The Exim mail server has a lot of options/commands to find out the details of spammers easily from the command line.
Here is a script/piped command to find the spam mailing script’s location/folder in the server. It would be more helpful for us to identify the spam mail-sending script and we can nullify it quickly to stop spamming activity.
Steps to find the spam mailing script location?
Step 1: SSH to your server as root user.
Step 2: Execute the command pasted below:
grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" '{print $2}'|awk '{print $1}'|sort|uniq -c|sort -n
The results could look like the ones below:
grep cwd /var/log/exim_mainlog|grep -v /var/spool|awk -F"cwd=" ‘{print $2}’|awk ‘{print $1}’|sort|uniq -c|sort -n
………..
………..
370 /home/$USER1/public_html
386 /home/$USER2/public_html
415 /home/$USER3/public_html
470 /home/$USER4/public_html
620 /root
1409 /home/$USER5/public_html/link
6340 /home/$USER6/public_html
63898 /etc/csf