hypertropin

Find Spammer in Exim

 

  1. Login to your server via SSH as the root user.
  2. Run the following command to pull the most used mailing script’s location from the Exim mail log:grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort | uniq -c | sort -n

     

  3. Knowing the mailer.php script was sending mail into Exim, we can now take a look at our Apache access log to see what IP addresses are accessing this script using the following command:

grep “mailer.php” /home/userna5/access-logs/example.com | awk ‘{print $1}’ | sort -n | uniq -c | sort -n

 

Reference

http://www.inmotionhosting.com/support/email/exim/find-spam-script-location-with-exim

 

Leave a Reply