Following command will show path to the script being utilized to send mail
—————————
ps -C exim -fH eww
ps -C exim -fH eww | grep home

cd /var/spool/exim/input/
egrep “X-PHP-Script” * -R

Shows number of frozen emails
—————————
exim -bpr | grep frozen | wc -l

To remove FROZEN mails from the server
—————————
exim -bp | exiqgrep -i | xargs exim -Mrm

exim -bp | awk ‘$6~”frozen” {print $3 }’ | xargs exim -Mrm

exiqgrep -z -i | xargs exim –Mrm

Check for spamming if anybody is using php script for sending mail through home
—————————
tail -f /var/log/exim_mainlog | grep home

If anyone is spamming from /tmp
—————————
tail -f /var/log/exim_mainlog | grep /tmp

To display the IP and no of tries done bu the IP to send mail but rejected by the server
—————————
tail -3000 /var/log/exim_mainlog |grep ‘rejected RCPT’ |awk ‘{print$4}’|awk -F[ ‘{print $2} ‘|awk -F] ‘{print $1} ‘|sort | uniq -c | sort -k 1 -nr | head -n 5
—————————

Shows the connections from a certain ip to the SMTP server
—————————
netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1
—————————

To shows the domain name and the no of emails sent by that domain
—————————
exim -bp | exiqsumm | more
—————————

If spamming from outside domain then you can block that domain or email id on the server
—————————
vi /etc/antivirus.exim

if $header_from: contains “name@domain.com”
then
seen finish
endif
—————————

Check mail stats
—————————
exim -bp | exiqsumm | more
—————————

Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
—————————
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n
—————————

Check if any php script is causing the mass mailing with
—————————
cd /var/spool/exim/input

egrep “X-PHP-Script” * -R
—————————
Just cat the ID that you get and you will be able to check which script is here causing problem for you.
To Remove particular email account email
—————————
exim -bpr |grep “ragnarockradio.org”|awk {‘print $3′}|xargs exim -Mrm
—————————