When your cPanel server has an excessively large mail queue due to abuse or spam, clearing it quickly is crucial. This guide provides the fastest and most efficient methods to clear the Exim mail queue and prevent future abuse.
🔍 Step 1: Check the Mail Queue Size
Before clearing the queue, determine how many emails are queued:
exim -bpc📌 This command displays the total number of emails in the queue.
To list the queued emails:
exim -bpTo find the top senders contributing to the queue:
exim -bp | awk '{print $3}' | sort | uniq -c | sort -nr | head -10❌ Step 2: Clear the Mail Queue
⚡ Method 1: Using Exim Commands (Recommended)
To remove all emails from the queue:
exiqgrep -i | xargs exim -Mrm✅ This efficiently clears the entire queue.
If the above command fails due to malformed message IDs, use:
for i in $(exiqgrep -i); do exim -Mrm $i; done✅ This loops through each message ID and removes them individually.
🛠 Method 2: Force-Delete Mail Queue Files
Stop Exim before clearing the queue:
systemctl stop eximThen, delete all queued emails:
rm -rf /var/spool/exim/input/* /var/spool/exim/msglog/*Restart Exim:
systemctl start eximIf errors like "Directory not empty" occur, use:
find /var/spool/exim/input -type f -exec rm -f {} +
find /var/spool/exim/msglog -type f -exec rm -f {} +
find /var/spool/exim/input -mindepth 1 -type d -empty -delete
find /var/spool/exim/msglog -mindepth 1 -type d -empty -deleteIf Exim’s queue is still not clearing, rename and recreate the directory:
mv /var/spool/exim/input /var/spool/exim/input.bak
mkdir -p /var/spool/exim/input
chmod 750 /var/spool/exim/input
chown -R mail:mail /var/spool/exim/input
rm -rf /var/spool/exim/input.bak🔄 Step 3: Restart Exim and Verify the Queue
After clearing, restart Exim:
systemctl start eximCheck if the queue is empty:
exim -bp✅ If no output appears, the mail queue has been successfully cleared! 🎉
🛡 Step 4: Prevent Future Spam and Abuse
To avoid repeated abuse, take the following measures:
📊 1. Limit Outgoing Emails Per Hour
whmapi1 setacctpkg pkgname=default maxemailsperhour=100✅ This restricts bulk email sending.
🔎 2. Scan for Malicious Scripts
grep -Ri "mail(" /home/<username>/public_html/
maldet -a /home/<username>/public_html/✅ Detects unauthorized email-sending scripts.
🏛 3. Enable SMTP Restrictions in WHM
Navigate to WHM > Tweak Settings > SMTP Restrictions and enable it to prevent unauthorized scripts from sending mail.
📑 4. Monitor Email Sending in Logs
To identify compromised email accounts:
grep "A=dovecot_login" /var/log/exim_mainlog | awk '{print $5}' | sort | uniq -c | sort -nr | head -20To check for excessive script-based email sending:
grep "cwd=" /var/log/exim_mainlog | awk -F"cwd=" '{print $2}' | cut -d " " -f1 | sort | uniq -c | sort -nr | head -10🎯 Conclusion
Clearing a massive email queue in cPanel's Exim can be done quickly using these methods. By using the fastest commands, force-deleting the queue, and implementing security measures, you can prevent further spam-related issues and keep your server stable. 🚀
🔹 Regular monitoring, strict email policies, and proactive security scans will help prevent future mail queue overloads!
