A clogged or uncontrolled Exim mail queue is one of the most common crises on shared hosting servers — a single spamming account can generate tens of thousands of queued messages, hammering server resources and causing legitimate email delivery to fail for every other client. This guide covers everything a server administrator needs to clear and manage the WHM Exim mail queue — from diagnosing the backlog to removing spam, suspending abusive accounts, and setting up proactive queue limits.
Understanding the Exim Mail Queue in WHM/cPanel
Exim is the mail transfer agent (MTA) used by cPanel/WHM servers. Every email that passes through the server — inbound, outbound, or local — moves through the Exim queue. Messages stay in the queue until they are:
- Successfully delivered (removed automatically)
- Deferred — delivery failed temporarily, will retry on a schedule
- Bounced — permanent delivery failure, returned to sender
- Frozen — Exim has stopped retrying (usually spam or malformed messages)
A healthy server queue should contain tens to low hundreds of messages at most. If you see thousands or tens of thousands, you almost certainly have a spam outbreak or a misconfigured script sending bulk mail.
💡 None of these worked? Skip the guesswork.
Get Expert Help →Step 1 — Check the Current Queue Size and Status
Log in to WHM and navigate to Email → Mail Queue Manager. This shows all queued messages with sender, recipient, size, and status. For large queues (10,000+ messages) the WHM interface becomes slow — use the command line instead.
# Total messages in queue
exim -bpc
# Detailed queue listing (shows message IDs, sender, recipient, time)
exim -bp | head -50
# Queue summary by sender domain
exim -bp | exiqsumm | sort -rn | head -20# Count frozen messages
exim -bp | grep frozen | wc -l
# List frozen message IDs
exim -bp | grep frozen | awk '{print $3}'# Top senders by message count
exim -bp | grep "<" | awk '{print $4}' | sort | uniq -c | sort -rn | head -20
# Alternative: use exiqsumm for sender domain breakdown
exim -bp | exiqsumm# Check Exim's main log for script paths
grep "cwd=" /var/log/exim_mainlog | grep -v "cwd=/var/spool" | awk -F'cwd=' '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -rn | head -20This reveals exactly which PHP script or application is generating the mail. Common culprits: contact forms without CAPTCHA, compromised WordPress plugins, or scripts with hardcoded mail loops.
# Find which cPanel user owns a suspicious directory
stat /home/username/public_html/wp-content/plugins/badplugin/mailer.php
# Or search all accounts for recently modified PHP files
find /home/*/public_html -name "*.php" -newer /tmp/reference_time -ls 2>/dev/null | head -20Go to WHM → Tweak Settings → Mail and configure:
- Max hourly email by domain: 200–500 (depending on your client base)
- Maximum percentage of failed or deferred messages a domain may send per hour: 20%
- Enable Send a notification to the account owner when limits are reached
Edit /etc/exim.conf.local (or via WHM → Exim Configuration Manager → Advanced Editor):
# Add to the main configuration section:
queue_run_max = 5 # max simultaneous queue runners
smtp_accept_max = 20 # max concurrent SMTP connections
queue_only_load = 8 # defer new messages if server load exceeds 8Step 8 — Monitor the Queue Proactively
# Set up a cron job to alert if queue exceeds 500 messages
# Add to root's crontab: crontab -e
*/15 * * * * QUEUE=$(exim -bpc); if [ "$QUEUE" -gt 500 ]; then echo "Queue: $QUEUE" | mail -s "ALERT: Exim queue spike on $(hostname)" admin@yourdomain.com; fi
# WHM also has built-in notifications — set under:
# WHM → Server Contacts → Notification Preferences → Mail Queue SizeStaying ahead of Exim queue issues is a core part of running shared hosting infrastructure. For hosting companies managing multiple cPanel/WHM servers, a centralised queue monitoring setup — alerting you the moment any server's queue spikes — can prevent a 10-minute spam incident from turning into hours of blacklist recovery. CloudHouse Technologies provides 24/7 cPanel/WHM server management including proactive mail queue monitoring, spam account isolation, and deliverability recovery.