pear/mailparse/ > /root/tmp/pear/mailparse/php_mailparse_rfc822.c
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=compile cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_rfc822.c -o php_mailparse_rfc822.lo
cc -I. -I/root/tmp/pear/mailparse -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/tmp/pear/mailparse/php_mailparse_rfc822.c -fPIC -DPIC -o .libs/php_mailparse_rfc822.o
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=link cc -DPHP_ATOM_INC -I/var/tmp/pear-build-root/mailparse-2.1.5/include -I/var/tmp/pear-build-root/mailparse-2.1.5/main -I/root/tmp/pear/mailparse -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -o -export-dynamic -avoid-version -prefer-pic -module -rpath /var/tmp/pear-build-root/mailparse-2.1.5/modules mailparse.lo php_mailparse_mime.lo php_mailparse_rfc822.lo
cc -shared .libs/mailparse.o .libs/php_mailparse_mime.o .libs/php_mailparse_rfc822.o -Wl,-soname -Wl, -o .libs/
(cd .libs && rm -f && ln -s ../
/bin/sh /var/tmp/pear-build-root/mailparse-2.1.5/libtool --mode=install cp ./ /var/tmp/pear-build-root/mailparse-2.1.5/modules
cp ./.libs/ /var/tmp/pear-build-root/mailparse-2.1.5/modules/
cp ./.libs/mailparse.lai /var/tmp/pear-build-root/mailparse-2.1.5/modules/
PATH="$PATH:/sbin" ldconfig -n /var/tmp/pear-build-root/mailparse-2.1.5/modules
Libraries have been installed in:

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and manual pages.

Build complete.
Don't forget to run 'make test'.

running: make INSTALL_ROOT="/var/tmp/pear-build-root/install-mailparse-2.1.5" install
Installing shared extensions: /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions/no-debug-non-zts-20060613/
running: find "/var/tmp/pear-build-root/install-mailparse-2.1.5" | xargs ls -dils
317095524 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5
317102717 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr
317102720 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local
317102723 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib
317102726 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php
317102729 0 drwxr-xr-x 3 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions
317102732 0 drwxr-xr-x 2 root root 60 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions/no-debug-non-zts-20060613
317102772 156 -rwxr-xr-x 1 root root 150203 Apr 3 21:09 /var/tmp/pear-build-root/install-mailparse-2.1.5/usr/local/lib/php/extensions/no-debug-non-zts-20060613/

Build process completed successfully
Installing '/usr/local/lib/php/extensions/no-debug-non-zts-20060613/'
install ok: channel://
Extension mailparse enabled in php.ini
Step 4:

Revert the changes in /etc/fstab
none /tmp tmpfs nodev,nosuid,noexec
none /var/tmp tmpfs nodev,nosuid,noexec


Step 5: Again restart the VPS from main node

You are done with installation......

Friday, March 22, 2013

T=remote_smtp defer (-53): retry time not reached for any host

chech your logs

cd /var/logs

then  more exim_mailing / grep email

you will get the error ,,,,,,,,,,,,,

then try to use the code below to fix the problem

This can be caused by multiple things, however if it happens for each email, it’s likely your exim databases are corrupt; to resolve this you should:

/usr/sbin/exim_tidydb -t 1d /var/spool/exim retry > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim reject > /dev/null
/usr/sbin/exim_tidydb -t 1d /var/spool/exim wait-remote_smtp > /dev/null

/scripts/courierup — force
/scripts/eximup –force

If you did that, yet the problem persists, you can either seek professional help, or contact the cPanel support.


OR  use below solutions

To solve this issue, you need to

  1. Login to with the account you use with exim4. It will ask you to login a second time with a captcha… do so

  2. login on all of your machine that use this technique and issue the following command :sudo exim -qff



our ISP is likely blocking your connection via port 25:

[19:25:19 ns313489 root@4396451 ~]cPs# telnet 25
telnet: connect to address Connection timed out
[19:34:17 ns313489 root@4396451 ~]cPs# telnet 25

[19:40:18 ns313489 root@4396451 ~]cPs# telnet 25
telnet: connect to address Connection timed out
telnet: connect to address Connection timed out

Whereas, it would normally work as such:

~ » telnet 25
Connected to
Escape character is '^]'. ESMTP Exim 4.82 #2 Fri, 15 Nov 2013 12:33:33 -0600
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
telnet> quit
Connection closed.

~ » telnet 25
Connected to
Escape character is '^]'.
220 Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at Fri, 15 Nov 2013 10:47:53 -0800
telnet> quit
Connection closed.

I would suggest contacting your provider to see if they have any restrictions on port 25.

Sunday, March 10, 2013

How to enable/Disable cPanel webmail interface for a user account or in server.

How to enable/Disable cPanel webmail interface for a user account or in server.

Customer wants to enable only the HORDE webmail interface for his domain and disable the rest. Usually there are three (3) webmail clients (horde, squirrel mail, roundcube). However, I was advised to make sure that a specific customer does not see more than one specified. I enabled “AUTOLOAD” option in the webmail interface but he is not satisfied. He came back asking to allow only HORDE interface for his webmail. How should i do that?

Solution: Consider my domain name is “” and my account name is “hemanth“. Now follow the steps below.
====================This option for that particular user account:
1) SSH to your server
2) Go to “cd /var/cpanel/users/”
3) vi hemanth
4) Paste the following lines

Note: The option 0 is enable and 1 is disable. in above line only HORDE is enabled in the webmail and Roundcube and squirrel  is disabled.

5) Then restart the cpanel service
/etc/init.d/cpanel restart

Now login to your webmail and check for the option.

This will change the server wide for all the domains in the server:
1) Login to your WHM
2) Go to “Server Configuration”
3) Click on “Tweak Settings”
4) Select mail option.
5) Turn off “Round Cube and Squirrel”
6) Save it.====================Redirections

Note: You must replace with your actual domain name in the above examples.

Saturday, December 22, 2012


Conf : /etc/exim.conf - exim main configuration file
/etc/localdomains - list of domains allowed to relay mail
Log : /var/log/exim_mainlog - incoming/outgoing mails are logged here
/var/log/exim_rejectlog - exim rejected mails are reported here
/var/log/exim_paniclog - exim errors are logged here
Mail queue: /var/spool/exim/input
Cpanel script to restart exim - /scripts/restartsrv_exim
Email forwarders and catchall address file - /etc/valiases/
Email filters file - /etc/vfilters/
POP user authentication file - /home/username/etc/domainname/passwd
catchall inbox - /home/username/mail/inbox
POP user inbox - /home/username/mail/domainname/popusername/inbox
POP user spambox - /home/username/mail/domainname/popusername/spam
Program : /usr/sbin/exim (suid - -rwsr-xr-x 1 root root )
Init Script: /etc/rc.d/init.d/exim
force exim up : /scripts/eximup --force
Log file is located at /var/log/exim4/mainlog
Count the number of messages in the queue.

root@localhost# exim -bpc
Listing the messages in the queue (time queued, size, message-id, sender, recipient).

root@localhost# exim -bp
Search the queue for messages from a specific sender.

root@localhost# exiqgrep -f [luser]@domain
Search the queue for messages for a specific recipient/domain.

root@localhost# exiqgrep -r [luser]@domain
Print messages older than the specified number of seconds.

Eg: messages older than 1 hour.
root@localhost# exiqgrep -o 3600 [...]
Print messages younger than the specified number of seconds.

Eg: messages less than an hour old.
root@localhost# exiqgrep -y 3600 [...]
Match the size of a message with a regex. Eg: Messages between 500-599 bytes.

root@localhost# exiqgrep -s '^5..$' [...]
Print just the message-id of the entire queue.

root@localhost# exiqgrep -i
Remove a message from the queue.

root@localhost# exim -Mrm <message-id> [ <message-id> ... ]
Freeze a message.

root@localhost# exim -Mf <message-id> [ <message-id> ... ]
View a message's logs.

root@localhost# exim -Mvl <message-id>

Remove all frozen messages.

root@localhost# exiqgrep -z -i | xargs exim -Mrm

there can be lot of frozen messages in the queue which are not delivered most probabalt spammed messages the script deletes them
exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm
Remove all messages older than five days (86400 * 2 = 172800 seconds).

root@localhost# exiqgrep -o 172800 -i | xargs exim -Mrm
Remove all messages latest five days (86400 * 2 = 172800 seconds).

root@localhost# exiqgrep -y 172800 -i | xargs exim -Mrm
Freeze all queued mail from a given sender.

root@localhost# exiqgrep -i -f | xargs exim -Mf

To remove all messages from the queue, enter:
grep -R -l [SPAM] /var/spool/exim/msglog/*|cut -b26-|xargs exim -Mrm

exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | bash

Command to send all the emails in the mail queue
exim -bpru |awk '{print $3}' | xargs -n 1 -P 40 exim -v -M


Send a test message send "content" | mail -s "subject"

Send a message without "send": echo "body" | mail -s "subject"


Troubleshoot Spamming#########################################

Get details of scripts that are used to send out spam emails :
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i teststats

Script to know the mail count by various accounts
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

The number of mails by a domain
exigrep /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l

1)Issue this command: ps -C exim -fH ewww |grep home, it shows the mails going from the server.
It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.

2)Issue this command: eximstats -ne -nr /var/log/exim_mainlog
It shows top 50 domains using mail server with options.

3)Issue this command: exim -bp | exiqsumm
It shows the main domains receiving and sending mails on the server.

4)Issue this command: netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.

5)In order to find “nobody” spamming, issue the following command
ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}'|sort|uniq -c|grep PWD|sort -n

It will give some result like:
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)

The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n

This will result in something like :
47 cwd=/root
8393 cwd=/home/sample/public_html/test

Count the cwd and if it is a large value check the files in the directory listed in cwd
(Ignore if it is / or /var/spool/mail /var/spool/exim)

Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.
exim -bp
exim -bpr | exiqsumm -c | head
exiqgrep -ir | xargs -n1 exim -Mrm