1. Open exim.conf
pico /etc/exim.conf
2) Find this;
Ctrl + W: hostlist auth_relay_hosts = *
#########################
Runtime configuration file for Exim #
#########################
3) After hostlist auth_relay_hosts = *
add the following
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
4) The final result should look like this
hostlist auth_relay_hosts = *
log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn
#######################################
# Runtime configuration file for Exim #
#######################################
5) Save and restart exim DONE!
ctrl + X then Y
/etc/init.d/exim restart
Now tail your log and watch the show!
tail -f /var/log/exim_mainlog
Nobody spammers?
Will this assist with tracking down "nobody" spammers? I wasn't able to track down the faulty script that was being used for spamming and had to block a /20 in south america to block the offender.
Can i add these entries anytime, or should i only do it when i suspect my server is being used as a source of spam?
spam
This can sometimes help track them down, I also suggest enabling the x-spam headers within WHM. There is a guide over on webhostgear that uses a perl script to track nobody and that also will pick up a lot - but not all - spammers.