If you think you might have a spammer, check your /etc/virtual/usage directory for a larger than normal filesize.
Any authenticated sends will show up with this command:

cd /var/log/exim
grep ‘A=login:’ mainlog* | less
which will show all emails sent from your server which used smtp-authentication. This is useful to find any email accounts who’s passwords may have been compromised (guessed), or simply just abusive Users.

——-

cd /var/log/exim
eximstats mainlog > stats.txt
less stats.txt

———

Here are some useful exim commands. They’re useful if you have an overloaded queue and need to clear it out, or find out why the messagse are being piled up.

exim -M id #Try to send the message with id id

exim -qf #Tell exim to process the entire queue again
exim -qff #same as qf, but it will flush the frozen messages

exim -Mvl id #view the message log for message id
exim -Mvh id #view message id’s headers
exim -Mvb id #view message id’s body
exim -Mrm id #remove message id from the queue
exim -Mg id #fail and send a bounce to the sender
exim -bp | exiqsumm #Print summary of the messages in the queue
exiwhat #show what exim is doing right now
exim -bpc #show number of messages in the queue
exim -bp #print list of messages in the queue
The manual way to remove the entire queue is as follows

cd /var/spool
mv exim exim.old
mkdir -p exim/input
mkdir -p exim/msglog
mkdir -p exim/db
chown -R mail:mail exim
Then restart exim.

———-