buy tb500

Archive for September, 2014

Find Spammer in Exim

Tuesday, September 9th, 2014

 

  1. Login to your server via SSH as the root user.
  2. Run the following command to pull the most used mailing script’s location from the Exim mail log:grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort | uniq -c | sort -n

     

  3. Knowing the mailer.php script was sending mail into Exim, we can now take a look at our Apache access log to see what IP addresses are accessing this script using the following command:

grep “mailer.php” /home/userna5/access-logs/example.com | awk ‘{print $1}’ | sort -n | uniq -c | sort -n

 

Reference

http://www.inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim