How to Fix cPanel/WHM Exim Frozen Emails in the Mail Queue

Priya

Content Writer & Researcher

Last Updated: 20 June 2026

How to Fix cPanel/WHM Exim Frozen Emails in the Mail Queue

🖥️

Is Your cPanel Mail Queue Frozen and Full? Let Us Fix It

Frozen Exim queues point to deeper issues — compromised accounts, spam scripts, or misconfigured routing. CloudHouse's server management team will diagnose and clean your mail queue before it affects your clients. Get expert help today.

🔧 Book Free Diagnosis Call Now WhatsApp

🖥️12,400+PCs Fixed

⭐4.9★Google Rating

⚡<15 minAvg. Response

🛡️ISO 27001Certified

If you manage a cPanel/WHM server, you've likely seen this scenario: email is not sending, users are complaining, and when you check the mail queue, it's full of messages marked as frozen. Exim freezes emails when it cannot deliver a message after repeated attempts — but unlike a normal defer, frozen messages sit permanently in the queue, consuming disk space and confusing your clients. This guide walks you through diagnosing and fixing frozen Exim emails step by step.

Why Does Exim Freeze Emails?

Exim marks a message as frozen when it encounters a permanent error during delivery — usually after a bounce reply itself fails to deliver. Common causes include:

Backscatter / Double-bounce: A spam message forged your domain as the sender. When Exim tried to bounce it, the bounce itself failed, so the message is frozen.
Compromised email account: A hacked account sent thousands of spam messages that are now clogging the queue.
Invalid recipient addresses: Bulk-sent messages to non-existent addresses that permanently failed.
PHP script abuse: A poorly coded or malicious script on a hosted account injected mail directly via the sendmail binary.
Exim misconfiguration: Routing rules or filters that cause a loop or dead-end for certain message types.

💡 None of these worked? Skip the guesswork.

Get Expert Help →

Step 1: Check the Size and Health of the Mail Queue

Before taking any action, understand the scope of the problem. Log in to your server via SSH as root.

1Count total messages in the queue

exim -bpc

If this returns thousands of messages, something is actively generating mail.

2List the queue with status

exim -bp | head -50

Look for the word frozen next to message entries.

3Count only frozen messages

exim -bp | grep -c frozen

This tells you how many frozen messages you're dealing with specifically.

4Find top senders by volume

exim -bp | awk '{print $4}' | sort | uniq -c | sort -rn | head -20

This shows you which email addresses are sending the most messages. A single address sending hundreds of messages is a red flag.

5Check for PHP-generated mail (script abuse)

grep "cwd=" /var/log/exim_mainlog | grep -v "cwd=/var/spool" | awk -F"cwd=" '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -rn | head -20

The cwd= field shows the working directory of the process that injected the mail. If it points to a website's directory (e.g., /home/username/public_html), a PHP script is the culprit.

6Find the specific PHP file responsible

grep "cwd=/home/username/public_html" /var/log/exim_mainlog | grep "php" | tail -20

Replace username with the account name found above.

7Suspend via WHM GUI: Go to WHM > Account Functions > Manage Account Suspension, select the account, and click Suspend.

8. Or suspend via command line

/scripts/suspendacct username "Sending spam — investigating"

After suspending, change the email account password immediately and scan for malicious scripts.

9Remove all frozen messages via command line

exim -bp | grep frozen | awk '{print $3}' | xargs exim -Mrm

This pipes the message IDs of frozen messages directly to exim -Mrm which removes them.

10Alternative: Use WHM Mail Queue Manager

In WHM, search for Mail Queue Manager in the left nav. You can filter by status (Frozen), select all, and click Delete.

11Verify the queue is cleared

exim -bpc

The count should drop significantly. Run exim -bp | grep -c frozen to confirm frozen messages are gone.

12In WHM, go to Exim Configuration Manager > Advanced Editor

Find or add the timeout_frozen_after setting. A value like 7d (7 days) tells Exim to automatically remove messages that have been frozen for more than 7 days:

timeout_frozen_after = 7d

Save and restart Exim:

service exim restart

13Enable DKIM and SPF in cPanel:

Log in to the affected cPanel account. Navigate to Email > Email Deliverability. Click Repair if any records are invalid, or click on the domain to enable DKIM/SPF records in DNS.

14Add a DMARC record in cPanel > Zone Editor:

_dmarc.yourdomain.com TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@yourdomain.com"

The p=quarantine policy tells receiving mail servers to treat failed messages with suspicion, reducing backscatter from forged senders.

Step 7: Monitor the Queue Going Forward

After clearing the frozen queue, set up monitoring to catch issues early:

Check the queue count regularly: exim -bpc

Set WHM Mail Troubleshooter alerts for queue thresholds

Review /var/log/exim_mainlog daily for unusual patterns

Consider installing a managed server management service that monitors and clears Exim queues proactively

FAQs

Conclusion

Frozen emails in cPanel/WHM Exim queues are usually a symptom of a deeper issue — spam injection, backscatter, or a compromised account. The key is to diagnose the source first, then clear the frozen messages, and finally configure Exim and email authentication to prevent recurrence. With the steps above, your mail queue should be clean and healthy within minutes.

Get the Free Linux Server Admin Cheatsheet (PDF)

Essential commands for server management, networking, and troubleshooting — all on one printable page.

Running Linux servers? Let us manage them for you.

Our Managed Linux Server plans cover updates, security hardening, monitoring, and 24/7 incident response — so your servers stay up and your team stays focused.

Proactive OS patching and security updates
24×7 monitoring with instant alerting
Backup configuration and disaster recovery
Dedicated Linux engineers on call

See Pricing Plans →

What our customers say

“Our production server went down at 2 AM. CloudHouse had it back online in under 20 minutes. Incredible response time.”

Arun S.

CTO, SaaS Startup

“They migrated our entire infrastructure from Ubuntu 18 to 22 with zero downtime. Couldn't have asked for better.”

Deepak N.

DevOps Lead

Frequently Asked Questions

Exim freezes a message when a delivery failure occurs and the bounce reply also fails to send. This is common with backscatter spam (where spammers forge your domain), compromised accounts, or emails sent to invalid addresses. The message stays frozen instead of being retried or bounced.

Book your free 15-minute diagnosis

A certified technician will call you back within 15 minutes during business hours.

Share this article

Comments (0)

Loading comments...