In this short article, I will be sharing some useful commands I have come to use over the years with cPanel/WHM servers. These commands are especially useful if you are planning to monitor email queues and ensure that no one is compromised and/or isn’t spamming.

Viewing the number of emails

To view the number of emails in the queue, run this command:

exim -bpc

To view all the emails (this is useful for the next few sections), run these commands:

exim -bp
exim -bp | exiqsumm

Checking emails (e.g. login failures, for spamming content, etc.)

The best way to find out if an account is secure and to also identify if the password has been changed is to refer to these commands:

grep [email protected] /var/log/maillog | grep fail

This will filter through the “/var/log/maillog” to see if there are any failures. This is also useful for checking to see if the customer is using the correct credentials.

Removing emails from the queues

If you have identified the source of the spamming account/domain, you can then use the following commands to clear out the emails.

exiqgrep -i -f EMAIL_ACCOUNT | xargs exim -Mrm
exiqgrep -i -r EMAIL_ACCOUNT | xargs exim -Mrm

The -f flag indicates the “from” address and the -r flag indicates the “recipient” address.

Pushing/releasing frozen/queued up emails

First clear out the spam (i.e. identify the spam, if any, and suspend/inform + remove emails from the queue).

Once done, the best way to get this going is to SSH into the server and create a screen so you can run the EXIM email release command in the background. Here is what it will look like:

ssh my.server.tld -4
screen -S exim
exim -qf -v

Then you can exit the screen (CTRL+A,D) and let it do its magic.

These commands have helped me in my cPanel/WHM system administration tasks and I hope it helps you too. 🙂